Based on the observation that electronic commerce is growing fast in the distribution service of Kore today, this paper intends to look on the background and arguments with respect to the policy that mandates the use of public key certificate in electronic payment, to analyze social well-being effects of adoption and abolition of the policy through an theoretical model, and then to provide policy recommendations for the future growth in electronic commerce.

Public key certificate, also known as authorized certificate, was adopted in the Digital Signature Act enacted on July 1999. Then, in 2002, the Korean government launched the mandatory use of authorized certificate in electronic financial transactions with a purpose of enhancing stability and reliability of electronic commerce, but has encountered several criticism which is directed at largely two targets: the technology currently used by "licensed certification authority" and the mandatory enforcement of a specific technology by mandating the use of authorized certificate in electronic financial transactions.

This policy however is not consistent with the ‘technological neutrality’ principle stipulated in the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (1996): the principle of technological neutrality mandates the adoption of provisions that are neutral with respect to technology used. In light of the rapid technological advances, neutral rules aim at accommodating any future development without further legislative work.” This principal has been already accepted in Korea’s Framework Act on Electronic Documents and Transactions and Digital Signature Act. However, the Electronic Financial Transactions Act gave the Financial Services Commissions the authority to determine authorization methods of electronic financial transactions, and the Commissions had not, until recently, accepted the principle of technological neutrality.

This paper finds in its analysis of theoretical model that the preference of market participants is a significant factor to consider when government intervenes in market standardization: the use of authorized certificate in this paper. Standardization may have several merits but at the cost of diversity and innovation. This is what government should be attentive to. It is often the case that in the rapidly growing electronic commerce, the costs of standardization exceeds the benefits.

In order to further foster and develop electronic commerce technologies and industry, the government needs to focus on two policies. First, to strengthen consumer protection. Concerns regarding the current authorized certificate with Active-X-based security mechanism are mostly about its weakness against electronic attacks such as hacking and phishing. Indeed, the number of privacy complaint reports since 2003 has increased continuously at a fast rate of 30.54 percent on an annual average basis. The number of data breaches that expose authorized certificates has increased exponentially, too. However, technologies for ‘prevention of denial of service (DoS)’ attack have not worked fair for users. More specifically, when hacked or illegally obtained authorized certificate is signed digitally, it is difficult for the victim to prove that the signer of the signature is not himself. As a result, when financial incident occurs, fewer financial firms are held account for and more users remain responsible. So, the government needs to more actively embrace the concept of consumer protection and should make more efforts for it.

Second, to comply with the principles of private sector-led initiative and technological neutrality. The problem with the policy on authorized certificate lies in the mandatory enforcement of a specific technology, hence little contribution to technological and industrial innovation. This is why international and domestic laws written in the early stage of electronic commerce stated the compliance with the two principles. Today, there are already several and various types of authorization methods and signature technologies, and relevant industries are growing fast. For a fast growth in industries for information security and electronic payment, future regulations on electronic commerce and internet should be constructed to be in compliance with the principles of private sector-led initiative and technological neutrality.

발간사
요 약

제1장 서 론

제2장 유통서비스와 전자상거래
　제1절전자상거래 확산과 유통서비스
　제2절한국의 현황

제3장 전자상거래정책과 공인인증서
　제1절전자상거래정책
　제2절공인인증서정책

제4장 공인인증서정책 효과 분석
　제1절모형 구축
　제2절효과 분석

제5장 정책제언

참고문헌
ABSTRACT