Computers, Privacy & the Constitution

Calls for Independent Privacy Agency

Demand for Protection of Private Data


The South Korean government in years past has been repeatedly chided for its ineptitude in protecting the personal information of computer users here. This has opposition lawmakers and civil liberty advocates claiming that people should be entrusting their data to somewhere else. The idea is to establish an independent body, which may or may not be named the “personal information protection committee,” and have it inherit the powers of the Ministry of Public Administration and Security to manage private online data. 
The backers for an independent privacy agency point to the ministry's inability to improve the country's cyber security defense that appears to have more holes than Swiss cheese. 

A government agency with full control over the collecting and managing of personal data also raises concerns of promoting an intrusive state, especially in a country that is gaining a reputation for heavy-handed control of Web behavior and limited online anonymity.

Objection against Demand


Predictably, the Ministry of Public Administration balks at the suggestion, claiming that a new independent body would be a waste of effort and money, and thus an unthinkable option for the Lee Myung-bak administration that touts itself as small government. 

The debate over an independent privacy agency is in fact what is keeping the ruling Grand National Party (GNP) and opposition lawmakers from agreeing on a new personal Information Protection Law, a draft that has been on the bench for the last two years.

Progress of Discussion


The law will mandate government organizations and companies to notify people immediately when their privacy is breached, which is an aspect that the lawmakers managed to agree upon. With the National Assembly's Public Administration and Security Committee failing to reach a conclusion on the issue to date, only agreeing to schedule a final discussion in the near future, it's uncertain whether the renewed privacy law will be approved during the current parliamentary session. Lee Deok-hyun from the Knowledge Information Security Industry Association (KISIA) said, “The lagging discussions are certainly a letdown. If we don't establish the personal privacy law now, companies will stop pretending they are interested.” The protection of privacy has become a great concern for Korean computer users, as Internet companies, financial services firms and government Web sites collect an increasing amount of personal information from users through online registrations and other routes.

Necessity of Privacy Protection


However, it seems that private information can no longer be considered as such the moment it reaches these companies, which continue to be blasted for their cyber security or lack thereof. In fact, resident registration numbers, the Korean equivalent of social security codes, are so widely available that cyber criminals can only get 1 won for each number on the Internet black market, according to a recent police report. 

According to an official from the Jinbo (it means “Advance” in English) Network, a civic group, the public administration ministry has failed to introduce any meaningful countermeasures even as the country has continued to be hit by massive identity theft cases, like the hacking of the Auction servers two years ago. The ministry has also been refusing to discuss such possibilities to adjust the excessive collecting of personal information on the Internet. We need a new and independent agency to move forward.

The country has been hit by a slew of massive data theft cases recently. Auction (www.auction.co.kr), eBay's local unit and the country's largest online retailer, has been battered by class-action lawsuits since 2008, when Chinese hackers broke into the company servers and stole the information of more than 18.6 million customers. 

And police have been investigating a data breach involving more than 20 million people, who subscribed to the online services of major retailer Shinsegae and I Love School (www.iloveschool.co.kr), a social media site. This marks the country's largest ever identity theft case, nearly double the 11 million GS Caltex customers who had their personal information stolen by employees at one of the refinery's subsidiaries in 2008.

Despite growing concerns over the excessive amount of personal information collected by online services providers, the government has been moving to squeeze more data out of computer users as it looks to impose more rules on the Internet. 

Since last year, the government has been requiring Internet users to make verifiable real-name registrations to post comments on Web sites with more than 100,000 daily users, which it claimed as inevitable to curb cyber bullying and libelous online claims. And the country's law on encrypted online communications mandates Internet companies to keep the resident registration numbers of users to provide online shopping and other transaction services.

-- EunNyungLee - 26 Apr 2010

This is an effective presentation of the facts. I'm a little puzzled, however, at the content of the analysis. If there is an independent agency, how will it fix the problems? If the companies have not been disciplined by an agency of the government, will they be disciplined by a different agency of the government, or will that one be captured too? Wouldn't it be a good idea to say more about the content of policy, and not just about the agency making the policy?

 

Navigation

Webs Webs

r4 - 17 Jan 2012 - 17:48:24 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM