The South Korean government is considering a complete overhaul of its entire national identity system after the database holding people’s identification details suffered repeated compromises – exposing virtually every South Korean’s ID.
Victims of the resulting identify theft even include the president, Park Geun-hye, who said in January that a change was needed and ordered a study of possible options. A decision is due later this year, according to the Associated Press newswire.
Forty million out of South Korea’s population of 50 million are estimated to have had their identities compromised by the repeated attacks over the past 10 years.
The system, introduced in the 1960s, uses identification numbers based on date-of-birth, sex and other unchangeable details. The first few digits are the user’s birth date, followed by a “1” for male or “2” for female and then other details, and people keep the same number for life. Even if the numbers are leaked, they cannot be changed.
The system is so ingrained in South Korean society that an ID number is required to set up a telephone, email and bank accounts – even to buy cigarettes.
But rebuilding the system and tightening security could take up to a decade, according to Kilnam Chon, a researcher known as the “Father of the Korean Internet” for his pioneering work in online technology in the 1980s. “The problems have grown to a point where finding a way to completely solve them looks unlikely,” said Chon.
The South Korean government has been criticised in the past for the poor security surrounding the ID system – combined with requirements for its almost universal usage.
For online usage, the government set up a digital signature system based on proprietary – and now old – Microsoft ActiveX technology. That meant that it could only be used on the Internet Explorer web browser on Microsoft Windows – shutting out users of Apple Macs, iOS, Android, Linux and any other non-Microsoft operating system.
And the attacks haven’t just come from within South Korea, but from outside, too.
Part of the problem is not just the fact that the numbers cannot be changed, but that they are stored with other personal details by websites, including e-tailers and gaming companies, as well as banks and public sector organisations – any weakness in the security of the plethora of companies holding South Korean’s ID effectively exposes the whole ID system.
However, developing a new system would cost an estimated 700 billion won or about £500m, with companies also being forced to overhaul their own systems, too.