국내외 전자상거래 증진을 통한 유통서비스 발전방안: 공인인증서정책을 중심으로 (Past, Present and Future of Public Key Certificate Policy in Korea's Electronic Commerce)
KDI Policy Study 2014-07, 1-87
104 Pages Posted: 13 Jun 2016
Date Written: December 31, 2014
Korean Abstract: 제조업과 서비스업의 경쟁력 향상을 위해서는 생산과 소비를 효율적으로 연결하는 유통서비스의 발전이 중요하나, 한국 유통서비스의 경쟁력은 선진국에 비해 낮은 상황이다. 빠르게 확대되고 있는 전자상거래가 한국의 유통서비스산업 발전에 중요한 역할을 할 수 있다. 인터넷을 통한 상거래의 효과를 분석한 기존 연구에 따르면 전자상거래의 발전은 유통서비스 효율화에 크게 기여할 수 있다. 전자상거래의 활성화는 기업의 생산 및 마케팅 비용 감소와 생산과정의 효율화 등을 통해 생산 측면에서 경제성장에 기여한다. 또한 소비 측면에서도 소비자의 탐색비용 감소와 다양한 제품 및 서비스의 공급을 통해 소비자의 후생을 증진시킨다.
본 연구는 한국의 유통서비스 현황 고찰을 통해 전자상거래가 빠르게 발전하고 있다는 관찰하에 전자상거래 발전에 중요한 전자결제에서 공인인증서를 의무화한 정책의 배경과 논란을 살펴보기로 한다. 그리고 이 정책의 도입과 폐지가 사회후생에 주는 효과를 이론모형을 통해 분석하고, 향후 전자상거래 발전을 위한 정책제언을 하기로 한다. (이하 생략)
English Abstract: Based on the observation that electronic commerce is growing fast in the distribution service of Korea today, this paper intends to look on the background and arguments with respect to the policy that mandates the use of public key certificate in electronic payment, to analyze social well-being effects of adoption and abolition of the policy through an theoretical model, and then to provide policy recommendations for the future growth in electronic commerce.
Public key certificate, also known as authorized certificate, was adopted in the Digital Signature Act enacted on July 1999. Then, in 2002, the Korean government launched the mandatory use of authorized certificate in electronic financial transactions with a purpose of enhancing stability and reliability of electronic commerce, but has encountered several criticisms which is directed at largely two targets: the technology currently used by "licensed certification authority" and the mandatory enforcement of a specific technology by mandating the use of authorized certificate in electronic financial transactions.
This policy however is not consistent with the ‘technological neutrality’ principle stipulated in the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (1996): the principle of technological neutrality mandates the adoption of provisions that are neutral with respect to technology used. In light of the rapid technological advances, neutral rules aim at accommodating any future development without further legislative work. This principal has been already accepted in Korea’s Framework Act on Electronic Documents and Transactions and Digital Signature Act. However, the Electronic Financial Transactions Act gave the Financial Services Commissions the authority to determine authorization methods of electronic financial transactions, and the Commissions had not, until recently, accepted the principle of technological neutrality.
This paper finds in its analysis of theoretical model that the preference of market participants is a significant factor to consider when government intervenes in market standardization: the use of authorized certificate in this paper. Standardization may have several merits but at the cost of diversity and innovation. This is what government should be attentive to. It is often the case that in the rapidly growing electronic commerce, the costs of standardization exceeds the benefits.
In order to further foster and develop electronic commerce technologies and industry, the government needs to focus on two policies. First, to strengthen consumer protection. Concerns regarding the current authorized certificate with Active-X-based security mechanism are mostly about its weakness against electronic attacks such as hacking and phishing. Indeed, the number of privacy complaint reports since 2003 has increased continuously at a fast rate of 30.54 percent on an annual average basis. The number of data breaches that expose authorized certificates has increased exponentially, too. However, technologies for ‘prevention of denial of service (DoS)’ attack have not worked fair for users. More specifically, when hacked or illegally obtained authorized certificate is signed digitally, it is difficult for the victim to prove that the signer of the signature is not himself. As a result, when financial incident occurs, fewer financial firms are held account for and more users remain responsible. So, the government needs to more actively embrace the concept of consumer protection and should make more efforts for it.
Second, to comply with the principles of private sector-led initiative and technological neutrality. The problem with the policy on authorized certificate lies in the mandatory enforcement of a specific technology, hence little contribution to technological and industrial innovation. This is why international and domestic laws written in the early stage of electronic commerce stated the compliance with the two principles. Today, there are already several and various types of authorization methods and signature technologies, and relevant industries are growing fast. For a fast growth in industries for information security and electronic payment, future regulations on electronic commerce and internet should be constructed to be in compliance with the principles of private sector-led initiative and technological neutrality.
Note: Downloadable document is in Korean.
Suggested Citation: Suggested Citation