South Korea Still Paying The Price For Embracing Internet Explorer A Decade Ago

from the no-escape dept

The problems of monopolies arising through network effects, and the negative effects of the lock-in that results, are familiar enough. But it’s rare to come across an entire nation suffering the consequences of both quite so clearly as South Korea, which finds itself in this situation thanks to a really unfortunate decision made by its government some years back:

At the end of the 1990s, Korea developed its own encryption technology, SEED, with the aim of securing e-commerce. Users must supply a digital certificate, protected by a personal password, for any online transaction in order to prove their identity. For Web sites to be able to verify the certificates, the technology requires users to install a Microsoft ActiveX plug-in.

The trouble is ActiveX is only supported on one platform: Microsoft Windows. As a result, when the South Korean government made the technology mandatory for online e-commerce, the entire South Korean Internet sector become enslaved to Internet Explorer:

It forced consumers to use Internet Explorer because it was the only browser ActiveX plug-ins were compatible with. By default, Web developers optimized not only banking and shopping Web sites for Internet Explorer, but all Web sites. For developers, this just seemed logical.

The result has been a decade-long monopoly in the Korean market, where virtually all Korean Web sites are optimized for Internet Explorer.

Eventually, the South Korean government noticed that it was totally out of step with the rest of the world in effectively forbidding important alternative technologies like iPhones or Android, and took steps to remedy the situation:

A bylaw was created that said government Web sites must accommodate at least three different Web browsers and in 2010 they withdrew the mandate governing the use of ActiveX plug-ins.

But there was a catch.

If a company wants to stop using ActiveX plug-ins, it has to use an alternative technology that offers the same level of insurance. To get approval to use such a technology, they have to get approval from a government appraisal committee. The committee was formed over a year ago and has yet to make a single approval.

So even though the possibility of using something other than ActiveX is there, in practice there are simply no other options for secure transactions. A choice taken a decade ago to standardize on one technology has locked an entire nation into that platform, and it’s proving extremely hard to escape.

And it’s not just the local coders that are suffering: businesses, too, are hamstrung when it comes to innovation. As Kim Kee-chang, founder of the OpenWeb organization dedicated to expanding Web accessibility in Korea, explained:

“If people are thinking of opening up some service ultimately connected to payment they really have no chance in Korea,” Kim said. “They are stuck in the payment stage and even if they could make it in Korea, they’d have little hope in an international market.”

It’s a classic lock-in due to network effects, aided and abetted by a thoughtless government decision all those years ago. As South Korea falls further and further behind in this regard, trapped in its fossilized world of ActiveX, it may well come to be seen as warning to other governments to adopt true open standards, if they want to avoid a similar fate.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: , , ,
Companies: microsoft

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “South Korea Still Paying The Price For Embracing Internet Explorer A Decade Ago”

Subscribe: RSS Leave a comment
60 Comments
Drew says:

Re: Why?

When South Korea developed SEED, SSL support in browsers was limited to 40-bit keys due to lingering effects of the U.S. government’s policy of classifying strong encryption as a munition subject to strict export control.
So in an effort to move ahead technologically, South Korea developed their own standard with support for larger keys. To get support into the browsers, they produced an ActiveX control for IE and a plugin for Netscape. Then Netscape died out, and over time the banking and e-commerce have locked themselves into IE-only development.
More information dated a few years ago: http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095

TtfnJohn (profile) says:

Re: Re: Re: Re:

Sorry but what’s happened is nothing close to socialism. It’s typical bureaucratic stupidity but in no way socialist.

As it is it’s hard to define South Korea’s economy as capitalist in any sense Ayn Rand would approve of. Nor is it socialism in any sense than a Swede would understand it. It closely models the Japanese economy which is dominated by immense companies such as Hitachi, Sony etc rather than what we’re familiar with in Europe or North America or Australia and New Zealand. Perhaps inwardly mercantile might describe it best.

Pwdrskir (profile) says:

Re: Re: Capitalism vs Central Planning

Capitalism fosters competition, bringing about choice and lower prices. Govt hates when people can choose.

Govt & Socialism foster monopolies, bringing about lack of choice and higher prices. Central Planning always has unintended consequences, as stated above.

Capitalism replaces that which does not work with something that will, See S&L Crisis for real Capitalism. http://www.fdic.gov/bank/historical/s&l/

Pwdrskir (profile) says:

Re: Re: Re:2 Capitalism vs Central Planning

Unregulated capitalism accomplishes the opposite.(of competition) ?the free market can only exist in the long-term through appropriate and sensible regulation.

Really, a ?Free? market can only exist by being regulated?? Do you see the irony of your statement?

Govt getting it wrong by setting ?appropriate and sensible regulation? is the point of this post. S Korea destroyed competition for IE with regulation, currently making things worse than if the unregulated market had been embraced. I can?t understand how you can think a bunch of bought off bureaucrats are more incentivized to “get it right” than the likes of Steve Jobs and those with Billions at risk. The numerous TechDirt posts about the current regulatory assault by Govt on the ?Free? Internet (SOPA, ACTA, TPP, CISPA) should be example enough. Regulations limit choice and destroy wealth, thus destroying freedom.

I know that Steve Jobs could have done more with $1B than any of those idiots in DC could have done with $100B.

PaulT (profile) says:

Re: Re: Re:3 Capitalism vs Central Planning

“Really, a ?Free? market can only exist by being regulated?”

Yes, because unfair business practices, monopolies, collusion, price fixing, price gouging, vendor lockouts, rip-offs, deception, even dangerous products, etc. occur when it’s not correctly regulated.

“Govt getting it wrong by setting ?appropriate and sensible regulation? is the point of this post.”

No, government not understanding the consequences of their actions, and handing complete control over an important market to a single company, is the point of this post. It was neither appropriate nor sensible. Just as anyone familiar with the technology at the time could have warned them (and probably did, but were ignored). Demanding a standard set of security options with a specific set of parameters was the right thing to do. Specifying the exact technology, especially one using a platform locked into a single vendor, was the mistake here, not the fact that regulation took place.

“I know that Steve Jobs could have done more with $1B than any of those idiots in DC could have done with $100B.”

Yes and no. On the technical side, maybe, but if his actions weren’t kept in check, I suspect he would have been happy to create a defacto Apple monopoly.

Pwdrskir (profile) says:

Re: Re: Re:4 Capitalism vs Central Planning

Irony at its best. ?unfair business practices, monopolies, collusion, price fixing, price gouging, vendor lockouts, rip-offs, deception, even dangerous products, etc…

All these can be attributable to Govt regulations more so than Capitalism. Govt IS the monopoly, price fixing, price gouging, vender lockout, (money wasting) rip-off, deceptive, collusive, killer drug approving, unfair business practice MACHINE of all time.

?government not understanding the consequences of their actions, and handing complete control over an important market to a single company, is the point of this post.

That?s exactly what I said. The unintended consequences of regulation caused S Korea to shoot itself in the foot. I was sarcastically pointing out that setting, what always looks like ?appropriate and sensible regulation? at the time, has caused more damage to the world than Capitalism ever could. The disastrous regulations of N Korea, Cuba, the Soviet Block & China have killed 100?s of millions more than Capitalism.

veggiedude says:

Re: Re: Re:4 Capitalism vs Central Planning

To create an Apple monopoly, the first step is to license your OS to third party vendors. Apple has never done such a thing in their history. But Google has. The second step is to use your leverage against those third parties who won’t have a chance to say no, because their devices are beholden to your OS.

Mike42 (profile) says:

ActiveX is alive and still sucks...

Sorry to break this to everyone, but .NET did not replace ActiveX. You see, Windows Server 2003 was supposed to be .NET Server. But the OS group really likes the Common Object Model (COM), and ActiveX is the brand name for COM in a browser.
The rumor that I heard is, the OS guys stalled the swapout of COM pieces until it was too late to release, which ticked off the marketing and management guys. So management decided to combine the OS and .NET groups in order to get the technology upgrade. But they left the management structure in place, and that left the OS guys in the senior position. So now .NET has a whole lot of new COM features, and .NET server looks like pie in the sky.
Just a rumor, of course.

Mike Linksvayer (profile) says:

it gets even better...

Via the Wikipeida article on SEED, someone wrote about the resulting monoculture 5 years ago http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s

Why was SEED developed in the first place?

South Korean legislation did not allow 40 bit encryption for online transactions (and Bill Clinton did not allow for the export of 128 bit encryption until December 1999) and the demand for 128 bit encryption was so great that the South Korean government funded (via the Korean Information Security Agency) a block cipher called SEED.

Those export controls keep biting.

aikiwolfie (profile) says:

The Internet Is Made Of Tubes!

This article should terrify the rest of the world. We’ve had public access to the Internet since the early 1990s and our politicians still don’t get it. But they insist on making laws governing it’s use.

Wasn’t it an American politician who said something like “the Internet is made of tubes, stuff goes through the tubes and the tubes get clogged up”?

So what’s clogging up the tubes?

Anonymous Coward says:

That's not the only cost

Running IE (one of the worst, if not the worst generally available web browser) on Windows (clearly the most insecure general-purpose OS platform) is insanely stupid. Anyone doing so should be hit across the face with a cement truck. Yet not only has South Korea mandated this, there are hundreds of thousands of government agencies, corporations, non-profits, and even universities which have done the same: they’ve mandated it.

They like to pretend that their pitiful anti-virus and anti-malware and anti-intrusion and anti-whatever will save them from the consequences — but they’re wrong, and fresh proof of how wrong they are arrives at the perimeters of every network thousands of times an hour.

So before anyone gets too smug about how badly South Korea has shot itself in the foot here — what’s YOUR organization running?

Anonymoose Custard (profile) says:

Re: Re:

Nothing.

The problem was that while Windows was the most-deployed OS in the country at the time, US Government export controls on encryption standards prevented anything with stronger than 40-bit encryption from being allowed to enter their country.

They came up with SEED because they needed strong crypto. The fact that the AtiveX control is the only way to use it is an artifact of that effort. They essentially had no choice at the time.

SEED is so old now that it’s probably exceptionally difficult to port it to current browsers that support NPAPI or Pepper, both of which differ subtly from the original API SEED was developed against for Netscape browsers.

If you’re going to blame someone, blame the US Gov’t.

TtfnJohn (profile) says:

Re: Re: Re: Re:

The simplest solution at the time was to simply ignore the stupidity of the export controls as writing 128 bit encryption software at the time wasn’t all that difficult for practitioners in the field to do.

The other solution was to just sit back and ignore it. I had no trouble downloading the 128 bit encryption software from out side of the United States and I doubt many others did. It’s all very well and good for the US to ban export of these kinds of technology but the reality is that once it was released “into the wild” it was around the planet in seconds.

The other bit of madness was to write an ActiveX control so that a browser, well IE, could access sites secured by SEED. Given that of all MS Internet technology perhaps only Outlook Express has more holes in it than ActiveX does. if the desire was for a secure transaction then using just about anything including two tin cans and a string would have been better than ActiveX. At least a pair of tin cans and a string are harder to use as attack vectors than ActiveX is.

OK, so now you have South Korea, a country wanting to be knows for it’s technology prowess and abilities that’s a Windows monoculture by design. At least the design of one government department.

The problem in the smart phone era is that Windows on smart phones is so rare as to be nearly invisible. Korea always had a choice. the picked one a 12 year old script kiddie could have come up with between sips of some energy drink and bites of the lastest designer sandwiches from 7-11.

In fairness to MS, well a little fairness, the bureaucrats who made the decision(s) that brought South Korea here probably know as much about encrytion as they do about the Internet, Web and how their computers work. They understand the On/Off switch.

Korean says:

And that's why Korean internet sucks so much.

I’m a Korean-American, so I know this retarded system first hand. If you want to do any internet banking, you have to install at least 4-6 “security programs” that purport to encrypt your key entry, protect your computer from virus, and some other things. Then, check this out. You go to another bank’s website to do internet banking, and you have to go through the same exact process again even though you already have the same exact programs from the same exact company because each software is “tailored” for each bank. So if you have multiple bank accounts, you end up installing dozens of unnecessary programs on your computer that starts every time you boot your computer by default.

And guess what happens when you have dozens of “pseudo-security” programs getting installed. You get all these myriads of problems. Sometimes, these programs do not even get installed due to the UAC settings in the recent Windows.

Now because of this backward standard, the majority of the Korean websites use Active X. Don’t even try to use FF or Chrome for the Korean websites. The IE extensions are useless.

What’s so ironic about this situation is that the IT “security” standard itself in Korea is very low. If you look at the major corporation or the government agency’s security system, you’ll be in shock. No wonder, one of the major banks in Korea (which is owned by the state) called Nong Hyup had a major hacking crisis last year.

Korean government seriously need to come up with an alternative method FAST, or else, the so-called IT Nation will collapse under the archaic standard.

Mr Big Content says:

Proof Of The Quality Of Microsoft Software

So, to recap, the South Koreans where doing great, until they decided to abandon there loyalty to Microsoft. That’s when there problems started. This just goes to show the dangers of so-called “open” standards. It’s a Wild West out there, with all this HTML and CSS and HTTP and Java stuff. If they’d stayed with proven Microsoft technologies, they would still be doing just fine.

gkanai (profile) says:

As the writer of the blog post in 2007 that exposed this defacto monopoly,

http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095

I’m very sad to see that basically nothing has changed since 2007.

One new effort that is getting off the ground is the WebCrypto work in the W3C that is an effort to provide a JavaScript-based cryptography in the browser. This could potentially allow S. Korea to move away from Active-X plugins but would require significant changes to their existing laws.

http://www.w3.org/2012/webcrypto/

https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest

It has been 5+ years since I first reported on this issue and we’ve seen little change in desktop browser market-share. I’m not holding my breath, unfortunately.

Ky says:

It is worse than the blog post puts it

I currently live in South Korea, and I have been here since 2004. This crypto nonsensse applies not only to banks, but also online shopping malls, and god forbid, government websites. Yes, imagine Amazon forcing its plugins down your throat. It is bad enough that when I learned about the existence of VMWare back in 05 or so, I immediately purchased a copy JUST so I could have a separate system for all those nonsensical plugins.

Here’s a story that took place just yesterday. I lost my phone, and as part of having to register for a replacement thanks to an insurance program, I had to file a lost item report with the police, and then send a copy of the report. However, as I filed the report online, I had to retrieve a copy and print it so I could fax it in. It took me almost ten minutes…TEN MINUTES…to print what was essentially a custom PDF file because of all the ActiveX controls I had to install on the PC I was using at the time.

ActiveX is annoying enough that people who have iPhones here just use their phones to conduct banking businesses so they don’t have to deal with the mess. In a way, it is thanks to Apple and the iPhone that Korea is seeing something of a retreat from ActiveX usage and some banks are implementing what they call an “open banking” system. HA! A couple of banks here make you download a custom app if you are using OS X or Linux, while yet another bank forces you to install a “security plugin” if you are using Firefox or Chrome.

Yes, we have better infrastructure, but what good is the infrastructure if using the damn thing is annoying?

BobCov says:

The obvious question

Of all the comments here at the moment I write my own, only one even slightly addresses what seems to me to be a part of the story that is missing:

What is the rate of online fraud via Internet in South Korea and how do they rank against other countries in the world? In other words, did the security steps work?

There’s a lot of screaming about big government and how nasty Microsoft is and all of that, but at the end of the day, did this scheme actually achieve the intended result or only the unintended colossal screw-up result?

I think I would prefer running a VM to handle that messed up system and get a very low rate of fraud than to not have ever had SEED in the first place. At least their hearts were in the right place. Did anybody else even try to mandate security, even the right kind? Doesn’t seem like it.

JKR says:

Sad status

I’ve had a chance to speak to Biology PhD students at KAIST in 2010. Guess what? They had no idea what the other browsers were for, and what kind of bind Korea is in with regards to activeX. As for my bashing SEED? The students thought I was just another pro-western demagogue. Their reply was: “So you are not a patriot?”

So sad. This is state of South Korean youth. Clueless and idiotic.

cryptoman (user link) says:

bitconnect news

BitConnect Coin(BCC) 채광 새로운 BitConnect 코인이 생성되는 프로세스입니다. BitConnect 동전은 다음과 함께 채굴 할 수 있습니다. CPU/GPU Bitcoin처럼 ASIC 광부가 필요하지 않습니다.

다음과 같이 BitConnect 코인을 채굴 할 수있는 두 가지 방법이 있습니다.

1. 솔로 마이닝 BitConnect 코인(BCC)

Setup guide 광산 작업 증명 (PoW) 차단.

more: http://www.bitinsider.info
http://www.bitconnect.co

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
09:00 Awesome Stuff: Monitor Everything (5)
09:00 Awesome Stuff: Cool Components (1)
12:42 Tech Companies Ask European Commission Not To Wreck The Internet -- And You Can Too (4)
09:00 Awesome Stuff: Play & Listen (1)
09:00 Awesome Stuff: Beyond Chiptunes (12)
09:00 Awesome Stuff: Updated Classics (3)
09:00 Awesome Stuff: Celebrating Cities (1)
09:00 Awesome Stuff: Crafts Of All Kinds (5)
09:00 Awesome Stuff: One Great Knob (13)
09:00 Awesome Stuff: Simple Geeky Toys (2)
09:00 Awesome Stuff: Gadgets For The New Year (18)
09:00 Awesome Stuff: A Post-Holiday Grab Bag (0)
13:34 How Private-Sector Innovation Can Help Those Most In Need (21)
09:00 Awesome Stuff: Towards The Future Of Drones (17)
09:00 Awesome Stuff: Artisanal Handheld Games (5)
09:00 Awesome Stuff: A New Approach To Smartphone VR (5)
09:00 Awesome Stuff: Let's Bore The Censors (37)
09:00 Awesome Stuff: Open Source For Your Brain (2)
09:00 Awesome Stuff: The Final Piece Of The VR Puzzle? (6)
09:00 Awesome Stuff: The Internet... Who Needs It? (15)
09:00 Awesome Stuff: The Light Non-Switch (18)
09:00 Awesome Stuff: 3D Printing And Way, Way More (7)
13:00 Techdirt Reading List: Learning By Doing (5)
12:43 The Stagnation Of eBooks Due To Closed Platforms And DRM (89)
09:00 Awesome Stuff: A Modular Phone For Makers (5)
09:00 Awesome Stuff: Everything On One Display (4)
09:00 Awesome Stuff: Everything Is Still A Remix (13)
09:00 Awesome Stuff: Great Desk Toy, Or Greatest Desk Toy? (6)
09:00 Awesome Stuff: Sleep Hacking (12)
09:00 Awesome Stuff: A Voice-Operated Household Assistant (19)
More arrow