the cost of monoculture

(I am still preparing for posts on my China trip, but I wanted to first address the issue of monoculture as it is very relevant now.)

What would you say if I told you that there was a nation that was at the forefront of technology, an early adopter of ecommerce, leading the world in 3G mobile adoption, in wireless broadband, in wired broadband adoption, as well as in citizen-driven media. Sounds like an amazing place, right? Technology utopia?

Wrong.

This nation is also a unique monoculture where 99.9% of all the computer users are on Microsoft Windows. This nation is a place where Apple Macintosh users cannot bank online, make any purchases online, or interact with any of the nation’s e-government sites online. In fact, Linux users, Mozilla Firefox users and Opera users are also banned from any of these types of transactions because all encrypted communications online in this nation must be done with Active X controls.

Where is this nation?

South Korea.

UPDATE: photo of Korean Hangul keyword search visualization seen at Naver’s lobby.

Naver_4004.JPG

I traveled to South Korea last fall to learn more about the South Korean Internet market and came away disappointed and frankly stunned.

I met with leading businesses in the search market, the music download market, the games market and all reported the same situation- a monoculture of users using MS Windows. The S. Korean market is in a unique situation where decisions made long ago have created a consumer monoculture which is having unintended repercussions that are affecting anyone with a computer in South Korea. It is a fascinating story because it is true.

The history goes back to 1998, when the 128 bit SSL protocol was still not finalized (it was finalized by the IETF as RFC 2246 in Jan. ’99.) South Korean legislation did not allow 40 bit encryption for online transactions (and Bill Clinton did not allow for the export of 128 bit encryption until December 1999) and the demand for 128 bit encryption was so great that the South Korean government funded (via the Korean Information Security Agency) a block cipher called SEED. SEED is, of course, used nowhere else except South Korea, because every other nation waited for the 128 bit SSL protocol to be finalized (and exported from the US) and have standardized on that.

In the early years of SEED, users downloaded the SEED plugin to their IE or Netscape browsers, either an Active X control or a NSplugin, which was then tied to a certificate issued by a Korean government certificate authority. (Can you see where this is going?) When Netscape lost the browser war, the NSplugin fell out of use and for years, S. Korean users have only had an Active X control with the SEED cipher to do their online banking or commerce or government.

So we end up in 2007, 9 years after SEED was created for Korean users, and one legacy of the fall of Netscape is that Korean computer/Internet users only have an Active X control to do any encrypted communication online. So in late 2006, a group of Korean computer/Internet users, Citizens Action Network at Open Web Korea, having documented the problem with accessibility of sites via anything other than Microsoft IE, have decided to sue the Korean government.

It gets worse.

Remember how Active X controls were and continue to be a significant vector of viruses and malware because Microsoft originally architected Active X to run by default instead of with a user action? Maliciously programmed websites would be able to automatically install software on users’ computers just by visiting a web page in IE 6. In IE 7 and in Vista, Microsoft has re-architected Active X controls in such a way to make them “more safe” by requiring a user action for the control to run. This is obviously impacting every web site and company that uses active X controls on their websites, which include just about every website in Korea that handles any kind of secure transaction. Every online bank, every governmental agency, every ecommerce site. Without enough time to re-architect Korean websites, 3 S. Korean governmental ministries, the Ministry of Information and Communication, the Ministry of Government Administration and Home Affairs, and the Financial Supervisory Service, warned S. Korean users that upgrading to Vista would disable the user from making any secure transaction online. Can you imagine spending thousands of dollars on a new machine (because the requirements of Vista generally require new hardware) and a new OS from Redmond only to be locked out of any secure transaction online? It’s Kafkaesque.

To add insult to injury, the monopolist who absolutely controls the Korean market for computers won’t delay the launch of Vista to alllow for Korean websites to re-code their sites. “We’ve been testing Vista with banks and other service providers since September, but we encountered more delays than we expected. We plan to release the product as scheduled.

Absolutely incredible.

A related problem is that KISA and Microsoft announce “plans to work together to improve computer security awareness” or “mark anniversary of cooperation with renewed pledge” when in fact the situation in 2007 is no better than it was in 2003 when KISA decided to “work with Microsoft.” I can’t tell who is the fox and which is the hen house, but either way, the two should not be near each other.

Another part of the Korea story that I cannot comprehend are articles about Linux in Korea. The Korean Army considering Linux. Kwangju City as “Linux City.” If the Korean Army or Kwangju city cannot do any encrypted communications because their operating system of choice does not work with Active X controls, I’m not sure if this is hype or confusion.

To get the most depth and perspective on this topic, from the people in Korea who are suing the government, it’s best to read the documents at Open Web Korea.

This issue with the launch of Vista and IE 7 and the work of thousands and thousands of web programmers in Korea who are feverishly working to reprogram their sites to work with Microsoft’s new standards – do they realize that their efforts only bring them back to square 0 – there’s no more heterogeneity in the Korean Internet market post-Vista than pre. The problem for Korean websites wasn’t competition from MSN Korea, it was their sole dependence on infrastructure from Microsoft.

Korea will only get beyond this problem by 1) applying Korean laws on open standards to the certificate authorities, 2) reassigning new certificates which work with open web standards to all Koreans, 3) reprogramming all Korean websites to support 128 bit SSL which will allow for a heterogeneous marketplace of operating systems and web browsers. This is a herculean task and thus Korea stays hostage to Redmond.

Fascinating history. Unintended consequences and de-facto monopolies create costs too high to calculate and must be borne without question.

If you enjoyed this article, please take a moment to digg it πŸ™‚


RELATED READING: the seminal report “CyberInsecurity: The Cost of Monopoly,” and the related eWeek piece profiling Dan Geer, “IT Wrestles with Microsoft Monoculture Myopia” which goes over this same topic from a different but related perspective.

Via Anil Dash.

75 comments on “the cost of monoculture
  1. Rafael says:

    Not well known but Mozilla browsers can run Active X controls selectively. Back in 2003 or so we needed to support the Windows Media Player Active X control.
    It maybe possible to spin a build of Firefox with this SEED active x support. I don’t know if anyone’s investigated or put serious thought around it.

    I agree. This is bad all around.

  2. Andreas says:

    > Another part of the Korea story that I cannot comprehend are articles about Linux in Korea.
    Pretty sure those Linux stories are moot. Just like in Japan – cfr.
    http://chosaq.net/archives/2005/10/japanese-government-eyeing-linux-quick-deconstruction-of-a-non-story.html

  3. Channy says:

    Gen, Thanks for your proper comments.
    This situation was somehow origniated by lacks of functionality in browsers. The SEED was already finalized in IETF 4 years ago, but this patch was not added to famous crypto libraries such as OpenSSL. At last, a guy gave a patch to OpenSSL in last year, OpenSSL RT #1273. (e.g. Camella, japanese block algorithem was included in Open SSL in last year.)
    As well as problem on cryptography, there is another thing on digital signature. The korean law requred digial signature signed by persol public certificates issued by governement for all financial transactional data. But there is no standard-function on browsers to do thing except Firefox’s cypto.signText. So many national PKI systems uses plugin based signature tool as like Active X or Java applet in Danish, Spain and etc.
    Many of govenments want to establish own certificate system with own crytography and own digital signature. So browser vendors must support standardized functions for it.

  4. Gen, this is very enlightening. Thanks for opening my eyes to the situation in Korea. Amazing.

  5. baron says:

    Wow. Just wow. This is one of the best articles by anybody that I’ve read in a long long time.
    Thanks for writing this!

  6. nobi says:

    Amazing. I contiribute some articles for Korean Mac magazine called MacMadang. They say they can’t get enough information or interesting stories in Korea. And they say the Korean Mac market is very small. So I knew it was small but I haven’t reallized how seriously small it is and how big the burnden for Korean mac users might be.
    This article would certainly help me writing a next article for them; I write in Japanese and they use machine translation to translate it. cool, isn’t it?

  7. Damn your eyes Gen, I spent hours writing up a post almost exactly like this yesterday for my OutsideinKorea site — it’s sitting in draft on my desktop as I speak! *shakes fist*
    Ah well, snooze and lose. Maybe I’ll gut it and rewrite it from a different on-the-ground perspective. I can verify that it is true that one can do almost nothing on any Korean websites that require any kind of authentication unless you use IE on Windows and allow installations of a bewildering array of ActiveX controls.
    Which is why I have to flatten and reinstall my wife’s laptop with clockwork regularity.

  8. jcn says:

    “Wow. Just wow. This is one of the best articles by anybody that I’ve read in a long long time.”
    qft.
    it seems s.korea traded a head start in e-commerce for slavery to microsoft. Although this monoculture do cost them much now, they certainly profited from it, as they saved development costs in other brances of web development. community sites, iptv (which is running almost exclusively through wm streams) and other things.
    of course it will cost them quite a bit now, but after what they have earned from maintaining this monoculture, it almost seems fair …

  9. korean says:

    Best article I’ve ever read. Did you go inside my head and made a list of my thoughts? You’re incledible!
    I always believed that my country’s over dependence in MS would cost us sooner or later. Vista and ActiveX problem is only the beginning…

  10. Frank A S says:

    I guess you can always run IE under wine:
    http://patrick.spacesurfer.com/ie_wine_install.html
    That should enable your “secure” banking.

  11. Gen Kanai says:

    Nobi, the Mac users I know in Korea, they do all their banking and commerce transactions via their mobile phones, which are enabled for secure transactions. They cannot do these procedures with their Macs.

  12. imgLab says:

    I am korean. and I use Mac. I don’t have a cellphone which have baking/commerce function. so I use Virtual PC for banking.
    but there is one bank which supports mac os x application for user. some of mac user in s. korea consider to using it but it does have lots of bugs. (this is what I heard. I don’t have a acount for this bank.)
    thank for you article!

  13. paul says:

    so the people that live in the “nation that was at the forefront of technology, an early adopter of ecommerce, leading the world in 3G mobile adoption, in wireless broadband, in wired broadband adoption, as well as in citizen-driven media” are “fucking disgusting scum” that “live like fucking animals?”
    where and how do YOU live?

  14. anon says:

    Umm, sorry Gen, you’re really wrong on this. If you can use your cellphone for banking, then by definition you don’t have a monoculture. It’s not like the phones are running Windows/IE.
    South Korea is a success story. The economy has far outpaced Japan’s. Notice how expensive everything was in Seoul? It wasn’t like that 15 years ago compared to Tokyo. That’s because the currency is so darn strong since everyone wants to buy Korean. Even the Japanese are buying samsung phones (and almost every American ends up choosing an LG or Samsung phone these days). Broadband adoption and use in the schools is amazing. The Koreans are far more computer literate than other asians.
    Google is not dominating at all in Korea (they’re what #9 in search rank there?). They have a healthy software market including players like Daum and Naver that are being copied by the west. Microsoft makes less money per PC in Korea than they do in almost any other developed country (and esp compared to Japan).
    Windows, ActiveX controls and no macs/firefox dost not make a technology country, a people, an economy weak. Yes, the government heavily subsidized PC/broadband adoption…but the South Koreans have taken the tech crown from the Japanese.
    If anything, it shows how little differentiation there is between Mac/Windows/IE/FF. It’s all the same monoculture. So what if they can’t use vista or need a couple of activex controls? They still managed to break the Google/MS monopoly on the desktop and webservices, make cellphones that allow software to actually run (unlike Japanese providers), and get their people to use technology effectively.
    Hell, in Japan, people want Bae Yong Joo to protect their belongings….

  15. Gen Kanai says:

    I’ve deleted the offensive post that Paul (above) is referring to.

  16. Gen Kanai says:

    anon, my post had no comparisons between Japan and Korea. I have no desire to do that.
    You seem driven to compare the two nations. You’re welcome to do that on your own blog, or on mine if you choose to do so under your real name.

  17. Danno says:

    Hey anon, maybe you should stow your nationalism for a few minutes and consider the problem in full.
    This isn’t just a Korean local issue, it’s got implications for secured communications between Korean companies and everyone else in the world.
    Global communication is built on standards and heterogeneous systems, whether you think there is little difference between all operating systems or not.

  18. David Storey says:

    I wrote about this issue a couple of days ago on my blog. We (Opera) are big believers in Web Standards and have been working hard to try to convince sites to use these standards and help them fix the issues. We’d love to work with Mozilla, if you are interested, to push further on this. I think it only makes sense to combine our resources and know how to combat this problem.
    Kazuhito-san (of WaSP) presented at the Soft Expo 2006 in Soeul on this topic and you can find his slides here – http://standards.mitsue.co.jp/resources/softexpo/presentation.pdf

  19. anon says:

    Danno, Gen,
    You’re missing my point. I’m not trying to be nationalist. Heck, I’m not even Korean. The subsidized PCs/broadband and the decision to go with proprietary SEED encryption before a global standard was available was a S. Korean government decision for the purposes of helping their economy and people.
    I’m saying that it worked. For a government policy maker, their effectiveness can be measured by how well they help their people compete against similar/rival nations. They bet that if they subsidized Windows PCs and forced stronger proprietary encryption then it would help their people.
    It did. I’m not saying that it’s wonderful that they have all their banks using a technology that’s not compatible with everything.
    I’m saying that in retrospect, they still seem to have made a pretty damn good decision. They have created a thriving software industry where jobs aren’t being shipped to india/china. Their people are computer literate. Again, so what if they can’t use Vista right now or use a mac as effectively. Microsoft loses. Apple loses. Google loses. But Koreans win more than they lose. And that’s what their government is supposed to help them do.

  20. And that’s why, despite a longing to purchase all the delicious and fanciful things I see on Auction.co.kr and Naver shopping etc, I sit here in Seoul running my firefox in Ubuntu using Amazon.com!

  21. ben says:

    Fuck Microsoft
    I have always hated their products
    I hate anything their spokespersons say
    I will not send any money to them
    I will not use their products
    Tell everyone you know and meet about Linux and free choice. Let paid shills mock you all they want, you’re informing people about freedom vs. the convicted monopoly and their shit EULA garbage.
    Fuck Microsoft

  22. peacock says:

    I use linux for all my purpose until I moved to Korea. I was in korea for 2 years. I was forced to install windows since for any secure transaction, I have to boot to windows and use IE.Even the company I worked had big plans to ship linux PCs. But they could not go ahead with their plan as their market analysis showed that there won’t be linux takers since that will lock user from doing secure transactions. Korean do a lot of transactions online.

  23. Jun says:

    Gen, this is good stuff. Amazing that you were able to figure all this out during your short stay. Its apparent you know more than I, and I’ve been here for 4 years. Greatly looking forward to your post on China.

  24. Arthur Davidson Ficke says:

    “Microsoft has re-architected Active X controls in such a way to make them ‘more safe’ by requiring a user action for the control to run.”
    This wasn’t done for safety-related purposes as the wording above seems to imply. It was done specifically to address the ridiculous patent infringement lawsuit brought by Eolas Technologies (as mentioned in the referenced page).

  25. Dankoozy says:

    The only computer not running windows over in Korea was one in the engine room of a LNG carrier.
    I was in a computer shop in Pusan and they didn’t have a single Mac. First I thought it was because Samsung + Microsoft are assbuddies. Also in the bars I went they always had music playing on a web-based player.

  26. ezki1l says:

    I’ve actually experienced this first hand. I’ve come to realize that Korea is MS dominated. We had a startup going to port a Korean technology similar to Youtube to the States, but it was all in MS Media player format, which is incredibly slow. We had to actually port everything to Flash. Korean market uses Windows for EVERYTHING, meaning the use of Visual Studio, optimizing websites for IE ONLY, CRAPTIVE X, etc…
    I don’t see this issue being resolved anytime soon. The main problem comes from the fact that their broadband connections are EXTREMELY FAST. So sluggish MS Media player streaming isn’t so bad on a 50Mbps fiber optic line. The Koreans have a knack for patch work and don’t see longterm infrastructure change.

  27. Rob says:

    What drove Korea forward was the government’s involvement and dedication to build a technology infrastructure. Nothing about that says that it had to be Windows and that it had to be done with hack-job ActiveX controls. They could have even simply gone with a draft of the SSL standard and customized it to their needs and they still would have been better off. Nowhere is Microsoft part of this “success story”. They have advanced *despite* the certificate PROBLEM, not *because* of it.

  28. sarrah says:

    I agree with Anon, 1000%.
    I have lived and breathed the South Korean wired/wireless broadband infiltration era.Despite the security issues encountered, what South Koreans benefit from the technology-driven business society without a doubt outweighs the current pitfalls…

  29. thinsoldier says:

    I want to read more about just how bad they get screwed when there are virus outbreaks πŸ™‚

  30. Jasper says:

    @peacock, you read @Frank? Gave wine a try? I admit i use the Ubuntu distro, and havent tried it myself yet, but it cant be that hard.
    Weird that Koreans are not pissed off by the fact that Microsoft doesnt help with their compatability problems. I am guessing that many people dont see it as MS’s duty, that everyone is supposed to be selfish and you shouldnt expect any better. I find this rather worrying since you simply cannot base any society i would want to live in on pure selfishness. (happily non-selfishness by definition continues regardless of reward, but I do like to see the opposite punished)

  31. Joel says:

    One sure fire method to avoid the active-x trap is to run firefox on linux! works great for me, YMMV.

  32. ed says:

    Jasper, I don’t think its necessary silence in the face of evil condoning selfishness but rather an improper decision on what they feel is the path of least resistance.
    To be honest, the US, can be seen as a society where EVERYTHING is everyone else’s fault. That’s why our lawyers make so much money. Everyone sue’s someone else. πŸ˜‰

  33. Eric says:

    dude, take a chill pill! This is Asia — they are used to lack of consumer choice and the government telling them how its gonna be. I wouldn’t be surprised if this small nation’s “monoculture” as you put it, has allowed for the proliferation of a lot of software that would have otherwise not been written.
    Not much software is out there for Koreans that is not made in Korea. Yeah, there’s the big apps from Microsoft, Adobe and others, but if there were 3 major platforms (Windows, Mac & Linux) in play, it would be much more difficult to make any piece of software a commercial success, as you could only write native apps for 1/3 of the market at a time.
    Gaming is also of high importance in South Korea — again, support 3 gaming clients would raise the barrier of entry into that market, limiting consumer choice.
    If you’re crazy enough and buy into the Java’s whole “write once, run anywhere” scheme, you will have something that will execute on all machines, but is certain to not work as expected by 100% of your users.
    This “monoculture” ain’t so bad for South Korea. Sounds a lot easier than working in any US office, where the creative guys insist on Macs, the business users insist on Windows, and the server guys insist on Linux.
    What a mess.

  34. simo says:

    I’m not very sure that the lack of MS monopoly would have disturbed South Korea’s success on commercial software.
    In Europe, there are choices for Windows. People can use Linux or especially Mac without being restricted by the goverment, unlike in South Korea. In spite of this, almost all commercial software is for Windows. A few software is also available for Mac. Windows has almost 90% market share. The alternative OS:es are available, but none of them holds 1/3 of the market share.
    If there were a Linux or Mac version of secure transaction client in South Korea, Windows would have a little less market share there. If now 100%, maybe 90% with alternatives. The commercial software deveploment wouldn’t have given a heck of Mac or Linux, like in Europe.

  35. Jimmy says:

    Very informative article! When I stayed in Korea for 3 months, I was befuddled when I tried online banking at one of the nation’s largest banks. The login screen said “Please wait…loading…press F7 to enable login”. F7!? I thought that it was the biggest scam in existence. Interestingly enough, I was using a Mac, but the page didn’t load when I tried on WinXP either(apparently no ActiveX controls). The source code on the page had some weird redirection scheme, but none that I could have identified readily as ActiveX. In any case, when was the last time you had to hit “F7” in a web browser anyway?!

  36. Me says:

    Greatest thing ive ever read..

  37. mahathir_fan says:

    The monoculture is prevalent even in the cell phone industry. every cell phone in Korea is based solely on Qualcomm CDMA. There is no European GSM.

  38. David Oftedal says:

    I’m a bit confused by some of the information posted above. Is SEED encryption already supported by open-source implementations or not? If not, why not just have someone develop it? And if it is, doesn’t the problem then lie elsewhere than SEED?

  39. Neil T. says:

    SEED is the subject of several RFCs [1] and so the details of it are public information. A patch exists for OpenSSL [2] that adds support for SEED. And someone even suggested adding support for it in Firefox [3], but it was never taken forward.
    Maybe the best solution in the short term is to get SEED support into Firefox somehow – whether by altering the Firefox code or writing a plugin. In the long term, South Korean banks can move towards 128-bit and 256-bit SSL, provided there is the legislative will to do so. If they’re so keen to work with Microsoft then MS will be keen to get Korean users upgraded to Vista as soon as possible; by adopting these open standards it’s less work on Microsoft’s part.
    [1] http://www.ietf.org/rfc/rfc4010.txt http://www.ietf.org/rfc/rfc4162.txt http://www.ietf.org/rfc/rfc4196.txt
    [2] http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp
    [3] https://bugzilla.mozilla.org/show_bug.cgi?id=307210

  40. This is exactly what happens when you design sites exclusively for Internet Explorer. I did an article on Designing IE Exclusive Sites, exactly a week ago, so I find it amusing to see a practical example of the consequences discussed in my article.
    http://cybertopcops.blogspot.com/2007/01/designing-ie-exclusive-sites-is.html
    We have a similar situation here in South Africa, where large organisations and government institutions love to design web sites (and critical parts of web sites where secure data transmissions are required) exclusively for Internet Explorer.
    I hope people, worldwide, will now realise how dangerous it is to design sites exclusively for Internet Explorer (or any specific browser for that matter).
    http://www.cybertopcops.com

  41. Old Geezer says:

    The only thing that will get Korea off of SEED will be if it turns out to be impossible to adapt it to use with Vista. Not only was SEED necessary when it was conceived (Korean society couldn’t wait for 128 bit SSL since broadband evolved so rapidly there, as alluded to above) but consider these:
    1. Korean banking, like many other things Korean, is still pretty much closed to outsiders. The Korean people already have SEED, and it works for them. Besides, by staying with SEED you create a barrier of entry to the “big-nosed foreign devils” (큰코 μ–‘λ†ˆλ“€), something many Koreans find desirable.
    2. There is no real right to privacy in the ROK despite the lip service bureaucrats pay to it; moreover, the ROK government is a control freak. The bureaucrats kinda like the idea of government control of online transactions, via the government-issued signature. Korea has never had a culture of privacy, being a crowded nation, so there’s little outcry from the people. And, of course, if the Ministry of Finance and Economy wanted access to someone’s financial dealings, I’m sure they can get it and pass it on to the Tax Tribunal, Korea National Police, whomever. Can you imagine the outcry in the States or the EU if one had to have a digital signature *from the government* in order to bank or make purchases online? Privacy advocates would have a field day!
    3. This isn’t limited to financial transactions. Even posting to a bulletin board like this one, in many cases, requires one to disclose their citizen ID number (μ£Όλ―Όλ“±λ‘λ²ˆν˜Έ) to get an account, via an ActiveX control. Some years back, this frustrated me so much (as a USFK member I didn’t have one, unlike foreign civilians resident in Korea who are issued ) I ended up using my landlord’s just to be able to post messages and communicate online in Korean.

  42. Dave Wrixon says:

    Thanks from all at DNLocal.com for a really fascinating insight into one of the Key Market in East Asia.

  43. matt says:

    I’m in America and I do all my banking… at the bank! Not from a cell phone, or a computer, but with tellers and stuff.. how strange!

  44. Hello, i’m a Korean mac user in 0.1% of users.
    i want to translate this post to kmug.co.kr(Korean Macintosh User Group),
    will you allow this?
    Thanks, Dong Sung.

  45. db says:

    ^^ Are you sure a Mac user group needs more kool-aid?
    Fantastic article, Gen. Thank you! πŸ™‚

  46. Gen Kanai says:

    Dong Sung Kim, you have my permission to localize and repost this article to KMUG, but please keep a link to the original article.

  47. korean says:

    It’s interesting, but not true in the following (at least) two sentences.
    >This nation is a place where Apple Macintosh >users cannot bank online, make any purchases >online, or interact with any of the nation’s e->government sites online. In fact, Linux users, >Mozilla Firefox users and Opera users are also >banned from any of these types of transactions >because all encrypted communications online in >this nation must be done with Active X controls.
    Mac users can use online bank throughout standalone application on Shinhan Bank, and can purchase products on apple.co.kr, and so on. In addition, Linux users can use online bank at NongHyup. Firefox users are also able to use HSBC with additional tweaking.
    I agree that it is quite hard to use non-MS OSs or non-IE browsers in S. Korea, but nevertheless it it possible.

  48. Gen Kanai says:

    Korean, thank you for the clarification.
    I’d love to know more about how Shinhan Bank, NongHyup, and HSBC allow their users to bank online without Windows/IE. Do they allow the full/equal functionality of a Window/IE user?

  49. Keechang Kim says:

    Many thanks, Gen!
    Regarding Shinhan Bank, etc., the situation is as follows:
    Shinhan bank offers to its customers a standalone application (EzPlus) which can handle certificate login and form-signing. Kiup Bank offers to employees of KIPA (Korea IT Industry Promotion Agency; http://www.software.or.kr/kipahome/kipaweb/global/japan.html) a browser plugin for linux so that the KIPA employees who have an account with Kiup Bank can do internet banking. (KIPA is a government agency for the promotion of open source software; they are forced to use linux desktops at work!)
    NongHyup (Agricultural Cooperative) offers browser plugin for linux users as well.
    Now, these facts prove that the government’s repeated claim that certificate handling at a level required under the Electronic Signature Act in non-MS OS’s and non-IE web-browsers is ‘technically difficult’ or ‘unreasonably expensive’, is plainly untrue.
    Moreover, Shinhan Bank, Kiup Bank and NongHyup are all RA’s of KFTC, the accredited CA which is sued by Open Web. We shall argue that KFTC unjustly discriminated among its customers (users to whom KFTC issued a certificate) by providing, through its RA’s, support for other OS’s and browsers only for some – less than 1% – of users and not for the rest of users.
    This is really getting embarassing: only some people in the government agency are provided with some special privilege in the form of a linux plugin! The rest of Koreans are forced to install ActiveX plugin and use MS IE. KFTC is also a government agency. One wonders whether there is something going on behind the scene…

  50. Keechang Kim says:

    Ah, regarding apple.co.kr , customers can do online shopping. But they cannot use certificate or form-signing. Now, apple.co.kr is under pressure from FSS (Financila Supervisory Service, another government agency; http://www.fss.or.kr) to drop this service and switch to ActiveX plugin and MS IE only online shopping solution!
    In an earlier reply by a ‘korean’, it is stated that ‘Mac users can … purchase products on apple.co.kr, and so on’. But “and so on” must be dropped. If they do not bank with Shinhan, they cannot do any internet banking, they cannot have access to government services, they cannot do any online shopping except at apple.co.kr, which is under pressure to discontinue the service. That’s it. There is no ‘and so on’. Less than 0.0001% of internet users in Korea can do internet banking and shopping with Mac or Linux. This is a fact, accurately reported by Gen’s posting.

  51. Keechang Kim says:

    HSBC Korea (http://www.kr.hsbc.com) does not allow any other means of logging in – apart from ActiveX plugin. Well, some geeks might be able to work around it, after a great deal of tweaking. I am not sure. But even if it is possible, then you are entirely on your own and at your own risk.
    Sorry, Gen, for successive reply posting!

  52. kenji mori says:

    Great post! Really changed the perception about Korea. I am afraid more or less the same could have happened to old Japan, say back in 1985. (no internet then though.)

  53. KN Version says:

    Microsoft also plans to release “KN” or Korea (North) versions, which have the Media Center features removed as per North Korean Worker’s Party Regulations. These North Korean KN versions will be introduced at the same time that Microsoft issues the first service pack for Vista, the company said. That service pack update usually arrives six months to a year after a product is released, however, due to shipping restrictions, they may arrive in Pyongyang later.

  54. Nico says:

    This isn’t Microsoft’s fault. It’s the S. Korean government’s. You can have your own crypto algorithms if you like, but if you want to avoid monoculture (and, really, you should want to avoid it), then you need to provide implementations of those algorithms, including patches for common FOSS, else you lose. And you need to work with OS vendors to see support for your ciphers included by default.

  55. rokusa says:

    I was hopping mad when I realized I couldn’t get my Mac mini to play Korean TV programs from repective TV station websites. I had to get a notebook with Windows for my wife.
    Now, I see how the whole thing got screwed up. And, the problem is even bigger than just not being able to whatch a Korean soaps.
    Thanks for the great article and the insight!

  56. vasco says:

    Nice to read a different perspective but since was monoculture a bad thing? Consumer choice? Bottomline, Koreans insist on using MS Windows because it does not give them a problem; ever meet a Korean complaining about viruses via ActiveX? Norton Antivirus just cleaned up business in the country because companies like AhnLab co. are deriving solutions to special viruses that come from “Microsoft slave” culture -which implies a new market, new jobs, and increase of quality. Koreans do place emphasis on aesthetics – perhaps even more vs. other cultures, but now, I’d rather have a nice looking website, going through MNCAST at 5MCPS with my anti-virus software running properly. I’m different towards windows or mac and so should you because at the end of the day, it’s your fault for using a machine (mac) that has less than 5% market share and complaining about its complications. And bottomline, if you want to see the future of Microsoft applications, then Korea is heaven.

  57. vasco says:

    Rokusa // The new intel-based mac machines will run windows without any problems. You can always simulate windows on your mac without getting frustrated at its speed. Kudos to Apple for their foresight.

  58. jironia says:

    I am a Korean living in Seoul, woarking as a designer using a Mac, and also I am a system manager for the company I am working for.
    The thing is this place has only 2 Macs and all Windows system configurations.
    The company’s finacial department has all these active-X junks filled up to the top og the computers and different government sector’s Active-X junks are nearly always fighting each other like a dog and a cat, casung windows malfucntion or even the blue screen of death.
    this kind of everyday problems make a system managers like me be holded up with solving these problrems that is compeletly stupid.
    Unlike vasco said, almost everyone in Korea does not know, Macintosh is actually a personal computer. They think Mac is a Workstation that is just for creative geeks.
    They do not know they have choices for different Operating Systems.
    Most of PC users(even young students) do not know how to maintain their computers and because of this they complain their computers has gotten slow and bombed and do not know those active-X based junks(yeah, they have all kind of adwares and this and that with only five or seven active-X based certificates they need in teir hard drives).
    There are serious problems caused by these active-X based hacking programs.
    There are a lot of people being hacked by this knid of programs and their personal datas including bank accounts, social security numbers and their credit record are taken by hackers.
    The funny thing is that one or two companis had developed universal solution based on Java as the Korean Government was selecting solution provider in Korea back that time.
    And these companies are getting ready to sue Korean government and it is said to be a bilion dolar case.
    Very funny, hur?

  59. Talented Chimp says:

    Another suit has been filed by an unknown certificate issuer in Korea for loss of earnings due to the advocating of ActiveX technology by the KFTC.
    “The accuser claims that it had developed SW for leading browser
    ubiquity (all platforms and cross-browsing) for the industry.
    However, the strong push of Active X by the administration through
    KFTC has led its marketing share of mere 2 to 3 percent, claiming
    substantial loss of possible profits.”
    http://www.zdnet.co.kr/etc/eyeon/internet/0,39036962,39155029,00.htm

  60. j.m.kim says:

    I am a Koraen.
    Thank You !
    Translate into korea go the length of URL.(www.parkoz.com)
    -_-a

  61. india_rocks says:

    Well, I’m not Korean but having spent a fair bit of time in Korea I can say that the technology landscape in Korea is far superior compared with any other part of Asia and in some instances even Americas/Europe. Lets not narrow the entire thing to monoculture and over-dependence on MS. From 90’s through to early 2000, markets swayed in favour of early adopters of technology (Broadband, Mobile etc). Korea jumped into the bandwagon of nations being early adopters of technology. If it meant, dependence on something like a single OS system, so be it. Lets not forget its not a very big nation and it worked for them if you calculate in terms of return on investments (RoI), and being early adopters, they’ve already reaped the benefits of the same, unlike many others in Asia/Europe/America. Because of e-commerce, high speed internet access, and 3G mobile communications, they have created a thriving market for local players to jump in to the fray, with examples of smart business successes like Daum and Naver (in general local market specific successes of Application Service Providers).
    Times have changed slightly, and emerging markets like India and China are showing the way in selective adoption of technology. Selective adoption certainly suits emerging markets in the current state of technology markets and the grand shift of econmic power from the monopolistic west to East or Asia in general.

  62. Hongseok says:

    Very impressive writing, Gen. Actually I’ve learned many things from your article.
    I totally agree with you on this matter. Korea & Microsoft need some long-term plans to get out of the problems.
    To avoid any misleading, I’d like to introduce myself. I’m Korean and a Microsoft employee in charge of security matters. ActiveX and other app compatibility issues are my main jobs these days. You even know KISA. I’m the designated contact in Microsoft for KISA.
    Microsoft provides the CNG (Cryptography Next Generation) on Windows Vista platforms. It means a government or an organization can distribute its own crypto algorithm to any users, who can use the new one to encrypt/decrypt communications. It can be used seamlessly for SSL, secure email, and so on. SEED might be implemented on CNG soon. The deployment would not be that easy though.
    Please note that I’m not the representitive of Microsoft.

  63. Keechang Kim says:

    Hongseok/ Many thanks for your informative reply. I wish to add one comment: It is often claimed that the root cause of the current problem was SEED, the cryptographic algorithm developed by KISA. The story goes that the Korean government “required” SEED to be used for its officially endorsed certificate. Since SEED was not widely supported, Koreans had to resort to its own solution, using ActiveX.
    However, the relevant statute and regulations provide, in fact, that “SEED or 3DES” shall be used. As you no doubt know, 3DES is widely supported by most crypto librararies. So I find it hard to understand why things have turned in such a bad way.
    I should be very glad if you could get in touch with me, Hongseok.

  64. Don Park says:

    Good post, Gen. Two comments:
    1) It only scratched the surface. The problem is not SEED but much deeper, all the way down to how Koreans see and solve problems. Just look at the way foreigners are locked out of most Korean websites.
    2) Outside activism has little impact due to language barrier.
    If North Korea is hidden behind the Iron Veil, South Korea is hidden behind…their back. They need to turn around but that’s easier said than done.

  65. Andrew Elgert says:

    Gen, Fascinating post.
    As an American born in Japan and spending several years there, I have always been interested in both the economic problems and successes of Japan and the four “East Asian Tigers”. I actually hold stock in a South Korean index fund because I have faith in its strong economy. I am sad to say I do not have such trust in Japan’s economy.
    South Korea is arguably the best Asian economy right now, and because the government made the necessary albeit painful economic reforms after the 1997 Asian Financial Crisis. The other Asian economies made some reforms, but not all of the necessary ones. Ironically, many of these reforms lie in banking and enterprise. These include namely the provision of zero-interest loans, the conglomerates that developed because of them, and the vacuum of debt that banks and firms accrued over time.
    This post points out (to me) some differences in culture between America and East Asia. In America we are suspicious and afraid of any very powerful group. In some cases, that fear goes too far, as in so-called “Anti-Trust” legislation. However, if Congress passed a law today saying that all banking websites must use ActiveX controls to work, there might be serious questions raised. Also true, however, is that the US Government declines to invest in technology growth or innovation because people do not see value in it.
    It appears to me that Koreans understand the importance of developing their economy and increasing productivity so that Korea can prosper. It also appears to me that unlike American culture, Asian culture is much more accepting of authority than we are in the US. As a sidebar, I would find it fascinating to research and find examples of the differences between Eastern and Western culture with respect to views of authority. In the end I still think Korea has the best Asian economy right now, and it is the one I would feel most comfortable (and do feel comfortable) investing there.

  66. Vasco says:

    On the flip-side, there are efforts by some to screw active-x. For instance, the new cyworld – designed by a MAC.

  67. tubbies says:

    Dear Gen- good stuff
    Here is one more thing- I’m here in korea and In here We have to use only Microsoft XP & IE 6 not IE 7 I tried to logon to one of the biggest Mibile phone site but I cannot logon ‘cuz I didnot use IE6(I using IE7 on my Windows)
    And here are too many worms and spy-ware using Active-X and these are installed without approval of system admin and freak my system!! that’s main reason why I hate these Active-X
    This country think all of user using Internet Explorer 6 based on Microsoft XP

  68. dr says:

    andrew elgert,
    if you’re really interested in finding out how deep the rabbit hole goes on the subject of Koreans and their attitude toward authority, here’s your red pill:
    http://en.wikipedia.org/wiki/Confucius

  69. Keechang Kim says:

    For recent development on the ‘Open Web front’ in Korea, please have a look at the following news report:
    http://times.hankooki.com/lpage/200702/kt2007020518003910220.htm
    The officials claim that the ‘official’ CA’s provision of certification service should be left to the force of market!!! Somehow, it sounds as if Korea became an ultra right-wing liberalist regime where government decided to abandon all its tasks and leave everything to the ‘market’. The officials feign ignorance of the difference between state-endorsed certification service and private certification service. I will see to it that they pay the price.

  70. question says:

    are u really korean??

  71. Keechang Kim says:

    Yes. If the question is for me to answer.
    Please have a look: http://times.hankooki.com/lpage/200702/kt2007021117420210440.htm

  72. naagari says:

    Excellent article, sir.
    Although living abroad for nearly 10 years, I still identify myself as Korean, and this article makes me feel very sad and angry at the same time – Why was the (Korean) government so short-sighted and slow to react? Why they kept over-repeating phrases such as “#1 in IT” when not achieving anything particularly significant for it? I mean, come on – they should have done something, at least a plan B! Not a beg for not buying Vista until the problems were solved! A few years ago, the nation were in shock as a malware named Blaster Worm hit a huge amount of XP computers. Wasn’t that a warning sign for us?
    What makes me feel even more depressed, is that an average Joe in Korea will never, EVER give a shit about this problem as long as his or her Cyworld Minihompies, Naver Q&A, DCInside Forums or any of their favorite sites appears correctly with those pretty over-flashy interfaces.
    Linux or MacOS is regarded as a boring, nerdy geeks’ paperboxes that can’t run the latest MMORPG – an immediate turnoff.
    Why, Korea, why?
    Why still attached to the dying ActiveX?
    Shouldn’t you be more “open” and embrace alternatives as proud members of a true leading nation in IT you so desire to become…
    Excuse me for the rant above. I really needed to vent.

  73. Zzang says:

    As someone working in a public agency under the Ministry of Information and Communication in Korea, I found your article fascinating, albeit a little one-sided.
    As pointed out by many other posters, monoculture is not necessarily a bad thing. Especially to a nation that needed to play catch-up in the IT industry. A single OS and standard coupled with rapid broadband adoption allowed the Korean Market to expand at an incredible rate, and in the end outpaced most of the world.
    While it may be debatable whether this is entirely because of our monoculture, there is no denying the outcomes.
    As to the comments raised on the issue of government control over the industry, all I can say is that it was true in the old days, but not anymore. The MIC is finding it more and more difficult to impose control over the actions of major telecomm carriers. While the level of control is still significant when compared with Europe/N.America, the trend is definitely going towards relaxing of regulations.
    In truth, as a Korean, I feel stifled by the lack of technological innovation and the generally poor Internet services that are offered whenever I go outside of my country on business trips.
    The bottome line is, I feel very comfortable in my Windows XP, IE6 working environment. It’s familiar, and I can get all the services I need. The price for all this convenience is of course more tighter management of my computer(i.e. frequent virus, adware scans, computer upgrades, etc…) But the truth is I enjoy tweaking my computer and having to upgrade every once in a while to keep up with the bloated and demanding activeX controls and new services based on them.

  74. gorn says:

    A foolish consistency is the hobgoblin of little minds. – Emerson
    Building an ENTIRE national crypto framework on one single (foreign) vendor with proprietary ‘standards’ is the mark of a weak, inexperienced little country with tin pot, bombastic dictators as political ‘leaders’. Now I understand the culture that led to the terrible student protests of the last 30 years – the riots against the corrupt, spastic government and the endless corruption and graft. The poor Korean people have lived with this kind of stupidity for decades.
    No wonder Microsoft came in and conquered Korea without a single shot being fired. I’m sure a few million Won, in the right, greedy hands of the so-called ‘government’ did the trick for Microsoft. Now Korea must rapidly lick the boots of their Masters, lest they be punished.
    #1 in IT, indeed!