PSPD in English Archive 2003-07-15   759

THE INTERNET FAILURE AND COLLAPSE OF THE INFORMATION SOCIETY

THE INTERNET FAILURE AND COLLAPSE OF THE INFORMATION SOCIETY

Han Jae-kak

Chief Coordinator, Campaign for Citizen’s Rights, PSPD

1. The Internet Failure in Korea on January 25, 2003

The Internet connection was suddenly severed in Korea at 14:10 on January 25, 2003. The incident put Korea to shame for having boasted itself as “the State of Advanced Internet.” An Internet catastrophe, as the media called it, occurred. According to the Ministry of Information and Communication, the failure was caused by computer viruses named “SQL Slammer Warm,” which penetrated the vulnerable MS SQL servers. Since the breakdown, the domestic Internet connection was shut down for at least 9 hours; some users could not access the network for as long as 72 hours. The breakdown caused damages reaching billions of won to electronic commerce websites, banking and air services, ticket reservation, online game providers, and PC rooms.

Besides, social shock and damages to Internet users were tremendous although they cannot be estimated on a strict economic scale. What made the situation even more taxing is the fact that Korea is one of the most advanced countries in terms of Internet technology and infrastructure. As of 2002, one in five Korean uses broadband services for Internet connection, which marks the highest rate in the world. Even in regard to the proportion of Internet users among the total population, Korea is ranked third highest in the world: the number of Internet users in Korea is 26,270,000, which is nearly 56 percent of the total population. All of this indicates that government agencies, schools, companies, and various organizations are becoming more dependent on the Internet for providing and accessing information and for business transactions. However, the Internet failure, which abruptly and completely halted the Internet access, caused great inconveniences and grave anxiety as to the prospect of living in the so-called “Internet Society.”

The accident has inspired Korean society to reflect on and self-examine the soundness of its information system at the national level. This is very timely considering the fact that Korea was the biggest victim of the global attack of the SQL Slammer Warm virus. Korean society is now reflecting bitterly on whether it has neglected the issue of network security, which is crucial for the stable operation and services of “Internet Society,” in its preoccupation with research and development for Internet technology and infrastructure. Furthermore, Koreans are turning their attention to other pressing issues related to the Internet, such as freedom of speech, privacy, and information gap, all of which are viewed from the perspective that Internet society is not really different from non-networked society.

This article focuses, among many possible aspects on the Internet failure, on the fact that we have almost no means of compensating for the damage suffered by Internet users or consumers.. However, the core of the paper’s argument calls on the government and Internet service providers to be more responsible in establishing more stable Internet operation and services.

2. Criticism on the Announcement of the Ministry of Information and Communication

1) Dodging Responsibility for the Internet Catastrophe

The Ministry of Information and Communication (MIC hereafter) announced the results of its investigation of the breakdown on February 18. According to MIC, the breakdown occurred due to the surge of network caused by the attack of Slammer Warm virus. It ascribes the comparatively severe damage to the weak security awareness of Internet users as represented by a low ratio of installing software patches and updating vaccine engines. MIC is also spreading the equation of “the damaged = the attacking agents,” saying that the servers without proper patch updates are victims of the virus who, in turn, become the attacking agents. The arguments pointing to the public security awareness and the equation of “the damaged = the attacking agents” are under siege by citizens’ criticisms that MIC is trying to dodge the responsibilities of the government and ISPs (Internet Service Providers).

In fact, MIC missed one important point in investigating the cause of the breakdown; its investigation did not cover the appropriateness of ISPs’ reactions and the recovery process of the virus attack. This limitation of the investigation made it impossible to carry out a close and accurate examination into the causes of the extended Internet collapse and to press hard for those who are responsible for causing extensive damages to Internet users. If we blame the administrators of SQL servers, we should also blame Micro Soft, the provider of the vulnerable software. Some legal experts are saying that MS cannot avoid its responsibility since it did not actively encourage its customers to update the software laden with security problems.

PSPD is arguing that clarifying those who should assume responsibility for the breakdown, involving MIC, ISPs including KT (Korea Telecommunication) and MS, is the first step to prevent another Internet collapse. If we just blame the Warm virus and the low public awareness for security, little efforts will be made to enhance the Internet security, which involve reforming related regulations, proper staffing, and expanding investment in network security. MIC is taking an irresponsible position by neglecting to make clear the responsible parties for the Internet fiasco and by not suggesting possible measures for compensating for the damage suffered by Internet users.

As regards MS, it is taking a business strategy to sell security-vulnerable software that comes with patches afterwards. However, it is turning its attention away from damages caused by the inherent weaknesses. Accordingly, it is being criticized for its irresponsible position and business strategy. Considering MS’s irresponsible sales practices based upon its monopoly in the software and OS sector, the responsibility for damage springing from inherent problems should be laid on the company.

2) The Internet Collapse: Reflections on ‘Information Risk Society’

PSPD evaluates the Internet breakdown as a tragedy of risk society-similar to the Daegu Subway Arson Attack in February and the collapse of Seongsu Bridge in 1994-formed by the continuing accumulation of high risks in the country’s “modernization drive.” In other words, the Internet collapse is a child of ‘Information Risk Society” brought about by rapid drive for information society. This viewpoint tells us that Korean society has taken the path of “maximum profit with minimum cost” while neglecting the aspects of security. This argument is well proved by the reports that the government and corporations have been tight-fisted in investing in organizing and running departments for Internet security. For example, just 44 percent of all corporations set up their own firewall, the most basic tool for security, and 87.4 percent either have no independent department for information security or assign the task to external bodies.

3) Enhanced Security Should Not Violate Human Rights of the Information Society

MIC is facing strong opposition from many human rights organizations as it proposed solutions to prevent another breakdown of the network. That is because they contain some policies infringing on the rights of Internet users. This kind of makeshift solution is closely connected with the fact that MIC is attributing the accident to people’s low security awareness.

3. PSPD Actions for Preventing Another Internet Breakdown

1) Collective Litigation Against the Government (MIC and Related bodies), ISPs such as KT, and MS

PSPD argues that it is necessary to make clear who should assume responsibility for the breakdown and to ascribe legal accountability to those responsible. However, MIC did not take any action against those responsible, including the government itself, ISPs like KT, and MS. Originally, PSPD planned to make those responsible pay for damage through arbitration to the telecommunication committee, an executive body for compensating for consumers’ damage. However, considering the announcement of MIC on February 18, this plan was judged to be not viable. Now the ball is in the jurisdiction’s court.

PSPD gave a press conference on February 27 to make public its plan to institute a suit in regard to the Internet breakdown. The announcement said that PSPD plans to charge the government (MIC and related bodies), ISPs like KT, and MS. It started to recruit plaintiffs mainly made up of broadband service users and succeeded in recruiting some 1,500 people. PSPD plans to launch its legal proceedings on April 3.

PSPD’s legal actions focus not only on securing the economic compensation but also on clarifying the responsibility of the government and related companies for the Internet breakdown. Specifically, it aims to enforce necessary actions for enhancing the network security by making clear that negligent network administrators should be liable to expend a lot of money to compensate for consumer damage. Apart from this, PSPD is seeking to properly understand the causes of the breakdown and continue to campaign for the clarification of the responsible parties for the breakdown. For the latter effort, it is thinking about placing a request for an inspection by BAI (Board of Audit and Inspection).

2) PSPD Policy Campaign

PSPD is leading a campaign for setting up policies to prevent another Internet Catastrophe. The following section provides an outline of the policy campaign.

Citizens realized the importance of legal acts and institution through the Internet failure on January 25. PSPD is urging the establishment of necessary acts for consumer protection in the field of telecommunication services and software industry. It is also urgent to secure safety and security of network equipment and software, which make up the infrastructure of information society.

PSPD is also pointing to the necessity of laying down new codes which can enforce the collective compensation for damage caused by the inherent defects or software. The ongoing legal process urges Microsoft to take the responsibility for this situation based on the PL (Product Liability) act; the suit makes it clear that MS software is an object of product liability and that related acts should protect the consumer rights. Along with this, PSPD insists the collective litigation be introduced so that consumer damage like this case can be properly compensated for.

The campaign insists that the Telecommunication Committee, a body for protecting consumers in the field of IT (Information Technology), should secure its independence and authority. The Telecommunication Committee has been established to encourage fair competition among corporations designated on the electrical communication business act. However, the committee did not perform its proper role in the investigation and compensation process for the consumer damage. One of the reasons for this is the fact that the committee is not really an independent body as it is under the supervision of MIC, the ministry responsible for the Internet breakdown. The accident should serve as a good reason to secure independence and authority of the committee.

Besides, arguments for expanding the use of open source software are emerging in the belief that the Internet breakdown was caused by the vulnerability of commercial MS SQL servers. PSPD argues that government and public sectors should replace its commercial software by open source software. They should set up policies to promote the use of open source software in public sector as well as in private sector. Ultimately, we should eliminate the abuses of MS’s technical and economic monopoly in the software and OS market.

Han Jae-kak

정부지원금 0%, 회원의 회비로 운영됩니다

참여연대 후원/회원가입


참여연대 NOW

실시간 활동 SNS

텔레그램 채널에 가장 빠르게 게시되고,

더 많은 채널로 소통합니다. 지금 팔로우하세요!