SSL cert authority fires multi-million dollar suit at Korean agency

The Korea Financial Telecommunications and Clearings Institute faces its second suit in a week, for allegedly favoring Microsoft's Windows OS and Internet Explorer.

Within a week of being sued for issuing SSL certificates only to Windows OS and Microsoft Internet Explorer users, the Korea Financial Telecommunications and Clearings Institute (KFTC) faces another legal tussle--this time with a Web certficate authority.

The company, whose name has not been made public, is claiming damages of tens of millions of dollars from KFTC, for years of pushing Active X technology exclusively. Only last week, the Korean agency was on the receiving end of a lawsuit by OpenWeb that sought to claim damages of US$460,000. The OpenWeb suit is backed by some 83 netizens.

KFTC has been the subject of heavy criticism for "unfair industry practices"--it has been alleged to issue digital certificates only to IE users and excluding other domestic CA (certificate authority) and certificate issuers. The upcoming release of Microsoft's Windows Vista is also a point of contention, as its WebTrust compliance is compatible mainly with Microsoft OS users.

The claimant said that it had developed platform- and browser-independent software for to make the Internet ubiquituous for the industry, but the strong push of Active X by the South Korean administration through KFTC has kept its market share to a mere 2 percent to 3 percent, causing substantial loss of possible profits.

Its damage claim amount of US$10 million is based from an estimated annual net loss of US$2 million over the past five years. This case looks to be particularly interesting because this time the plaintiff is one of the certificate issuers and not the online community.

Browser makers including Mozilla, Apple and Opera were said to have considered joining the lawsuit against KFTC, but withdrew due to due to possible backfire from Koreans.

Web community riled
So why is KFTC in so much trouble?

In most cases overseas, countries do not issue digital certificates while banking online and instead try to minimize the security risks within the browser.

However, in Denmark all browsers can attain SSL certificates when using its e-transactions. Its commerce registry authenticates and supports Firefox, Epiphany, Galeon, Opera, Safari, IE, Camino and also Mozilla's thunderbird e-mail program. This is possible through running the Java applet for all browsers.

Keechang Kim, a law professor at the Korea University, said: "The KFTC issues server certificate for Web authentication. However, this is method not trustworthy to most major Web browsers; it uses the Active X control, a secure channel only open to Internet Explorer browser and no other."

Web users and Netizens have condemned the Korean government and KFTC, calling them "The great Korean Internet nation, which only recognizes IE".

One Internet user said: "I have not used IE for about five years. But in those five years I've felt excluded. Being the 'minority' in Korea makes life more difficult."

Meanwhile, the OpenWeb is collecting more supporters and plaintiffs for its case against KFTC. It’s also considering introducing new charges, relating to possible antitrust violations, in the civil case it has filed.

Yoonjung Yoo of ZDNet Korea reported from Seoul.