Social Life of PKI: Sociotechnical Development of Korean Public-Key Infrastructure Dongoh Park Indiana University Until the late 1990s, technology analysts expected public-key infrastructure (PKI) technology to be an essential element of online security systems. Today however, South Korea represents a unique example of widespread PKI use. This article traces the development of the Korean PKI and analyzes the social and cultural factors that contributed to the implementation and social adoption of the technology. At one time, public-key infrastructure was widely recognized as one of the key security technologies to mediate security risks and facilitate trust in technology circles. Various security and privacy threats have created an urgent need to protect user data during trans- mission. PKI enables the use of public-key cryptography in numerous applications such as email, electronic document processing, server identification, and payment security. A PKI system, especially if it binds public keys with respective user identities, can provide essential security functions of authentica- tion, confidentiality, authorization, integrity, and nonrepudiation. There is, however, always the inevitable gap between state-of-the-art security research and security practice. 1 Until the late 1990s, a number of technology analysts expected PKI would endure for at least the next decade and generate billions of dollars in market revenue for the security industry. Despite the early hype and efforts, the adoption of PKI system has proven difficult if not impossible to implement in practice, even for the most motivated and technologically sophisticated governments and industries. Numerous state government and industry actors initiated and launched PKI projects, including the US, Brit- ish, and Australian federal governments as well as Bank of America. The barriers to adopting a PKI system, which are often more social than technological, include liability, the complexity of operational management, and costs. 2 Currently, only the US Depart- ment of Defense is activity running PKI sys- tems among US federal agencies, and several European Union member states have adopted electronic ID (e-ID) solutions for their citizens with PKI digital certificates. 3 Thus, PKI adop- tion has spread much more slowly than anticipated. Given this environment, South Korea rep- resents a unique example of widespread PKI use. The Korean government developed its infrastructure based on PKI, formally called the Public Certificate System or the National Public-Key Infrastructure. Korea’s PKI is one of the largest PKI systems in the world in terms of its number of users. In early 2014, the Korean Internet and Security Agency (KISA) reported that more than 30 million digital certificates have been issued for indi- vidual users that cover over 60 percent of the Korean national population. 4 Korean PKI distributes file-type digital cer- tificates that users need to access e-commerce or e-government services. Once users obtain a digital certificate, they can access any private or public bank, stock trading service, or Inter- net shopping mall in Korea. The Korean e-government system uses KPKI in its authen- tication process and provides various services such as tax-filing services, e-procurement serv- ices, and more than 5,000 application forms relating to civil matters such as residence, 59 IEEE Annals of the History of Computing Published by the IEEE Computer Society 1058-6180/15/$31.00  c 2015 IEEE