By Kim Tong-hyung
Staff Reporter

The South Korean government insists that Microsoft's Internet Explorer (IE) Web browser should be the only option for doing encrypted communications online and the Supreme Court has no problem with it.

The court Friday effectively ended a six-year legal struggle by Korea University professor Kim Ki-chang, who had pursued his third lawsuit against the Korea Financial Telecommunications and Clearing Institute (KFTC) for allowing overwhelming IE use on online transactions such as banking and e-commerce.

Kim, who has the backing of many civic activists and Web industry officials, had been claiming that users of non-Microsoft browsers and computer operating systems should be able to access public-key certificates that are required for any encrypted online communication here.

However, the Supreme Court defended the previous rulings by lower courts, saying that the KFTC and financial service companies should have full freedom in picking the Web environment they think is best to provide their subscriber services.

So basically, Linux, Firefox, Chrome and Opera users will continue to be prevented from banking or purchasing products online, and Mac users will have to buy Windows CDs to keep their devices from being reduced to fashion items.

``The share of Web browsers is changeable and it takes significant cost to build, operate and upgrade subscriber equipment that is interoperable over many computer operating systems and Web browsers,'' the court stated in its ruling.

``Selecting the Web browser environment for optimizing subscriber equipment should be left to be made as business decisions by the KFTC, financial service providers and other agencies handling registrations.''

Kim could not be reached for comment.

It is estimated that around 99 percent of Korean computers run on Microsoft's Windows operating system, and a similar rate of Internet users rely on the company's IE. The main reason behind the dominance is that virtually all encrypted online communications here are made to rely on Microsoft's Active-X controls. The tool, introduced in 1996, is designed to work only on IE.

Critics, such as Kim, claim that Korea could end up paying a heavy price for allowing a Microsoft monoculture.

The country's dependence on Active-X is unique, as security concerns have limited the deployment of the tool elsewhere. Instead of a security-based model, Active-X relies on signatures to allow users to judge whether to download an Active-X control. This is a risky arrangement, since Active-X controls require full access to the Windows operating system, meaning it is often abused by cyber criminals to compromise the user's control of the computer.

Its usage became a hot topic again in July when a massive Internet attack left more than 80,000 Korean computers crippled. It was pointed out that Active-X provided an easy route for cyber criminals spreading the malware for the distributed denial of service (DDoS) attacks.

Even Microsoft seems ready to bail on Active-X, looking to phase out the program over security concerns and compatibility issues.

This leads to awkwardness whenever Microsoft introduces a new product here. The release of Windows Vista caused massive disruption when Active-X used by banks and online shopping sites didn't function properly.

Kim's failed legal effort is another setback in the movement to broaden the consumer choice on computer operating systems and Web browsers.

However, critics say that financial service companies such as banks and credit card providers, not the government, hold the key to the changes.

Although the law requires public-key certificates for online transactions, an ``exception'' clause allows other verification methods to be used when they aren't available, such as in mobile-phone purchase.

This means that the companies are allowed the flexibility to develop online transaction methods that aren't reliant on Active-X. But it's questionable whether they will be willing to take greater responsibility over the security of the transactions, rather than forcing users to burden the risk by having them download Active-X controls to their computers.

thkim@koreatimes.co.kr