□ For e-commerce to serve as a platform for innovation, all forthcoming regulations on e-commerce must adhere to the principles of technological neutrality and private sector-driven leadership and should include additional policy goals of enhancing consumer benefit and protection. It is important to consistently develop and implement policies that reflect the different roles of government and the private sector, and resolve the fragmentation within government ministries.
- Dispute over digital certification has been ongoing for the past ten years with respect to its mandatory use as a means to verify personal identity in online banking and electronic commerce.
- Digital certification was adopted “to ensure the safety and reliability of electronic messages and to promote their use” in response to the expansion of electronic transactions.
- The principle of technological neutrality was adopted in the revised Digital Signature Act which went into effect in April 2002.
- Although the government implemented the mandatory use of digital certification in 2002, it was only legislated in 2007.
- It was after the 1st Ministerial Meeting on Regulatory Reform and Public-Private Joint Regulatory Reform Conference held by the President on March 20th, 2014 that the government became active in the establishment of improvement measures.
- The latest revision of the Electronic Financial Transactions Act does not recognize the FSC’s authority over the choice of authentication method e.g. digital certification.
- Digital certification may be a safe authentication method for financial institutions and electronic financial service providers, but it does not guarantee consumers’ security as it is exposed to the risks of loss or hacking.
- Between January and September 2014, a total of 19,388 digital certificates were reportedly leaked, and consumer damages caused by phishing and pharming sites are growing rapidly.
- The regulation on digital certification serves to reduce investment in the information security of e-commerce providers. Indeed, according to relevant data, Korean companies have invested little in IT security and the number of encryption patents is very small.
- The government should develop and implement comprehensive, organic measures by resoling fragmentation issues within different ministries.
- The mandated use of digital certification in electronic financial transactions has resulted in the standardization of authentication methods. And, although this may have its merits, in an industry like e-commerce which undergoes rapid technological progress, a hasty approach of standardization could cripple investment in and innovation of new technologies.
Forthcoming regulations on e-commerce should fully respect the principles of technological neutrality and private sector-driven leadership in accordance to the US-Korea Joint Statement on Electronic Commerce.
Korea suffers from a significantly higher number of personal information leaks per 100,000 persons than the US.
All forthcoming regulations on e-commerce should have additional policy goals on consumer benefit and protection.