Facebook target of effort by South Korean communications regulator to search its servers connected to data scandals
11 Jan 2019 12:00 am by Hyung-jo Choi
South Korea’s communications regulator has made a request to Facebook for permission to conduct searches on the company’s servers located outside the country, MLex has learned.
It is understood the Korea Communications Commission, or KCC, has informed Facebook that it wants to conduct a physical search of its servers as a part of its ongoing investigations into two cases – the Cambridge Analytica scandal and the so-called “View As” breach – to obtain evidence related to the accounts of South Korean Facebooks users.
Local media reported at the end of December last year that the KCC may dispatch an investigator to Facebook’s US headquarters in Menlo Park, California, as part of its probe. The commission immediately issued a statement, saying that it had no plan to do so.
MLex understands that the KCC’s intention isn’t to inspect the company’s headquarters in the US itself, but rather its servers where South Korean user information may be stored, the nearest of which may be in Hong Kong.
In South Korea, Facebook is using a cache server, which is temporary data storage used to increase the speed of its servers, owned by a local telecoms company.
This means that for the regulator to look through the company’s physical servers for evidence, its investigators would need to extend their probe outside the country.
Conducting such inspections requires the consent of the company and it is possible that Facebook may object to or flatly turn down such a request.
A spokesperson at Facebook’s local office in Seoul said the company couldn't comment on the matter.
MLex was told that the KCC is in talks with Facebook’s headquarters to obtain an agreement for the search.
The KCC launched an investigation into the Cambridge Analytica scandal, where the British political data-mining firm Cambridge Analytica used personal information collected from Facebook profiles for work it was doing for the US presidential campaign in 2016, in April last year.
The commission also started a formal probe into the so-called “View As” breach, as MLex reported in October last year, after it was told by the company that the accounts of nearly 35,000 South Korean users were affected during the incident, in which hackers exploited a vulnerability in the “View As” feature on Facebook’s service, exposing data from some 50 million users.
In addition to these two formal probes in South Korea, Facebook may also face yet another inquiry by the KCC.
MLex previously reported that the KCC requested Facebook to submit data on the number of South Korean user accounts affected by a software bug allowing third-party apps to access photos of up to 6.8 million users.
MLex was told that the US social giant has yet to submit the information the regulator requested.
The US social giant is also in the middle of litigation at a South Korean court against the KCC.
In May last year, Facebook filed an administrative suit against the commission in an effort to reverse fines of 396 million won ($353,000) and corrective orders. Earlier that year, the KCC determined that Facebook intentionally rerouted the server for some South Korean users from the local cache server to its server in Hong Kong, slowing down the service as a result.
The next hearing for the suit at the Seoul Administrative Court is slated for January 24.
03 Aug 2020 9:29 pm by Ana Paula CandilCompanies are pressuring Brazilian lawmakers to delay implementation of the nation's data-protection law from Aug. 16 until next May.
Biggest cyberattack ever caused $15 billion loss to customers of companies directly hit, though banks softened impact, study says31 Jul 2020 12:00 pm by Neil RolandThe most damaging cyberattack ever in 2017, caused a $15 billion loss to customers of companies directly hit, a federal study said.
International companies more prepared than local companies for Brazilian data protection law, Alves says30 Jul 2020 11:00 am by Ana Paula CandilInternational companies are much more prepared for Brazil's new data protection law than Brazilian firms because they already comply with similar legislation.