South Korea Still Paying The Price For Embracing Internet Explorer A Decade Ago
from the no-escape dept
The problems of monopolies arising through network effects, and the negative effects of the lock-in that results, are familiar enough. But it’s rare to come across an entire nation suffering the consequences of both quite so clearly as South Korea, which finds itself in this situation thanks to a really unfortunate decision made by its government some years back:
At the end of the 1990s, Korea developed its own encryption technology, SEED, with the aim of securing e-commerce. Users must supply a digital certificate, protected by a personal password, for any online transaction in order to prove their identity. For Web sites to be able to verify the certificates, the technology requires users to install a Microsoft ActiveX plug-in.
The trouble is ActiveX is only supported on one platform: Microsoft Windows. As a result, when the South Korean government made the technology mandatory for online e-commerce, the entire South Korean Internet sector become enslaved to Internet Explorer:
It forced consumers to use Internet Explorer because it was the only browser ActiveX plug-ins were compatible with. By default, Web developers optimized not only banking and shopping Web sites for Internet Explorer, but all Web sites. For developers, this just seemed logical.
The result has been a decade-long monopoly in the Korean market, where virtually all Korean Web sites are optimized for Internet Explorer.
Eventually, the South Korean government noticed that it was totally out of step with the rest of the world in effectively forbidding important alternative technologies like iPhones or Android, and took steps to remedy the situation:
A bylaw was created that said government Web sites must accommodate at least three different Web browsers and in 2010 they withdrew the mandate governing the use of ActiveX plug-ins.
But there was a catch.
If a company wants to stop using ActiveX plug-ins, it has to use an alternative technology that offers the same level of insurance. To get approval to use such a technology, they have to get approval from a government appraisal committee. The committee was formed over a year ago and has yet to make a single approval.
So even though the possibility of using something other than ActiveX is there, in practice there are simply no other options for secure transactions. A choice taken a decade ago to standardize on one technology has locked an entire nation into that platform, and it’s proving extremely hard to escape.
And it’s not just the local coders that are suffering: businesses, too, are hamstrung when it comes to innovation. As Kim Kee-chang, founder of the OpenWeb organization dedicated to expanding Web accessibility in Korea, explained:
“If people are thinking of opening up some service ultimately connected to payment they really have no chance in Korea,” Kim said. “They are stuck in the payment stage and even if they could make it in Korea, they’d have little hope in an international market.”
It’s a classic lock-in due to network effects, aided and abetted by a thoughtless government decision all those years ago. As South Korea falls further and further behind in this regard, trapped in its fossilized world of ActiveX, it may well come to be seen as warning to other governments to adopt true open standards, if they want to avoid a similar fate.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Filed Under: activex, internet explorer, south korea, windows
Companies: microsoft
Comments on “South Korea Still Paying The Price For Embracing Internet Explorer A Decade Ago”
Is it so wrong...
I just want to laugh and laugh until I start crying in pain.
Oh the joys of bureaucracy.
Why?
I don’t understand why the Korean government was developing such a standard in the first place.
Isn’t this kind of thing better left to the private sector? Does anyone know why the government stepped in?
Re: Why?
follow the money
Re: Re: Why?
Law of Unintended Consequences + Good Intentions = Road to “OMG WTF Happened?!?!?”
Re: Re: Why?
follow the money
I couldn’t agree more.
Re: Re: Why?
but only if you’re using IE
Re: Why?
When South Korea developed SEED, SSL support in browsers was limited to 40-bit keys due to lingering effects of the U.S. government’s policy of classifying strong encryption as a munition subject to strict export control.
So in an effort to move ahead technologically, South Korea developed their own standard with support for larger keys. To get support into the browsers, they produced an ActiveX control for IE and a plugin for Netscape. Then Netscape died out, and over time the banking and e-commerce have locked themselves into IE-only development.
More information dated a few years ago: http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095
Re: Re: Why?
I see. Ok – thanks!
Re: Why?
Are you joking? When does the government not think it’s necessary for them to step in?
there is more likelihood that other governments will do exactly what S.Korea did and to hell with the consequences. you know the rules. if there is a way to fuck something up, you can rely on ‘the government’ to follow it through!
Re: Re:
the only thing worse then government and capitalism, is when u mix the two
Re: Re: Re:
Correct, because when you combine government and capitalism, you effectively eliminate one of the tenants of capitalism (limiting government interference in the private sector) and ultimately end up introducing socialism?.nothing worse, I agree
Re: Re: Re: Re:
Sorry but what’s happened is nothing close to socialism. It’s typical bureaucratic stupidity but in no way socialist.
As it is it’s hard to define South Korea’s economy as capitalist in any sense Ayn Rand would approve of. Nor is it socialism in any sense than a Swede would understand it. It closely models the Japanese economy which is dominated by immense companies such as Hitachi, Sony etc rather than what we’re familiar with in Europe or North America or Australia and New Zealand. Perhaps inwardly mercantile might describe it best.
Re: Re: Capitalism vs Central Planning
Capitalism fosters competition, bringing about choice and lower prices. Govt hates when people can choose.
Govt & Socialism foster monopolies, bringing about lack of choice and higher prices. Central Planning always has unintended consequences, as stated above.
Capitalism replaces that which does not work with something that will, See S&L Crisis for real Capitalism. http://www.fdic.gov/bank/historical/s&l/
Re: Re: Re: Capitalism vs Central Planning
Unregulated capitalism accomplishes the opposite. What fosters competition is the free market, and the free market can only exist in the long-term through appropriate and sensible regulation.
Re: Re: Re:2 Capitalism vs Central Planning
Unregulated capitalism accomplishes the opposite.(of competition) ?the free market can only exist in the long-term through appropriate and sensible regulation.
Really, a ?Free? market can only exist by being regulated?? Do you see the irony of your statement?
Govt getting it wrong by setting ?appropriate and sensible regulation? is the point of this post. S Korea destroyed competition for IE with regulation, currently making things worse than if the unregulated market had been embraced. I can?t understand how you can think a bunch of bought off bureaucrats are more incentivized to “get it right” than the likes of Steve Jobs and those with Billions at risk. The numerous TechDirt posts about the current regulatory assault by Govt on the ?Free? Internet (SOPA, ACTA, TPP, CISPA) should be example enough. Regulations limit choice and destroy wealth, thus destroying freedom.
I know that Steve Jobs could have done more with $1B than any of those idiots in DC could have done with $100B.
Re: Re: Re:3 Capitalism vs Central Planning
“Really, a ?Free? market can only exist by being regulated?”
Yes, because unfair business practices, monopolies, collusion, price fixing, price gouging, vendor lockouts, rip-offs, deception, even dangerous products, etc. occur when it’s not correctly regulated.
“Govt getting it wrong by setting ?appropriate and sensible regulation? is the point of this post.”
No, government not understanding the consequences of their actions, and handing complete control over an important market to a single company, is the point of this post. It was neither appropriate nor sensible. Just as anyone familiar with the technology at the time could have warned them (and probably did, but were ignored). Demanding a standard set of security options with a specific set of parameters was the right thing to do. Specifying the exact technology, especially one using a platform locked into a single vendor, was the mistake here, not the fact that regulation took place.
“I know that Steve Jobs could have done more with $1B than any of those idiots in DC could have done with $100B.”
Yes and no. On the technical side, maybe, but if his actions weren’t kept in check, I suspect he would have been happy to create a defacto Apple monopoly.
Re: Re: Re:4 Capitalism vs Central Planning
Irony at its best. ?unfair business practices, monopolies, collusion, price fixing, price gouging, vendor lockouts, rip-offs, deception, even dangerous products, etc…
All these can be attributable to Govt regulations more so than Capitalism. Govt IS the monopoly, price fixing, price gouging, vender lockout, (money wasting) rip-off, deceptive, collusive, killer drug approving, unfair business practice MACHINE of all time.
?government not understanding the consequences of their actions, and handing complete control over an important market to a single company, is the point of this post.
That?s exactly what I said. The unintended consequences of regulation caused S Korea to shoot itself in the foot. I was sarcastically pointing out that setting, what always looks like ?appropriate and sensible regulation? at the time, has caused more damage to the world than Capitalism ever could. The disastrous regulations of N Korea, Cuba, the Soviet Block & China have killed 100?s of millions more than Capitalism.
Re: Re: Re:4 Capitalism vs Central Planning
To create an Apple monopoly, the first step is to license your OS to third party vendors. Apple has never done such a thing in their history. But Google has. The second step is to use your leverage against those third parties who won’t have a chance to say no, because their devices are beholden to your OS.
Re: Re: Re:5 Capitalism vs Central Planning
You aren’t Required to buy Apple, unlike Obamacare.
Govt policies create Monopolies by removing competition.
Cable providers
Utilities
Obamacare
Re: Re: Re:2 Capitalism vs Central Planning
Actually it probably needs to gravitate between the two to keep the whole thing in check. That’s the problem now; it’s tipping way too far in one dierection.
Re: Re: Re: Capitalism vs Central Planning
No not really capitalism by itself does not prevent monopolies. You can have monopolies just as easily in a capitalist nation as you can have in a socialist nation.
ActiveX is alive and still sucks...
Sorry to break this to everyone, but .NET did not replace ActiveX. You see, Windows Server 2003 was supposed to be .NET Server. But the OS group really likes the Common Object Model (COM), and ActiveX is the brand name for COM in a browser.
The rumor that I heard is, the OS guys stalled the swapout of COM pieces until it was too late to release, which ticked off the marketing and management guys. So management decided to combine the OS and .NET groups in order to get the technology upgrade. But they left the management structure in place, and that left the OS guys in the senior position. So now .NET has a whole lot of new COM features, and .NET server looks like pie in the sky.
Just a rumor, of course.
it gets even better...
Via the Wikipeida article on SEED, someone wrote about the resulting monoculture 5 years ago http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s
Why was SEED developed in the first place?
Those export controls keep biting.
The Internet Is Made Of Tubes!
This article should terrify the rest of the world. We’ve had public access to the Internet since the early 1990s and our politicians still don’t get it. But they insist on making laws governing it’s use.
Wasn’t it an American politician who said something like “the Internet is made of tubes, stuff goes through the tubes and the tubes get clogged up”?
So what’s clogging up the tubes?
Re: The Internet Is Made Of Tubes!
“Series of tubes” was coined by US Sen. Ted Stevens (R-Alaska)to describe the Internet.
That's not the only cost
Running IE (one of the worst, if not the worst generally available web browser) on Windows (clearly the most insecure general-purpose OS platform) is insanely stupid. Anyone doing so should be hit across the face with a cement truck. Yet not only has South Korea mandated this, there are hundreds of thousands of government agencies, corporations, non-profits, and even universities which have done the same: they’ve mandated it.
They like to pretend that their pitiful anti-virus and anti-malware and anti-intrusion and anti-whatever will save them from the consequences — but they’re wrong, and fresh proof of how wrong they are arrives at the perimeters of every network thousands of times an hour.
So before anyone gets too smug about how badly South Korea has shot itself in the foot here — what’s YOUR organization running?
How much did Microsoft pay them?
Re: Re:
Nothing.
The problem was that while Windows was the most-deployed OS in the country at the time, US Government export controls on encryption standards prevented anything with stronger than 40-bit encryption from being allowed to enter their country.
They came up with SEED because they needed strong crypto. The fact that the AtiveX control is the only way to use it is an artifact of that effort. They essentially had no choice at the time.
SEED is so old now that it’s probably exceptionally difficult to port it to current browsers that support NPAPI or Pepper, both of which differ subtly from the original API SEED was developed against for Netscape browsers.
If you’re going to blame someone, blame the US Gov’t.
Re: Re: Re:
That’s just untrue. There were a number of different approaches that could have worked given the realities of the day. They simply chose the path that led to the quickest solution, not the most robust solution.
Re: Re: Re: Re:
The simplest solution at the time was to simply ignore the stupidity of the export controls as writing 128 bit encryption software at the time wasn’t all that difficult for practitioners in the field to do.
The other solution was to just sit back and ignore it. I had no trouble downloading the 128 bit encryption software from out side of the United States and I doubt many others did. It’s all very well and good for the US to ban export of these kinds of technology but the reality is that once it was released “into the wild” it was around the planet in seconds.
The other bit of madness was to write an ActiveX control so that a browser, well IE, could access sites secured by SEED. Given that of all MS Internet technology perhaps only Outlook Express has more holes in it than ActiveX does. if the desire was for a secure transaction then using just about anything including two tin cans and a string would have been better than ActiveX. At least a pair of tin cans and a string are harder to use as attack vectors than ActiveX is.
OK, so now you have South Korea, a country wanting to be knows for it’s technology prowess and abilities that’s a Windows monoculture by design. At least the design of one government department.
The problem in the smart phone era is that Windows on smart phones is so rare as to be nearly invisible. Korea always had a choice. the picked one a 12 year old script kiddie could have come up with between sips of some energy drink and bites of the lastest designer sandwiches from 7-11.
In fairness to MS, well a little fairness, the bureaucrats who made the decision(s) that brought South Korea here probably know as much about encrytion as they do about the Internet, Web and how their computers work. They understand the On/Off switch.
Re: Re: Re:
The Korean gov’t had choices. Look at the other industrialized countries. They do not have this stupid system imposed because the US gov’t prevented the export the encryption system.
And that's why Korean internet sucks so much.
I’m a Korean-American, so I know this retarded system first hand. If you want to do any internet banking, you have to install at least 4-6 “security programs” that purport to encrypt your key entry, protect your computer from virus, and some other things. Then, check this out. You go to another bank’s website to do internet banking, and you have to go through the same exact process again even though you already have the same exact programs from the same exact company because each software is “tailored” for each bank. So if you have multiple bank accounts, you end up installing dozens of unnecessary programs on your computer that starts every time you boot your computer by default.
And guess what happens when you have dozens of “pseudo-security” programs getting installed. You get all these myriads of problems. Sometimes, these programs do not even get installed due to the UAC settings in the recent Windows.
Now because of this backward standard, the majority of the Korean websites use Active X. Don’t even try to use FF or Chrome for the Korean websites. The IE extensions are useless.
What’s so ironic about this situation is that the IT “security” standard itself in Korea is very low. If you look at the major corporation or the government agency’s security system, you’ll be in shock. No wonder, one of the major banks in Korea (which is owned by the state) called Nong Hyup had a major hacking crisis last year.
Korean government seriously need to come up with an alternative method FAST, or else, the so-called IT Nation will collapse under the archaic standard.
Re: And that's why Korean internet sucks so much.
It seems to me that they should dump SEED and use the SSL or TLS standards. They work well enough, and the export restrictions no longer apply to them.
Re: And that's why Korean internet sucks so much.
That’s awful!
If I had to work in that environment, I’d set up a series of virtual machines, one for each bank I want to work with. Then, at least, I wouldn’t have to stack all those components in the same installation.
I can’t believe the time to say “I warned you!” has come.
The Microsoft monopoly claims yet another market. Ah well, I guess we’ll just keep adding the examples to the pile.
Re: Response to: Anonymous Coward on May 9th, 2012 @ 5:19pm
I told you is about riggghttt..
There is no other technology capable of providing the level of assurance which ActiveX brings to the table.
Not even by accident.
Re: Re:
1) Bullshit
2) Citation please.
Proof Of The Quality Of Microsoft Software
So, to recap, the South Koreans where doing great, until they decided to abandon there loyalty to Microsoft. That’s when there problems started. This just goes to show the dangers of so-called “open” standards. It’s a Wild West out there, with all this HTML and CSS and HTTP and Java stuff. If they’d stayed with proven Microsoft technologies, they would still be doing just fine.
Optimized for Internet Explorer! Man, gotta love euphemisms.
LOL
Right now, I’m so glad I don’t live in South Korea.
How ironic that Samsung (maker of 10 of the 20 top selling android phones, and the 2 top selling android phones in the world) is a South Koerean company.
That is how Communism works and Korea is about as close to that as anyone country can be without flat out being communist.
Re: Re:
Which is why North Korea hates them so much?
Ease off on the Republican kool-aid!
Sounds like something North Korea would think up.
As the writer of the blog post in 2007 that exposed this defacto monopoly,
http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095
I’m very sad to see that basically nothing has changed since 2007.
One new effort that is getting off the ground is the WebCrypto work in the W3C that is an effort to provide a JavaScript-based cryptography in the browser. This could potentially allow S. Korea to move away from Active-X plugins but would require significant changes to their existing laws.
http://www.w3.org/2012/webcrypto/
https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest
It has been 5+ years since I first reported on this issue and we’ve seen little change in desktop browser market-share. I’m not holding my breath, unfortunately.
You’d think businesses would just launch offshore commerce sites… We do that kinda thing all the time in the U.S..
Re: Re:
With the phone market being what it is and MS’s near invisibility there they may be finally forced to make that decision.
It is worse than the blog post puts it
I currently live in South Korea, and I have been here since 2004. This crypto nonsensse applies not only to banks, but also online shopping malls, and god forbid, government websites. Yes, imagine Amazon forcing its plugins down your throat. It is bad enough that when I learned about the existence of VMWare back in 05 or so, I immediately purchased a copy JUST so I could have a separate system for all those nonsensical plugins.
Here’s a story that took place just yesterday. I lost my phone, and as part of having to register for a replacement thanks to an insurance program, I had to file a lost item report with the police, and then send a copy of the report. However, as I filed the report online, I had to retrieve a copy and print it so I could fax it in. It took me almost ten minutes…TEN MINUTES…to print what was essentially a custom PDF file because of all the ActiveX controls I had to install on the PC I was using at the time.
ActiveX is annoying enough that people who have iPhones here just use their phones to conduct banking businesses so they don’t have to deal with the mess. In a way, it is thanks to Apple and the iPhone that Korea is seeing something of a retreat from ActiveX usage and some banks are implementing what they call an “open banking” system. HA! A couple of banks here make you download a custom app if you are using OS X or Linux, while yet another bank forces you to install a “security plugin” if you are using Firefox or Chrome.
Yes, we have better infrastructure, but what good is the infrastructure if using the damn thing is annoying?
The obvious question
Of all the comments here at the moment I write my own, only one even slightly addresses what seems to me to be a part of the story that is missing:
What is the rate of online fraud via Internet in South Korea and how do they rank against other countries in the world? In other words, did the security steps work?
There’s a lot of screaming about big government and how nasty Microsoft is and all of that, but at the end of the day, did this scheme actually achieve the intended result or only the unintended colossal screw-up result?
I think I would prefer running a VM to handle that messed up system and get a very low rate of fraud than to not have ever had SEED in the first place. At least their hearts were in the right place. Did anybody else even try to mandate security, even the right kind? Doesn’t seem like it.
Al Gore's fault
It was because Al Gore was inventing the internets and all the encryption stuff went to hell!!
Re: Al Gore's fault
Is that suppose to be a joke(?) because it is fail.
Secure payment systems
Thanks for explaining this. For many years I have wondered why I couldn’t but anything on S.Korean websites. My wife is S.Korean but no longer has a residency number so it is impossible for her to shop online. How do Koreans with iPads buy stuff?
Sad status
I’ve had a chance to speak to Biology PhD students at KAIST in 2010. Guess what? They had no idea what the other browsers were for, and what kind of bind Korea is in with regards to activeX. As for my bashing SEED? The students thought I was just another pro-western demagogue. Their reply was: “So you are not a patriot?”
So sad. This is state of South Korean youth. Clueless and idiotic.
Why?
Microsoft lobbying. In all seriousness – they ruined a country.
Why?
Sure, if you don’t want a single standard.
Also, assuming that laws and standards should be left to a Ayn Randian “free market,” sorry, “private sector” is pretty naive — and a recipe for disaster.
Local Admin Rights
What’s even more stupid is that these activex controls only install and work when a user has local admin rights on their computer which is a massive security risk for a company. This situation is ludicrous.
bitconnect news
BitConnect Coin(BCC) 채광 새로운 BitConnect 코인이 생성되는 프로세스입니다. BitConnect 동전은 다음과 함께 채굴 할 수 있습니다. CPU/GPU Bitcoin처럼 ASIC 광부가 필요하지 않습니다.
다음과 같이 BitConnect 코인을 채굴 할 수있는 두 가지 방법이 있습니다.
1. 솔로 마이닝 BitConnect 코인(BCC)
Setup guide 광산 작업 증명 (PoW) 차단.
more: http://www.bitinsider.info
http://www.bitconnect.co