Time to Revamp Korea's National ID System?

I recommend another very interesting article generated by the cyber-attack and leakage of personal information from Nate and Cyworld accounts.  This one, accompanied by a nice graphic (click to see a larger version) was published in The Korea Times.
The article notes that the compromised information included names, passwords, phone numbers, e-mail addresses, and most alarmingly, resident registration numbers, the country’s equivalent to social security numbers.
Government officials insist that the country’s computer security defense is still salvageable as they scramble to apply the patchwork. But critics, unconvinced, claim it’s officially time to blow up the national ID system and start over.
``The resident registration number of virtually every Korean is out there ― the information is so easily available that police announced a while ago that hackers are barely getting 1 won for each code. And we have heard rumors that criminals are passing these numbers around in (Microsoft) Excel files,’’ said Jang Yeo-gyeong, a computer security expert at activist group Jinbo Net.
From a security standpoint, resident registration numbers are flawed from the start. The 13-digit code reveals the birth date, sex and registration site of a person, unlike comparable systems in the United States and Japan based on random numbering.
People here submit their national ID numbers to Korean Web sites due to local laws requiring them to make verifiable real-name registrations for virtually every type of Internet activity, not only for encrypted communications like e-commerce, online banking and e-government services but also casual tasks like e-mail and blogging.

Apple, Google in Violation of Korean Law

As reported in the Joongang Daily, South Korea’s telecommunications regulator announced yesterday that Apple and Google’s location tracking capabilities violate Korean laws, fining Apple Korea and ordering that both companies rectify the issues.The Korea Communications Commission (KCC) has been investigating since April, after two computer engineers argued that the latest version of Apple’s mobile operating system, iOS 4.0, keeps track of users’ locations as far back as June 2010, which was when the operating system was launched. That caused controversy worldwide.
While the Korean government was hardly alone in launching an investigation into location tracking issues, it is the first in the world to actually declare that Apple and Google violated laws and order punitive measures.
According to Location Information Law Article 15, when businesses seek to collect, utilize and offer people’s location data, they should get their consent. Furthermore, Location Information Law Article 16 dictates that businesses take protective technological measures to prevent the data from being exposed, falsified or damaged.
“We haven’t been tracking anyone,” Apple CEO Steve Jobs said earlier this year. “The files they found on these phones were basically files we have built through anonymous, crowd-sourced information that we collect from the tens of millions of iPhones out there.”
Google also explained that “all location sharing on Android is an opt-in by the user.” When a user activates an Android phone, a screen appears saying Google will collect anonymous location data.

More on Cyber Leaks and Cyber Warfare in Korea

Press coverage of the recent cyber attacks on Nate and Cyworld and the resulting leakage of personal information is just beginning. Readers who found my previous post interesting may wish to read today's article in the Joongang Daily. It notes that controversy is heating up over Korean Web portal operators’ collection and storage of private data after the country’s worst cyber hacking case put over two-thirds of its population at risk of identity theft.
It also put a question mark on the effectiveness of the country’s controversial Internet regulations, such as the real-name verification law, which critics argue provide incentives for online companies to hoard personal information.

“While they didn’t have the ability to protect private data, they have been excessively collecting it,” said Lim Jong-in, dean of the Graduate School of Information Security at Korea University, referring to the country’s major Web portals.

Korean Internet users rely heavily on do-it-all, one-stop Web portals. They visit industry leader Naver at least three times for every four Internet uses, according to market research firm Metrix Corp., and the three most-visited Web portals account for more than 90 percent of the country’s Web search traffic.
These Web portals ask for names, resident registration numbers, birth dates, addresses and phone numbers to join their services, which are accumulated, some of them encrypted, in their servers for at least five years and become attractive “booty” for hackers.
“Instead of mere lists of online accounts, [hackers] could steal the full package of real world identities,” said Nakho Kim, a media researcher at the University of Wisconsin-Madison. “Due to government policies and industry laziness, many Korean online services tend to collect a lot of personal identity information.”
Readers following the broader global context of the recent cyber attacks on Nate and Cyworld will want to read The New York Times article entitled "Security Firm Sees Global Cyberspying."