Can Moon Jae-in Really Save S Koreans from ActiveX Hell?
In March, then-president hopeful Moon Jae-in pledged to rid all government-run websites of ActiveX and abolish the much-hated public certification system. Many South Koreans, fed up with the anachronistic security protocols, reacted with excitement and joy.
Now, Moon Jae-in is South Korea’s new president. He has promised to carry out his pledge; but will the measures he proposes really simplify South Koreans’ lives online for the better?
ActiveX is a decades-old security plug-in that only runs on Internet Explorer (IE). Even its inventor Microsoft is trying to obliterate the outdated protocol from its system. Even Microsoft’s latest browser, Edge, doesn’t have the ActiveX compatibility.
Welcome to South Korea, where users are still stuck with IE (some call the country “the land of eternal IE”), because ActiveX is still used by numerous websites, including those of the government.
That means, when doing chores as mundane as making appointments at government offices or obtaining official documents online, South Koreans need to open up that IE.
According to the Digital Times, the Ministry of the Interior will gradually abolish ActiveX on most government-run websites by 2018. Simultaneously, the Ministry of Science, ICT and Future Planning (MSIP) will help popular non-governmental websites from different industries get rid of ActiveX. This will include websites used for shopping and banking.
It all sounds promising, but here’s a caveat: These pledges aren’t new. The previous Park Geun-hye administration had also made similar promises.
“Strictly speaking, freeing government-run websites of ActiveX has been in progress since 2015. We are trying to abolish it completely by 2018,” Kim Yeop, a manager of information resource and policy at the interior ministry, told Korea Exposé.
In 2014, Park Geun-hye ordered that ActiveX be abolished, citing inconveniences for foreigners who apparently wanted to purchase the “Chun Song-Yi coat,” worn by the female protagonist in a popular K-drama “My Love From the Stars.” Since then, different ministries have been working to improve user experience on both public and private websites.
Stats show the changes; more than 9,000 governmental websites were ActiveX-free as of the end of 2016, leaving only 2071 websites using the outdated security system. (The ministry plans to rid ActiveX on those sites, too, by the end of next year.) Similarly, the number of non-governmental websites running ActiveX dropped from 1,644 in 2014 to 358 in 2016, according to the database at Korea Internet & Security Agency (KISA).
But the Park administration’s efforts weren’t quite enough.
The ActiveX requirement was often replaced with downloading “.exe” security files, which can run only on Windows, precluding Mac, Linux and mobile device users from accessing the sites. Moon’s pledge, the “no plug-in policy” (ActiveX is a plug-in), doesn’t solve this issue. The policy only creates room for “.exe” files to replace ActiveX.
Kim from the interior ministry said for compatibility reasons, replacing ActiveX with the “.exe” format is unavoidable. But he also added that the ministry plans to develop the necessary technology to abolish ActiveX and the “.exe” format altogether by 2018.
Sorry, There’s More
If this was a party-pooper for many of you living in South Korea, that’s not all.
Another factor that contributes to the pleasant experience that is South Korea’s online banking and e-commerce is the public key certification (PKC) system, which is used as an identification tool in most online transactions.
Legally, this system hasn’t been mandatory since 2015. Back then, Park had already removed the obligation for banks and customers to use public key certificates for banking. But most financial institutions kept the system, because keeping it is pretty good for business: The current law allows them to deny claims of loss when problems arise in their security infrastructure, as long as they keep using the public key certification system.
It’s unlikely Moon will make a significant dent on the current e-ecosystem. He did say he will reform the law, so that financial institutions can be held more accountable, with or without the PKC. But even if he does, what are the viable alternatives to the PKC?
Kim from the interior ministry said, “The PKC has two main functions: identity verification and electronic signature. While the former function can be carried out through different measures [other than using PKC], there is no alternative technology to carry out the latter function.”
So don’t be too excited yet by Moon’s grand pledges to abolish ActiveX and PKC. A lot of what he has been pledging aren’t actually revolutionary; more accurately, they’re an insufficient part of a grueling work in progress.
Happy Monday to all our readers still living in the land of the eternal Internet Explorer.
Cover Image: Online banking is not a happy experience in South Korea. (Source: Flickr)
For more on why people in South Korea are so excited at the thought of living without ActiveX & Co., read: