Intel accused of wiretapping in class action lawsuit

Privacy issues

(Image credit: Pixabay)

Back in February, Intel was accused of violating wiretapping laws with the use of keystroke and mouse movement tracking on its site. Now, the lawsuit has been moved up from Florida state court, to the federal district court of Orlando, with growing weight surrounding claims that the multi-billion dollar company employs tracking software to monitor individuals use of the website.

An article by The Register points to a court document PDF which outlines the lawsuit in more detail. It notes that Holly Londers, who brought the information to court, claims that at least a dozen of her visits to the Intel site revealed potential “tracking, recording, and/or ‘session replay’ software” which was used to “intercept use and interaction with the website.”

Although there’s no specific software stated in the court documentation, an attorney involved in the case hinted to The Register that the third party company involved is believed to be Clicktale.

According to information gleaned from Blacklight, a site that exposes tracking software on sites, the Intel site uses “a session recorder, which tracks user mouse movement, clicks, taps, scrolls, or even network activity.” However, the site didn’t detect any keystroke logging and it is unclear how the session data is being used.

Intel’s privacy statement on the site explains the following:

Intel collects information as part of its business operations, to provide services, to respond to requests and offer customer support, to fulfill legal and contractual obligations and to build its innovative products. You provide some of this data directly, such as when you order an Intel product, contact customer support, or register for an Intel event or publication. We also collect information through your interaction with Intel® Services and our website, for example, using embedded product technologies and cookies. We also obtain data from third parties.

(Image credit: Intel)

And, in regards to these third parties, it notes “We might also obtain information through a partner, or co-create datasets with a partner, as part of our business operations.” It’s clear some kinds of information are being gathered, then, but there’s nothing specific to say what type of information is being recorded and stored, which is presumably the reason this case has gained so much momentum.

Gunes Acar, a postdoctoral researcher at Princeton CITP, talked a bit about analytics scripts back at a FTC PrivCon event in 2018. He explains “it’s the website’s responsibility—or maybe third party can have a an API or something—to inform the users that their mouse movements, or keypresses are being monitored.” He goes on to note that “companies could be nudged to be more transparent, more upfront about what they collect, and the risks about this collection.”

Katie is a confessed logophile with a love of metaphor and an insatiable creative urge. She’s also an RPG, sim and survival game enthusiast who harbours an overt disdain for MMOs, un-managed cables and software that doesn’t include a dark mode.

Leave A Reply

Your email address will not be published.