From the comment section, Mike Linksvayer quotes:

http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s

  Why was SEED developed in the first place?

  South Korean legislation did not allow 40 bit encryption for
  online transactions (and Bill Clinton did not allow for the
  export of 128 bit encryption until December 1999) and the 
  demand for 128 bit encryption was so great that the South 
  Korean government funded (via the Korean Information 
  Security Agency) a block cipher called SEED.

It isn't just IE that is a problem. The encryption scheme developed by the government is largely broken (due in no small part to IE and ActiveX vulnerabilities). South Korean banks and other organisations are losing money due to fraud and blackhat activity but there is next to nothing they can do about it. It's really a huge mess. That and the government's encryption app is closed source and not peer reviewed.

As always, the cause is that you are never smart enough to roll your own encryption standard. Any time someone asks you to roll your own encryption pinch yourself and smash your head on the desk, if you still want to code it smash your head again.

"As South Korea falls further and further behind in this regard, trapped in its fossilized world of ActiveX, it may well come to be seen as warning to other governments to adopt true open standards, if they want to avoid a similar fate."

A warning to governments who put forms in ms office formats on their web sites.

Governments ought to keep their noses out of the internet for the benefit of all.

They have all the precedents and all the advice that they could ever want, all pointing to the disastrous effects of centralisation and monopolies and yet they keep pushing for them. I, for one, find it hard to sustain the belief that these kinds of decisions are 'innocent mistakes'.

Unfortunately the more likely explanation is that they care a lot more about their own power enhancement than about the general benefits of their subjects. I don't even mean any particular government. This is endemic for them all.

Additionally, in the particular case of encryption, they are terrified that someone might criticise them behind their backs and thus they keep trying to control encryption.

    A bylaw was created that said government Web sites must 
    accommodate at least three different Web browsers

To a much lesser effect, I find it true in Israel as well. I recently bought an iPad for my mom as she uses the computer just for browsing, emailing and skype. Turns out that even now, two websites she frequents (a workers' committee website and some state sponsored mutual fund website) are IE only and in a way that they truly don't work otherwise.

We have the same problem in Norway actually, just not nearly as bad. The banking industry has standardized on a technology called BankID for authentication, almost all banks use it.

The problem is that the tech sucks. It's based on two components:

* A keychain code generator (if you lose/forget it then you're screwed)

* A Java applet where you enter the code from the keychain code generator

So, if you either don't have your code generator device with you or are on something without Java (like a smartphone or tablet), then you're screwed.

Thankfully the use of BankID isn't required by law so a few banks offer other way more practical ways of authentication. My bank sends a random code to my cell phone through SMS that I have to enter in a normal web form. Much simpler and works everywhere.

This is a great example of why governments should not pick the winners when it comes to technology (or any other competitive endeavour).

The article starts by saying

The problems of monopolies arising through network effects, and the negative effects of the lock-in that results, are familiar enough.

But then it goes on to talk about the problems of a monopoly that was created not by network effects, but because of governmental dictate.

The lesson here ought to be that government ought not to be so heavy-handed, because it can't change its own regulations quickly enough to address the naturally-changing business and technological environment.

This was also the case in China when I was leaving there a year ago (and I guess it still is). A lot of website were working on IE only, and even if it worked on other platform to do a payment or access your bank account you needed an activex.

This is the (not-so) fun downside of government getting too engrossed in business transactions.

Most "good" laws in this area would specify the desired outcome (secure online transactions), and let people devise their own methods.

An analogy: this is like the Korean government mandating banks use a specific model of vault door (Securico 2000), where the rest of the world merely state "banks must ensure vaults are secured to a reasonable standard". If a fault exists in the Securico 2000, most banks will (eventually) update, lest they be sued for negligence in event of someone breaking into the bank and stealing valuable property. Korean banks would be perfectly safe from legal recourse, since they are following state law.

Of course, this is not unique to government-mandated technology. Monopoly groups can cause the same distortion e.g. Verified by Visa.

I had to install 4 different programs, which are constantly running in the background, just to be able to use online banking for my Korean account.

From a users perspective this is really bad, since you have no idea if the installed programs are valid and what they actually do.

In addition to that I once tried using my bank's online banking app for the iPhone. It took me quite a while to figure out why it wasn't working, because you cannot actually use it without going to the bank and receiving a valid encryption key for your access.

Then there's online purchases in South Korea, which are of course most of the time limited to IE only again as well. It also often requires having a South Korean cellphone number, since activation codes are sent via text message instead of email.

Setting up an account for a website service also means providing a Korean ID number, due to their online access policies. Overall it took me the course of a day simply trying to order something from outside Korea and then failing at the last step due to the site not accepting foreign credit cards.

Overall the online experience for South Korean sites is extremely bad. If you're not using a Windows PC there, then you're out of luck without using VMs or a separate Windows partition on it.

As a long time Mac user I never encountered ActiveX. Or at least I don't remember anymore. Is this still in use at major websites apart from korea? And what is ActiveX exactly: Something to execute code like Java or JavaScript?

Given that, Ahn Chul-soo, one of the two candidates with most public support in the upcoming Presidential election is founder of an anti-virus software company, I think days of 'Paying the Price' will end soon and abruptly.

I don't think it matters if he wins or loses. He can catapult this issue up high enough to trigger another governmental [over-re]action to undo the damage done.

"...businesses, too, are hamstrung when it comes to innovation."

Maybe. At least for the particular case of an online purchase from a South Korean vendor. But when you look at a company like Samsung Electronics, which is "the world's-largest IT producer" according to Wikipedia, and makes very popular Android devices, I'm not too concerned about innovation in South Korea.

In addition south korea is one of the most pwned countries on the internet. (based on latest antivirus vendors reports. )

Here is a link to recent and current usage share of browser in South Korea. I'm really surprised! http://gs.statcounter.com/#browser-KR-monthly-200807-201205

Wow I thought that South Korea was the land of the future with fiber optic home internet etc. So it comes as a surprise that everyone there is using Windows and IE! What next? There was a government mandate that has cause everyone to use Compaq?