International Commerce and Information Review (통상정보연구)

Korea Association for International Commerce and Information (한국통상정보학회)
권호 표지

The government role in digital era innovation: the case of electronic authentication policy in Korea

디지털 혁신시대의 정부역할: 한국의 전자 인증정책 사례

  • Received : 2017.11.20
  • Accepted : 2017.12.16
  • Published : 2017.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

In emerging technologies, innovation processes are dynamic in that the government needs to regularly review its policies to resonate with rapid technological advancements, changing public needs, and evolving global trends. In the 1990s, the Internet grew at an explosive rate, but many applications were constrained due to security concerns. Public Key Infrastructure (PKI) seemed to be the fundamental technology to address these concerns by providing security functions. As of 2017, PKI is still one of the best technologies for electronic authentication in an open network, but it is used only in limited areas: for user authentications in closed networks and for server authentications within network security infrastructure like SSL/TLS. The difference between expectation and reality of PKI usage is due to the evolution of the Internet along with the global adoption of new authentication policies under the Internet governance in the early 2000s. The new Internet governance based on the cooperation between multi-stakeholders is changing the way in which a government should act with regard to its technological policies. This paper analyzes different PKI policy approaches in the United States and Korea from the perspective of path-dependence theory. Their different policy results show evidence of the rise of the Internet governance, and may have important implications for policy-makers in the current global Internet society.

신기술의 혁신과정은 매우 역동적이어서 정부는 빠른 기술발전, 대중의 필요 및 변화하는 글로벌 트렌드에 맞춰 주기적인 정책 검토를 할 필요가 있다. 1990년대 인터넷은 폭발적인 성장을 하였지만 다양한 응용프로그램들의 활용이 보안 문제로 인해 제한되었고, 공개 키 기반구조 (PKI)는 이러한 문제들을 해결할 수 있는 근본적인 기술로 인식되었다. 2017년 현재에도 PKI는 개방형 네트워크에서의 전자인증에 있어 최고 기술의 하나이지만 그 사용처는 폐쇄 네트워크 내에서의 사용자 확인 및 SSL/TLS와 같은 네트워크 보안 인프라 내에서의 서버 인증과 같이 한정된 부문에 한한다. PKI에 대한 기대와 현실의 차이는 2000년대 초반 인터넷 거버넌스 하에서의 새로운 인증정책의 글로벌한 도입과 함께한 인터넷의 진화에 기인한다. 새로운 인터넷 거버넌스는 다수 이해관계자간의 협력에 기반하고, 이는 기술정책과 관련한 정부의 행동방식에 변화를 가져왔다. 이 연구는 미국과 한국의 PKI 정책을 경로의존성 이론 (Path Dependence Theory)의 관점에서 분석한다. 두 국가의 다른 정책 결과는 인터넷 거버넌스의 부상을 증명하고, 또한 현재의 글로벌 인터넷 사회의 정책결정자들에게 중요한 함의를 줄 수 있을 것이다.

Keywords

References

  1. American Bar Association, Digital Signature Guidelines, 1996
  2. Baek, Bongsam., Korean Internet Environment, 'PC=MS'.'Mobile=Google'. Retrieved September 10, 2015.
  3. Burr, William E., Dodson, Donna F., Newton, Elaine M., Perlner, Ray A., Polk, W. Timothy., Gupta, Sarbari, & Nabbus, Emad. A., Electronic Authentication Guideline. National Institute of Standards and Technology, 2011.
  4. Cerna, Lucie, The Nature of Policy Change and Implementation: A Review of Different Theoretical Approaches, Organization for Economic Co-operation and Development, 2013.
  5. Clinton, J. William., Administration of Export Controls on Encryption Products. Executive Order, 13026, 1996.
  6. Chromium Blog (2013) Saying Goodbye to Our Old Friend NPAPI, Retrived from https://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html
  7. Danielle, Kehl, Wilson, Andi, & Bankston, Kevin. (2015). Doomed To Repeat History? Retrieved from https://static.newamerica.org/attachments/3407-125/LessonsFromtheCryptoWarsofthe1990s.882d6156dc194187a5fa51b14d55234f.pdf
  8. Department of Commerce. (2000, January 10). Revised U.S. Encryption Export Control Regulations.
  9. Grassi, Paul A., Garcia, Michael. E., & Fenton, James. L., NIST 800-63-3: Digital Identity Guidelines. National Institute of Standards and Technology, 2017.
  10. International Telecoms Union Telecommunication Standardization Sector. (1997). International TeleX. 509 : Information technology-Open Systems Interconnection-The Directory: Public-key and at tribute certificate frameworks Retreved from: https://www.itu.int/rec/T-REC-X.509
  11. Johnson, Chalmers., MITI and the Japanese miracle: the growth of industrial policy, 1925-1975, Stanford University Press, 1982.
  12. Kim, Tong-hyung. (2009, September 23). Korea Paying Price for Microsoft Monoculture. Retrieved from the Korean Times,: http://www.koreatimes.co.kr/www/news/biz/2010/05/123_52401.html
  13. Lee, Junghyun, The usage and problem of the authorized certificate in smart environment, Internet & Security Focus, Korea Internet Security Agency, 2013.
  14. Lee, Soo Hee, & Yoo, Taeyoung, "Government Policy and Trajectories of Radical Innovation in Dirigiste States: A Comparative Analysis of National Innovation Systems in France and Korea", Technology Analysis and Strategic Management, Vol. 19, No. 4, 2007, pp. 451-470. https://doi.org/10.1080/09537320701403383
  15. Lopez, Javier, Oppliger, Rolf, & Pernul, Gunther, "Why have public key infrastructures failed so far?" Internet Research, Vol. 15, No. 5, 2005, pp.544-556. https://doi.org/10.1108/10662240510629475
  16. Lui-Kwan, M. Kalama, "Recent Developments in Digital Signature Legislation and Electronic Commerce", Berkeley Technology Law Journal, Vol. 14, Iss. 1, 1999.
  17. Mundy, Simon. (2014, June). South Korea suffers poor cyber security controls. Retrieved from https://www.ft.com/content/7ae2b288-e29a-11e3-a829-00144feabdc0
  18. Muller, Milton, Rulling the root: Internet governance and the taming of cyberspace, The MIT Press, Cambridge, Massachusets London, England, 2002.
  19. National Cyber Security Center; National Security Research Institute, ActiveX Control Development Security Guideline, 2008.
  20. Organization for Economic Co-operation and Development, National Innovation System, 1997.
  21. Organization for Economic Co-operation and Development, Electronic Commerce. Policy Brief, 2001.
  22. Oh, Se-Jung, Networking between Academia, Public Research Institutes and Industry-Korean Experiences [PowerPoint slides], 2012.
  23. Park, Hun Myoung, "The Web Accessibility Crisis of the Korea's Electronic Government: Fatal Consequences of the Digital Signature Law and Public Key Certificate", 45th Hawaii International Conference on System Sciences, 2012.
  24. Park, Jihyun, Major issues and status on deregulation of the Authorized Certificate mandate in online transactions. Korea Financial Telecommunications & Clearings Institute. Korea Financial Telecommunications & Clearings Institute, 2010.
  25. Park, Mun Su, "An Exploratory Study for Convergence-type Technology Transfer", International Commerce and Information Review, Vol. 17 No. 1, 2015, pp.165-191. https://doi.org/10.15798/kaici.17.1.201503.165
  26. Park, Mun Su, & Lee, Ho-hyung, "A Study of Technical Support Policy for Innovative SMEs", International Commerce and Information Review, 14(1), 2012, pp.197-218.
  27. Saenuri Party, Public commitment of Saenuri party for 18th presidential election, 2012.
  28. Simmie, James, "Path Dependence and New Technological Path Creation in the Danish Wind Power Industry", European Planning Studies, Vol. 20, No. 5, 2012.
  29. Son, Yeol, "Technolgy, Institutions, Path Dependence: A compartive Study of Venture Nurturing Policies in Korea and Japan", Korean Political Science Review, Vol. 40, No. 3, 2006, pp.237-261.
  30. Statcounter.com. (2015). StatCounter Global Stats - Browser Market Share. Retrieved from Statcounter.: http://gs.statcounter.com/browser-market-share#monthly-201501-201501-map
  31. Statistics Korea. (2016). The government Research and Development Budget, Retrieved from http://www.index.go.kr/potal/main/EachDtlPageDetail.do?idx_cd=1330
  32. United Nations Commission on International Trade Law, Model Law on Electronic Commerce with Guide to Enactment, 1996.
  33. United States General Accounting Office, Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, 2001.
  34. Verizon, 2016 Data Breach Investigations Report. Verizon
  35. Yoon, Min-sik. (2013, July). Korea grapples with massive personal data theft, regulatory mess. Ret rieved from The Korea Harald: http://www.koreaherald.com/view.php?ud=20130719000708
  36. Winn, Jane K., US and EU Regulatory Competition and Authentication Standards in Electronic Commerce, 2006.