(5 ILCS 175/10-135)
    Sec. 10-135. Secretary of State authority to certify security procedures.
    (a) A security procedure may be certified by the Secretary of State, as a qualified security procedure for purposes of Sections 10-105 or 10-110, following an appropriate investigation or review, if:
        (1) the security procedure (including any technology
    
and algorithms it employs) is completely open and fully disclosed to the public, and has been so for a sufficient length of time, so as to facilitate a comprehensive review and evaluation of its suitability for the intended purpose by the applicable information security or scientific community; and
        (2) the security procedure (including any technology
    
and algorithms it employs) has been generally accepted in the applicable information security or scientific community as being capable of satisfying the requirements of Section 10-105 or 10-110, as applicable, in a trustworthy manner.
    (b) In making a determination regarding whether the security procedure (including any technology and algorithms it employs) has been generally accepted in the applicable information security or scientific community, the Secretary of State shall consider the opinion of independent experts in the applicable field and the published findings of such community, including applicable standards organizations such as the American National Standards Institute (ANSI), International Standards Organization (ISO), International Telecommunications Union (ITU), and the National Institute of Standards and Technology (NIST).
    (c) Such certification shall be done through the adoption of rules in accordance with the provisions of the Illinois Administrative Procedure Act and shall specify a full and complete identification of the security procedure, including requirements as to how it is to be implemented, if appropriate.
    (d) The Secretary of State may also decertify a security procedure as a qualified security procedure for purposes of Sections 10-105 or 10-110 following an appropriate investigation or review and the adoption of rules in accordance with the provisions of the Illinois Administrative Procedure Act if subsequent developments establish that the security procedure is no longer sufficiently trustworthy or reliable for its intended purpose, or for any other reason no longer meets the requirements for certification.
    (e) The Secretary of State shall have exclusive authority to certify security procedures under this Section.
(Source: P.A. 90-759, eff. 7-1-99.)