By Kim Tong-hyung
Staff Reporter

It appears that Korea doesn't have a computer security defense, and ironically, the government's heavy-handed Internet regulations are increasingly getting the blame.

The country has been hit by a slew of privacy infringement cases, the latest involving the stealing of personal data of more than 20 million people subscribed to the online services of major retailer Shinsegae and I Love School (www.iloveschool.co.kr), a social media site.

This was the country's largest ever identity theft case, nearly a double of the 11 million GS Caltex customers who had their personal information stolen by employees at one of the refinery's subsidiaries in 2008.

Auction (www.auction.co.kr), eBay's Korean unit and the country's largest online retailer, also failed to protect the data of its 10.8 million customers from Chinese hackers in the same year.

Despite the severity of the problem, the reaction to the latest online data leak is less shocking and more a sense of helplessness that it was inevitable.

Although government officials are once again scrambling to improve the country's embarrassing level of cyber security, critics ask why private companies are allowed to collect resident registration numbers, Korea's equivalent of social security codes and other critical personal data.

For computer users here, private information can no longer be assumed as private when it's registered on an Internet site.

It doesn't take any carefully crafted search words to yield resident registration numbers, which indicate data concerning birth, sex and registration site in 13 digits, using Google searches.

Despite growing concerns over the excessive amount of personal information collected by online service providers, the government has been moving to squeeze more data out of computer users as it looks to impose more rules on the Internet.

Since last year, the government has been requiring Internet users to make verifiable real-name registrations to post comments on Web sites with more than 100,000 daily users, which it claimed as inevitable to curb cyber bullying and libelous online claims.

The number of Web sites required to take real-name registrations is 167 for the year, according to the Korea Communications Commission (KCC), covering most of the recognizable online destinations.

Web sites, however, were collecting resident registration numbers even before the government measures to limit online anonymity.

The country's law on encrypted online transactions mandates Internet companies to keep the resident registration numbers of users, a requirement that involved most major Web portals such as Naver (www.daum.net), Daum (www.daum.net) and Nate (www.nate.com), which all provide paid content and online shopping services.

``Every time there is a massive data leakage case, the Ministry of Public Administration and Security pledges to strengthen their monitoring and punishment, and press for the further use of I-Pin codes as alternatives to resident registration numbers. However, this is a case of obsessing about the symptoms, not the disease,'' said Yoon Se-jin, an official from the civic group, Jinbo Network.

``It was a mistake to allow private companies to collect the resident registration codes, as the amount of personal information accumulated has become too large for anybody attempting to protect it, and this continues to make Internet users vulnerable to privacy theft and fraud.

``The government should rewrite the laws to scratch the requirement regarding the gathering of resident registration codes and I-Pin, which is basically no different. The resident registration code is no longer a meaningful verification method when the codes of more tens of thousands of people have already been leaked and traded by cyber criminals.''

In an effort to boost cyber security, the Korean government has been promoting the use of I-Pin, developed as an identity code for online users.

However, according to a Korea Internet Security Agency (KISA) survey, about only 23 percent of Korean Web sites allow users to submit I-Pin codes instead of their resident registration codes for online verification.

thkim@koreatimes.co.kr