South Korea: Super fast, and finally free
by Glyn Moody
Imagine a country that has one of the best Internet infrastructures in the world, and yet its government effectively forbids the use of GNU/Linux through a requirement that everyone employ a decade-old Windows-only technology for many key online transactions. That country is South Korea, where 1 Gbits/second Internet connections are planned for 2012; and that Windows-only technology is ActiveX.
I remember well when Microsoft announced its ActiveX technology back in 1996. Here's how it trumpeted the arrival of this new techno-wonder:
Microsoft Corp. today announced ActiveX Technologies, which make it easy for the broadest range of software developers and Web designers to build dynamic content for the Internet and the PC. Through ActiveX Technologies, today's static Web pages come alive with a new generation of active content, including animation, 3-D virtual reality, video and other multimedia content. ActiveX Technologies embrace Internet standards and will be delivered on multiple platforms, giving users a rich, open framework for innovation while taking full advantage of their investments in applications, tools and source code.
“Internet standards”? Hardly. “Delivered on multiple platforms”? Well, multiple Windows platforms, maybe. It wasn't this over-enthusiastic marketing that was the problem, so much as the over-enthusiastic programming that lay behind it. For ActiveX did, indeed, provide coders with “a rich, open framework for innovation”, but that included innovative malware, which was given a huge boost by ActiveX. After all, two of the much-lauded benefits of ActiveX were that it could do anything, and that it could be downloaded from Web sites on the fly to provide “extra features”: both perfect for delivering unpleasant payloads.
And so, the introduction of ActiveX ushered in a “golden age” of malware – until Microsoft realised what it had done, slammed on the brakes and tried to limit the damage in various ways. But whereas most companies and governments soon saw the danger and limited their use of ActiveX, South Korea made the big mistake of locking itself in:
The history goes back to 1998, when the 128 bit SSL protocol was still not finalised (it was finalised by the IETF as RFC 2246 in Jan. ‘99.) South Korean legislation did not allow 40 bit encryption for online transactions (Bill Clinton did not allow for the export of 128 bit encryption from the US until December 1999) and the demand for 128 bit encryption was so great that the South Korean government funded (via the Korean Information Security Agency) a block cipher called SEED. SEED is, of course, used nowhere else except South Korea, because every other nation waited for the 128 bit SSL protocol to be finalised (and exported from the US) and standardised on that.
In the early years of SEED, users downloaded the SEED plug-in to their IE or Netscape browsers, either an Active X control or a NSplugin, which was then tied to a certificate issued by a Korean government certificate authority. (Can you see where this is going?) When Netscape lost the browser war, the NSplugin fell out of use and for years, S. Korean users have only had an Active X control with the SEED cipher to do their online banking or commerce or government.
Ironically, ActiveX's total dominance of South Korea's government and financial computing infrastructure meant that it was not easy to introduce safer technologies – even those from Microsoft:
This leads to awkwardness whenever Microsoft introduces a new product here. The release of Windows Vista caused massive disruption when Active-X used by banks and online shopping sites didn't function properly.
And the Korean Internet users sweated over Microsoft's initial plans to reduce its support for Active-X in IE8, the latest version of the company's Web browser. Although IE8 did end up backing Active-X, strengthened security features have made its use more complicated.
Needless to say, this situation has also helped to limit the popularity of not just GNU/Linux, but Firefox and Chrome, too.
Finally, though, it looks like the South Korean government has come to its senses:
South Korea on Thursday eased rules governing online financial transactions, ending a virtual monopoly for Microsoft's web browser Internet Explorer.
The Financial Services Commission said the new regulations took effect on July 1, allowing the use of different software for online banking and shopping.
The reason for the change is interesting:
Microsoft's framework, developed in 1996, has faced a challenge amid high demand for smartphones which require more open-source software.
South Korean regulators realised the rules were preventing businesses from offering services to smartphones.
The Korea Communications Commission in May declared the online security rules "unfit for a new Internet environment involving smartphones".
The “smartphones which require more open-source software” might refer to Android phones, which seem to be selling very well in South Korea; however, another report suggested the iPhone played a big role in the decision:
The popularity of the iPhone (the press claims 500,000 units sold in the few months since it was released) resurfaced the issue that only Windows and IE can be used to make secure transactions with Korean Internet services. iPhone/BlackBerry/Android users in Korea (not to mention Firefox/Opera/Safari/Chrome users) cannot bank online or purchase items online or do any secure transaction with the smartphone browser because Korean services only support the PKI mechanism that only works with Active-X in IE and Windows.
Either way, it's great news for the long-suffering South Koreans, who finally get to choose which technology they use in their daily lives – after more than a decade of enforced Internet Explorer and Windows use. It's also great news for open source, which gets a chance to compete on a level playing field – something that Microsoft keeps calling for whenever the EU proposes favouring open source, and yet somehow never mentions when that field is already steeply tilted in its own favour, as has been the case in South Korea.
That new opportunity is important, because of South Korea's advanced Internet infrastructure. It means that the open source community there can now work on creating advanced applications that explore the possibilities of that kind of bandwidth, and that can be used by South Korean businesses and citizens in their everyday lives – something that hitherto has been impossible. It would be nice to think this may lead to a sudden outpouring of free software creativity, but the reality is probably that it will take a good many years to recover from what was probably the worst Microsoft monoculture on the planet.