South Korea Still Paying The Price For Embracing Internet Explorer A Decade Ago
from the no-escape dept
The problems of monopolies arising through network effects, and the negative effects of the lock-in that results, are familiar enough. But it's rare to come across an entire nation suffering the consequences of both quite so clearly as South Korea, which finds itself in this situation thanks to a really unfortunate decision made by its government some years back:
At the end of the 1990s, Korea developed its own encryption technology, SEED, with the aim of securing e-commerce. Users must supply a digital certificate, protected by a personal password, for any online transaction in order to prove their identity. For Web sites to be able to verify the certificates, the technology requires users to install a Microsoft ActiveX plug-in.
The trouble is ActiveX is only supported on one platform: Microsoft Windows. As a result, when the South Korean government made the technology mandatory for online e-commerce, the entire South Korean Internet sector become enslaved to Internet Explorer:
It forced consumers to use Internet Explorer because it was the only browser ActiveX plug-ins were compatible with. By default, Web developers optimized not only banking and shopping Web sites for Internet Explorer, but all Web sites. For developers, this just seemed logical.
The result has been a decade-long monopoly in the Korean market, where virtually all Korean Web sites are optimized for Internet Explorer.
Eventually, the South Korean government noticed that it was totally out of step with the rest of the world in effectively forbidding important alternative technologies like iPhones or Android, and took steps to remedy the situation:
A bylaw was created that said government Web sites must accommodate at least three different Web browsers and in 2010 they withdrew the mandate governing the use of ActiveX plug-ins.
So even though the possibility of using something other than ActiveX is there, in practice there are simply no other options for secure transactions. A choice taken a decade ago to standardize on one technology has locked an entire nation into that platform, and it's proving extremely hard to escape.
But there was a catch.
If a company wants to stop using ActiveX plug-ins, it has to use an alternative technology that offers the same level of insurance. To get approval to use such a technology, they have to get approval from a government appraisal committee. The committee was formed over a year ago and has yet to make a single approval.
And it's not just the local coders that are suffering: businesses, too, are hamstrung when it comes to innovation. As Kim Kee-chang, founder of the OpenWeb organization dedicated to expanding Web accessibility in Korea, explained:
"If people are thinking of opening up some service ultimately connected to payment they really have no chance in Korea," Kim said. "They are stuck in the payment stage and even if they could make it in Korea, they'd have little hope in an international market."
It's a classic lock-in due to network effects, aided and abetted by a thoughtless government decision all those years ago. As South Korea falls further and further behind in this regard, trapped in its fossilized world of ActiveX, it may well come to be seen as warning to other governments to adopt true open standards, if they want to avoid a similar fate.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: activex, internet explorer, south korea, windows
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
Is it so wrong...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Why?
Isn't this kind of thing better left to the private sector? Does anyone know why the government stepped in?
[ link to this | view in chronology ]
Re: Why?
[ link to this | view in chronology ]
Re: Re: Why?
[ link to this | view in chronology ]
Re: Re: Why?
I couldn't agree more.
[ link to this | view in chronology ]
Re: Re: Why?
[ link to this | view in chronology ]
Re: Why?
So in an effort to move ahead technologically, South Korea developed their own standard with support for larger keys. To get support into the browsers, they produced an ActiveX control for IE and a plugin for Netscape. Then Netscape died out, and over time the banking and e-commerce have locked themselves into IE-only development.
More information dated a few years ago: http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095
[ link to this | view in chronology ]
Re: Re: Why?
[ link to this | view in chronology ]
Re: Why?
[ link to this | view in chronology ]
Re: Why?
Sure, if you don't want a single standard.
Also, assuming that laws and standards should be left to a Ayn Randian "free market," sorry, "private sector" is pretty naive -- and a recipe for disaster.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
As it is it's hard to define South Korea's economy as capitalist in any sense Ayn Rand would approve of. Nor is it socialism in any sense than a Swede would understand it. It closely models the Japanese economy which is dominated by immense companies such as Hitachi, Sony etc rather than what we're familiar with in Europe or North America or Australia and New Zealand. Perhaps inwardly mercantile might describe it best.
[ link to this | view in chronology ]
Capitalism vs Central Planning
Govt & Socialism foster monopolies, bringing about lack of choice and higher prices. Central Planning always has unintended consequences, as stated above.
Capitalism replaces that which does not work with something that will, See S&L Crisis for real Capitalism. http://www.fdic.gov/bank/historical/s&l/
[ link to this | view in chronology ]
Re: Capitalism vs Central Planning
Unregulated capitalism accomplishes the opposite. What fosters competition is the free market, and the free market can only exist in the long-term through appropriate and sensible regulation.
[ link to this | view in chronology ]
Re: Re: Capitalism vs Central Planning
Really, a �Free� market can only exist by being regulated?? Do you see the irony of your statement?
Govt getting it wrong by setting �appropriate and sensible regulation� is the point of this post. S Korea destroyed competition for IE with regulation, currently making things worse than if the unregulated market had been embraced. I can�t understand how you can think a bunch of bought off bureaucrats are more incentivized to "get it right" than the likes of Steve Jobs and those with Billions at risk. The numerous TechDirt posts about the current regulatory assault by Govt on the �Free� Internet (SOPA, ACTA, TPP, CISPA) should be example enough. Regulations limit choice and destroy wealth, thus destroying freedom.
I know that Steve Jobs could have done more with $1B than any of those idiots in DC could have done with $100B.
[ link to this | view in chronology ]
Re: Re: Re: Capitalism vs Central Planning
Yes, because unfair business practices, monopolies, collusion, price fixing, price gouging, vendor lockouts, rip-offs, deception, even dangerous products, etc. occur when it's not correctly regulated.
"Govt getting it wrong by setting �appropriate and sensible regulation� is the point of this post."
No, government not understanding the consequences of their actions, and handing complete control over an important market to a single company, is the point of this post. It was neither appropriate nor sensible. Just as anyone familiar with the technology at the time could have warned them (and probably did, but were ignored). Demanding a standard set of security options with a specific set of parameters was the right thing to do. Specifying the exact technology, especially one using a platform locked into a single vendor, was the mistake here, not the fact that regulation took place.
"I know that Steve Jobs could have done more with $1B than any of those idiots in DC could have done with $100B."
Yes and no. On the technical side, maybe, but if his actions weren't kept in check, I suspect he would have been happy to create a defacto Apple monopoly.
[ link to this | view in chronology ]
Re: Re: Re: Re: Capitalism vs Central Planning
All these can be attributable to Govt regulations more so than Capitalism. Govt IS the monopoly, price fixing, price gouging, vender lockout, (money wasting) rip-off, deceptive, collusive, killer drug approving, unfair business practice MACHINE of all time.
�government not understanding the consequences of their actions, and handing complete control over an important market to a single company, is the point of this post.
That�s exactly what I said. The unintended consequences of regulation caused S Korea to shoot itself in the foot. I was sarcastically pointing out that setting, what always looks like �appropriate and sensible regulation� at the time, has caused more damage to the world than Capitalism ever could. The disastrous regulations of N Korea, Cuba, the Soviet Block & China have killed 100�s of millions more than Capitalism.
[ link to this | view in chronology ]
Re: Re: Re: Re: Capitalism vs Central Planning
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Capitalism vs Central Planning
Govt policies create Monopolies by removing competition.
Cable providers
Utilities
Obamacare
[ link to this | view in chronology ]
Re: Re: Capitalism vs Central Planning
[ link to this | view in chronology ]
Re: Capitalism vs Central Planning
[ link to this | view in chronology ]
ActiveX is alive and still sucks...
The rumor that I heard is, the OS guys stalled the swapout of COM pieces until it was too late to release, which ticked off the marketing and management guys. So management decided to combine the OS and .NET groups in order to get the technology upgrade. But they left the management structure in place, and that left the OS guys in the senior position. So now .NET has a whole lot of new COM features, and .NET server looks like pie in the sky.
Just a rumor, of course.
[ link to this | view in chronology ]
it gets even better...
Why was SEED developed in the first place?
Those export controls keep biting.
[ link to this | view in chronology ]
The Internet Is Made Of Tubes!
Wasn't it an American politician who said something like "the Internet is made of tubes, stuff goes through the tubes and the tubes get clogged up"?
So what's clogging up the tubes?
[ link to this | view in chronology ]
Re: The Internet Is Made Of Tubes!
[ link to this | view in chronology ]
That's not the only cost
They like to pretend that their pitiful anti-virus and anti-malware and anti-intrusion and anti-whatever will save them from the consequences -- but they're wrong, and fresh proof of how wrong they are arrives at the perimeters of every network thousands of times an hour.
So before anyone gets too smug about how badly South Korea has shot itself in the foot here -- what's YOUR organization running?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The problem was that while Windows was the most-deployed OS in the country at the time, US Government export controls on encryption standards prevented anything with stronger than 40-bit encryption from being allowed to enter their country.
They came up with SEED because they needed strong crypto. The fact that the AtiveX control is the only way to use it is an artifact of that effort. They essentially had no choice at the time.
SEED is so old now that it's probably exceptionally difficult to port it to current browsers that support NPAPI or Pepper, both of which differ subtly from the original API SEED was developed against for Netscape browsers.
If you're going to blame someone, blame the US Gov't.
[ link to this | view in chronology ]
Re: Re:
That's just untrue. There were a number of different approaches that could have worked given the realities of the day. They simply chose the path that led to the quickest solution, not the most robust solution.
[ link to this | view in chronology ]
Re: Re: Re:
The other solution was to just sit back and ignore it. I had no trouble downloading the 128 bit encryption software from out side of the United States and I doubt many others did. It's all very well and good for the US to ban export of these kinds of technology but the reality is that once it was released "into the wild" it was around the planet in seconds.
The other bit of madness was to write an ActiveX control so that a browser, well IE, could access sites secured by SEED. Given that of all MS Internet technology perhaps only Outlook Express has more holes in it than ActiveX does. if the desire was for a secure transaction then using just about anything including two tin cans and a string would have been better than ActiveX. At least a pair of tin cans and a string are harder to use as attack vectors than ActiveX is.
OK, so now you have South Korea, a country wanting to be knows for it's technology prowess and abilities that's a Windows monoculture by design. At least the design of one government department.
The problem in the smart phone era is that Windows on smart phones is so rare as to be nearly invisible. Korea always had a choice. the picked one a 12 year old script kiddie could have come up with between sips of some energy drink and bites of the lastest designer sandwiches from 7-11.
In fairness to MS, well a little fairness, the bureaucrats who made the decision(s) that brought South Korea here probably know as much about encrytion as they do about the Internet, Web and how their computers work. They understand the On/Off switch.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
And that's why Korean internet sucks so much.
And guess what happens when you have dozens of "pseudo-security" programs getting installed. You get all these myriads of problems. Sometimes, these programs do not even get installed due to the UAC settings in the recent Windows.
Now because of this backward standard, the majority of the Korean websites use Active X. Don't even try to use FF or Chrome for the Korean websites. The IE extensions are useless.
What's so ironic about this situation is that the IT "security" standard itself in Korea is very low. If you look at the major corporation or the government agency's security system, you'll be in shock. No wonder, one of the major banks in Korea (which is owned by the state) called Nong Hyup had a major hacking crisis last year.
Korean government seriously need to come up with an alternative method FAST, or else, the so-called IT Nation will collapse under the archaic standard.
[ link to this | view in chronology ]
Re: And that's why Korean internet sucks so much.
[ link to this | view in chronology ]
Re: And that's why Korean internet sucks so much.
If I had to work in that environment, I'd set up a series of virtual machines, one for each bank I want to work with. Then, at least, I wouldn't have to stack all those components in the same installation.
[ link to this | view in chronology ]
The Microsoft monopoly claims yet another market. Ah well, I guess we'll just keep adding the examples to the pile.
[ link to this | view in chronology ]
Response to: Anonymous Coward on May 9th, 2012 @ 5:19pm
[ link to this | view in chronology ]
There is no other technology capable of providing the level of assurance which ActiveX brings to the table.
Not even by accident.
[ link to this | view in chronology ]
Re:
2) Citation please.
[ link to this | view in chronology ]
Proof Of The Quality Of Microsoft Software
[ link to this | view in chronology ]
[ link to this | view in chronology ]
LOL
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Ease off on the Republican kool-aid!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095
I'm very sad to see that basically nothing has changed since 2007.
One new effort that is getting off the ground is the WebCrypto work in the W3C that is an effort to provide a JavaScript-based cryptography in the browser. This could potentially allow S. Korea to move away from Active-X plugins but would require significant changes to their existing laws.
http://www.w3.org/2012/webcrypto/
https://wiki.mozilla.org/Privacy/Features/DOMCryptAPIS pec/Latest
It has been 5+ years since I first reported on this issue and we've seen little change in desktop browser market-share. I'm not holding my breath, unfortunately.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
It is worse than the blog post puts it
Here's a story that took place just yesterday. I lost my phone, and as part of having to register for a replacement thanks to an insurance program, I had to file a lost item report with the police, and then send a copy of the report. However, as I filed the report online, I had to retrieve a copy and print it so I could fax it in. It took me almost ten minutes...TEN MINUTES...to print what was essentially a custom PDF file because of all the ActiveX controls I had to install on the PC I was using at the time.
ActiveX is annoying enough that people who have iPhones here just use their phones to conduct banking businesses so they don't have to deal with the mess. In a way, it is thanks to Apple and the iPhone that Korea is seeing something of a retreat from ActiveX usage and some banks are implementing what they call an "open banking" system. HA! A couple of banks here make you download a custom app if you are using OS X or Linux, while yet another bank forces you to install a "security plugin" if you are using Firefox or Chrome.
Yes, we have better infrastructure, but what good is the infrastructure if using the damn thing is annoying?
[ link to this | view in chronology ]
The obvious question
What is the rate of online fraud via Internet in South Korea and how do they rank against other countries in the world? In other words, did the security steps work?
There's a lot of screaming about big government and how nasty Microsoft is and all of that, but at the end of the day, did this scheme actually achieve the intended result or only the unintended colossal screw-up result?
I think I would prefer running a VM to handle that messed up system and get a very low rate of fraud than to not have ever had SEED in the first place. At least their hearts were in the right place. Did anybody else even try to mandate security, even the right kind? Doesn't seem like it.
[ link to this | view in chronology ]
Al Gore's fault
[ link to this | view in chronology ]
Re: Al Gore's fault
[ link to this | view in chronology ]
Secure payment systems
[ link to this | view in chronology ]
Sad status
So sad. This is state of South Korean youth. Clueless and idiotic.
[ link to this | view in chronology ]
Why?
[ link to this | view in chronology ]
Local Admin Rights
[ link to this | view in chronology ]
bitconnect news
다음과 같이 BitConnect 코인을 채굴 할 수있는 두 가지 방법이 있습니다.
1. 솔로 마이닝 BitConnect 코인(BCC)
Setup guide 광산 작업 증명 (PoW) 차단.
more: www.bitinsider.info
www.bitconnect.co
[ link to this | view in chronology ]