Facebook target of effort by South Korean communications regulator to search its servers connected to data scandals
11 Jan 2019 12:43 pm by Hyung-jo Choi
South Korea’s communications regulator has made a request to Facebook for permission to conduct searches on the company’s servers located outside the country, MLex has learned.
It is understood the Korea Communications Commission, or KCC, has informed Facebook that it wants to conduct a physical search of its servers as a part of its ongoing investigations into two cases – the Cambridge Analytica scandal and the so-called “View As” breach – to obtain evidence related to the accounts of South Korean Facebooks users.
Local media reported at the end of December last year that the KCC may dispatch an investigator to Facebook’s US headquarters in Menlo Park, California, as part of its probe. The commission immediately issued a statement, saying that it had no plan to do so.
MLex understands that the KCC’s intention isn’t to inspect the company’s headquarters in the US itself, but rather its servers where South Korean user information may be stored, the nearest of which may be in Hong Kong.
In South Korea, Facebook is using a cache server, which is temporary data storage used to increase the speed of its servers, owned by a local telecoms company.
This means that for the regulator to look through the company’s physical servers for evidence, its investigators would need to extend their probe outside the country.
Conducting such inspections requires the consent of the company and it is possible that Facebook may object to or flatly turn down such a request.
A spokesperson at Facebook’s local office in Seoul said the company couldn't comment on the matter.
MLex was told that the KCC is in talks with Facebook’s headquarters to obtain an agreement for the search.
The KCC launched an investigation into the Cambridge Analytica scandal, where the British political data-mining firm Cambridge Analytica used personal information collected from Facebook profiles for work it was doing for the US presidential campaign in 2016, in April last year.
The commission also started a formal probe into the so-called “View As” breach, as MLex reported in October last year, after it was told by the company that the accounts of nearly 35,000 South Korean users were affected during the incident, in which hackers exploited a vulnerability in the “View As” feature on Facebook’s service, exposing data from some 50 million users.
In addition to these two formal probes in South Korea, Facebook may also face yet another inquiry by the KCC.
MLex previously reported that the KCC requested Facebook to submit data on the number of South Korean user accounts affected by a software bug allowing third-party apps to access photos of up to 6.8 million users.
MLex was told that the US social giant has yet to submit the information the regulator requested.
The US social giant is also in the middle of litigation at a South Korean court against the KCC.
In May last year, Facebook filed an administrative suit against the commission in an effort to reverse fines of 396 million won ($353,000) and corrective orders. Earlier that year, the KCC determined that Facebook intentionally rerouted the server for some South Korean users from the local cache server to its server in Hong Kong, slowing down the service as a result.
The next hearing for the suit at the Seoul Administrative Court is slated for January 24.
03 Apr 2020 10:28 pm by Amy MillerConnecticut, New York, Florida and other US states are investigating whether Zoom, the videoconferencing platform that’s exploded in popularity during the Covid-19 pandemic, has violated any laws by failing to protect users’ privacy and secure its systems, the Connecticut attorney general announced.
02 Apr 2020 12:31 pm by Dave PereraEquifax faces a bill of slightly more than $2 billion to settle consumer complaints stemming from the credit reporting agency’s massive 2017 data breach.
01 Apr 2020 6:22 pm by Vesela GladichevaA landmark UK ruling freed Wm Morrison Supermarkets from indirect liability for a rogue employee's data leak — but still leaves the door open for future litigation targeting companies over accidental data disclosures by employees.