330 likes | 473 Views
The Web Accessibility Crisis of Korea’s Electronic Government Sunday, September 14, 2014. Hun Myoung Park kucc625@iuj.ac.jp, http://sonsoo.org Public Management & Policy Analysis Program Graduate School of International Relations International University of Japan. Outline.
E N D
The Web Accessibility Crisis of Korea’s Electronic GovernmentSunday, September 14, 2014 Hun Myoung Park kucc625@iuj.ac.jp, http://sonsoo.org Public Management & Policy Analysis ProgramGraduate School of International Relations International University of Japan
Outline • Intro. to Korea’s e-government • Gospels of Korea’s e-government • Surprising facts • Addiction to Microsoft Standards • What is wrong? • Microsoft ActiveX Controls • Web accessibility • Failure in Policy implementation • Tragic consequences
Purposes of This Study • To report an exceptional case of bad e-government practice • To illustrates fatal consequences of ignoring technology standards and guidelines (Web accessibility) • To highlight citizens’ perspectives rather than service providers’ standpoints. • No theory except for Web accessibility • No statistical and econometric methods
Korea’s E-government • Kim Dae-Jung Administration’s initiative • Digital Signature Act (1999) • Electronic Government Act (2001) • Electronic government portal, egov.go.kr (2002) • “Selection and concentration” strategy • Roh Moo-Hyun Administration’s effort • Broadband IT Korea Vision (2003) • IT839 (2004) • u_Korea Plan (2006) • Ranked top recentlyin major benchmarks (e.g., Brown University and UN)
So What? • Is Korea’s e-government really ideal and thus worth being modeled? • Inconsistent rankings imply problems (e.g., method and measurement) in benchmarks • But there are facts (secrets)less known to outsiders that deserve to pay careful attentions
Gospels for Korea’s E-gov. • The only way to fully use e-government and Web sites of public institutions • Use Microsoft Windows only (Korean version); Do not use Macintosh or Linux • Use Microsoft Internet Explorer (MSIE) only; Do not use Firefox, Safari, Google Chrome, Opera, etc. • Disarm firewall/anti-virus protection and/or lower IE security level to allow all pop-ups and Microsoft ActiveX Controls.
Gospels for Korea’s E-gov. (cont.) • Install all ActiveX plug-ins requested by institutions • NEVER click on “No” but always click on “Yes”! • Do not ask what they are and whether they are reliable and safe; No way to distinguish good (needed) plug-ins from malware. • Carry security token for digital certificates with you and memorize their passwords • Carry tables of security numbers issued by individual financial institutions (e.g., banks) • Otherwise, no guarantee to access services
Surprising Facts 1 • When accessing a public Web site without following the gospels, you will often get, • “This Web site was optimized to Microsoft Internet Explorer only!” or • “This Web site does not support Netscape!” • Sounds like, • “If you are not Microsoft customers, we do not provide services you requested!” • “Use Microsoft products, or leave right now!”
Surprising Facts 2 • Even when browsing some Web contents (e.g., video, audio, and pdf), • You must install ActiveX plug-ins required by Web sites. • To hide keyboard stroke and mouse move • To browse Web contents (Why do we need plug-ins other than Acrobat Reader?) • Otherwise, you may not access the contents (sometimes access denied!).
Surprising Facts 3 • In order for (financial) transactions, • Follow all gospels of Korea’s e-government • Get a digital certificate from an institution (a general purpose certificate is not free) • Log on with ID, password of ID, and password of digital certificate • Provide transaction information including credit card information (another password issued by the credit card company)
Surprising Facts 3 (cont.) • Provide randomly selected security numbers from the table issued by the institution • After clicking on O.K., provide password of digital certificate again. • Why do citizens have to follow these confusing and inconvenient procedures? • Why do ordinary citizens have to know and be responsible for security? (This is computer gurus’ job!)
Surprising Facts 4 • Old (e.g., 95/98/2000 and IE 5) or latest (e.g., Windows 7) versions of Microsoft Windows and IE were not fully supported • Each institution requires citizens to install its own ActiveX plug-ins (on average 3 plug-ins) • These plug-ins are often conflicting and slowing down/freezing the system • Sometimes you must uninstall, say, ver. 6 of a plug-in required for service A to use service B and then install ver. 7).
Surprising Facts 5 • When iPhone was introduced in Korea, it did not work with public Web sites. • You may not properly use intelligent devices like smartphone (Android phone) that do not use Microsoft Windows and IE • Each institution provides its own apps, as a backdoor way, for financial transactions (not Web-based transaction)
Surprising Facts 6 • So what is a consequence of the gospels? • Microsoft Monopoly in operating system and Web browser markets • Unbelievable 99 percent market shares! • Monopolistic price • Addiction to Microsoft standards! • “Of Microsoft, by Microsoft, for Microsoft Customers only”
Then What Is Wrong? • Digital Signature Act (1999) • Electronic Financial Transaction Act (provision 7 of its Electronic Financial Supervision Regulations) requires use of public key certificate in all electronic financial transactions. • Employed public key infrastructure (PKI)
Then What Is Wrong? (cont.) • Encryption to scramble (encode) data from “cleartext” to “enciphered text” • Developed an encryption algorithm “SEED” in the late 1990s to support 128bit encryption • Used ActiveX Controls to implement the algorithm for authentication (public key certificate) • Government failed to enforce Web accessibility in public Web sites.
Then What Is Wrong? (cont.) • Ministry of Communication/Public Administration • Financial Supervisory Services (FSS) • Dominant Certificate Authority (CA) • Korea Financial Telecommunications Clearings Institute (KFTCI) for banks • KOSCOM for securities firms. • Public institutions (e.g., departments, agencies, and banks) • Security software developers
ActiveX Controls • “A framework for defining reusable software components” • Easy to develop fancy programs • Exclusively available on Windows • Able to control even file systems • Vulnerable to attacks (although not easy to provide scientific evidence) • However, Microsoft gave up supporting ActiveX and introduced Silverlight instead.
Why ActiveX Controls? • Client side (as opposed to server side) certification; transfer responsibility from servers to clients • De Facto technology standards • Microsoft standards (Windows+IE+ActiveX+…) as opposed to Web standard (HTML/XHTML/CSS) • Support client side certification in early 2000s • Software developers’ preference • Citizens’ preference for fancy Web pages • Ignorance and negligence of public organizations
Web Accessibility 1 • Web accessibility is to make Web sites accessible to people with and without disabilities no matter what operating systems and browsing devices they are using. • Web usability is the measure of effectiveness, efficiency, and satisfaction of using Web to achieve goals. • Both are closely related.
Web Accessibility 2 • Rehabilitation Act of 1998 (Section 508) • “When Federal agencies develop, procure, maintain, or use electronic and information technology, Federal employees with disabilities have access to and use of information and data that is comparable to the access and use by Federal employees who are not individuals with disabilities, unless an undue burden would be imposed on the agency.” §1194.1
Web Accessibility 3 • “Individuals with disabilities, who are members of the public seeking information or services from a Federal agency, have access to and use of information and data that is comparable to that provided to the public who are not individuals with disabilities, unless an undue burden would be imposed on the agency.” §1194.1 • Both service provision and client sides
Web Accessibility 4 • E-government Act of 2002, U.S.A. • “To provide enhanced access to Government information and services in a manner consistent with laws regarding • protection of personal privacy, • national security, records retention, • access for persons with disabilities, and other relevant laws.”
Web Accessibility 5 • U.S. federal and state government: Jaeger (2006); Lazar, Beere, Greenidge, and Nagapa (2003); Potter(2002); Ellison (2004); Fagan and Fagan (2004) • U.S. secondary educational institutions: Williamson (2005) • European governments: Marincu and McMullin (2004);Paris (2006) • Becker (2004) for older generations
Failures in Implementation • Less attention to Web accessibility and more emphasis on online service provision and use • However, no critical problem in laws (no law requires Microsoft products!) • Korean Web Content Accessibility Guidelines (KWCAG) in 2005 similar to W3C’s WCAG and U.S. Section 508. • MIC/MOPAS and FSS failed to enforce KWCAG due to their Ignorance and negligence. • Lock-in effect of technology standards
Open Web’s Lawsuit • Openweb.or.kr led by Kim Gi-Chang. • Lawsuit against KFTCI (a dominant CA), asking that CAs support various operating systems and Web browsers. • However, the Supreme Court ordered that it is not illegal, given 99% market shares, to provide digital certificate services to Microsoft customers only. • Reverse causality: ActiveXMS Monopoly
Tragic Consequences • Unbelievable Microsoft monopoly • More expensive Microsoft products • Addiction to Microsoft Standards • Windows+IE+ActiveX Controls+Incompatible tags • Homogeneous information systems/networks (less likely to recognize seriousness of this problem) • Web accessibility crisis. Why Microsoft customers only? Did citizens pay tax to MS? • Not device-independent (e.g., OS, Web browser, smartphone, and tablet PC). • Bad computing practices; Always click OK ?
Lessons from This Case • Unbelievable consequences of ignoring Web accessibility (Web standards) • Importance of citizen-centered approach • Technology is not perfect but should evolve overtime • Use and follow global (Web) standards • Heterogeneous rather than homogeneous • Problems in benchmarks and automated evaluation tools.