hankyoreh

The National Intelligence Service (NIS) is hinting at plans to involve itself in computer system security issues in private, nongovernmental organizations. This idea was floated at a national cyber security strategy meeting presided over by the NIS a few days ago in the wake of the Nonghyup hacking incident.
The key area of interest is reportedly an amendment of the National Information Infrastructure Protection Act preventing the NIS from offering technical support for financial and information infrastructure in which personal information is stored. The argument is that because cyber attacks occur without distinctions between private and governmental sectors, it is necessary to relax restrictions on NIS oversight of national cyber security duties.
If they follow this logic, however, the NIS will gain unlimited access to all personal information stored in places such as banks, communication companies, and portal sites. Ordinary financial transactions, telephone conversations, and email correspondence records for citizens will be exposed to the eyes of the NIS.
To date, the NIS has had limited access to private communications with the court issuance of warrants in cases where such information is linked to a particular investigation. Even under these constrained circumstances, we have routinely seen the expedient tactic of arbitrarily inserting targets for search and seizure. Now, they want to eliminate even this restriction. It is apparent that this will lead to grievous violations of privacy. This is completely unacceptable.
There is also ample potential for the NIS to abuse this information. Not long ago, it did not hesitate to perpetrate the shameless invasion of the hotel room of an Indonesian presidential delegation to gather industry intelligence. There have even been allegations from ruling party lawmakers including Jeong Tae-keun that they were subjected to NIS monitoring. The argument may be for strengthening our cyber security posture, but a look at the actual behavior of the NIS leaves one hard-pressed to recognize good intentions.
At this point, there is even apprehension about the authorities’ classification of the Nonghyup hacking case as a North Korean cyber attack. This stems from its appearance of being an attempt to stir up public opinion in order to broaden the scope of the service’s duties. Judging from the NIS’s actions, however, this is not a time for expanding its duties, but for stepping up National Assembly and civil society monitoring of its irregular behavior.
A concerted and thorough private and public response system for cyber security is necessary. But this is not something to be directed by the NIS, an intelligence and investigative organization. It is a matter to be resolved by the Korea Communications Commission (KCC), the organization that oversees national information and communications network management, through close cooperation with security companies and other related private businesses and with computer and Internet users. No advanced Internet nation has permitted an intelligence and investigative organization to monitor even the private arena of cyberspace. It is a highly dangerous idea, and it should be withdrawn at once.
　　
Please direct questions or comments to [englishhani@hani.co.kr]