Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website | Threatpost

Intel is being sued under a Florida state wiretapping law for using software on its website to capture keystrokes and mouse movements of people that visit it. The case is one of many that private citizens have brought against companies to dispute their use of session-replay technology.

A class-action suit (PDF) in the Circuit Court of the Fifth Judicial Circuit In and For Lake County, Florida, alleges that the tech giant unlawfully intercepted communications without user consent because of its use of analytics technology on its website.

The plaintiff–Holly Londers, a Lake County resident–filed the in February in a Florida state court; it was moved to the federal district court in Orlando this week.

At issue in the case is session replay software that Intel—and many other companies–use on their respective websites that can track how people interact with the site, including recording their mouse movements and clicks, information they input into the site, and the pages and content they view, according to the suit.

The suit claims that this activity by Intel violates the 2020 Florida Security of Communications Act, which makes it illegal to intentionally intercept another person’s electronic communications without first letting the person know and asking for his or her consent.

Intel website cloud and edge servicesPlaintiff Argument

Londers said she visited Intel’s site about 12 times over the past year prior to January 2021. During “one or more of these visits,” Intel tracked and recorded her activity on the site, intercepting her mouse movements, key strokes and other aspects of how she interacted with the site without her knowledge or consent, according to the filing.

“Defendant’s surreptitious interception [of] Plaintiff’s electronic communications caused Plaintiff harm, including invasion of her privacy and/or the exposure of private information,” according to the filing.

Intel also engaged in this activity with other Florida residents who interacted with its website without their knowing or consenting to the session recording, the suit alleges. In fact, the class in the suit covers everyone in the state of Florida who visited Intel’s site and whose electronic interaction was intercepted by the company.

The plaintiffs in the case seek to stop Intel’s collection of this activity on its website through injunctive relief, according to the filing.

While the plaintiffs did not disclose the software that they believe Intel is using to record website session information, a published report said it is likely Clicktale, which analytics software maker Contentsquare acquired in 2019.

The software has been described in an online review as a cloud-based analytic system and service that allows a company to visualize a customer’s experience on its website from their perspective. Ostensibly, it’s meant to help companies to improve their website by responding to how people interact with it.

Intel could not immediately be reached for comment about the case and whether it uses Clicktale or another type of session-replay software on its website.

Legal Precedence

There is legal precedence for bringing cases against technology companies for session reporting, though so far none have resulted in any judgments against technology companies.

A 2017 case filed in the United States District Case for the Southern District in New York, Cohen vs. Casper Sleep, raised similar wiretapping claims against Casper Sleep and Navistone Inc. That suit used the national wiretapping law, the U.S. Electronic Communications Privacy Act of 1986, as  its basis. Eventually, the New York case was dismissed in 2018 for failure to properly state a claim.

A number of other cases—mainly in Florida and California, which have similar wiretapping statues—are currently pending, with companies such as Fandango, Foot Locker, Frontier Airlines, Ray Ban, Banana Republic and others, counted among those accused of illegally intercepting user communications.

Check out our free upcoming live webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community: