Intel is among the growing list of companies being sued for allegedly violating American wiretapping laws by running third-party code to track interactions, such as keystrokes, click events, and cursor movements, on its website.
The plaintiff, Holly Londers, claims she visited Intel's website approximately a dozen times in the twelve months to January 2021, and during those visits the chip maker "utilized tracking, recording, and/or 'session replay' software to contemporaneously intercept [her] use and interaction with the website, including mouse clicks and movements," and information that she input, pages visited and viewed, and dates and times of visits.
The lawsuit has been brought under the 2020 Florida Security of Communications Act, which makes it a crime to intentionally intercept another person's electronic communications without prior consent.
Londers's complaint does not specify the session replay software involved but The Register understands from a conversation with one of the attorneys involved that it's believed to be Clicktale, which was acquired in 2019 by Contentsquare, a maker of similar analytics software.
[...] However, the attorney on the Florida case who spoke with The Register said the central issue is whether website visitors gave informed consent. And he voiced optimism that the Florida cases will survive motions to dismiss because Florida's wiretapping law is a strong consumer protection statute.
Since Cohen v. Casper Sleep (2017) in New York, there have been at least two dozen such wiretapping privacy claims, mostly in California and Florida – both states with applicable privacy statutes. Those who have been sued over this include Banana Republic, Blizzard, CVS, Fandango, Foot Locker, Frontier Airlines, General Motors, Home Depot, Old Navy, Nike, Norton, Ray-Ban, T-Mobile, and WedMD, among others.
The New York case was dismissed in 2018 for failure to properly state a claim [PDF]. But most of the California and Florida cases continue to plod along and may yet make it to trial, or more likely, settlement.
These claims got a boost from the 2020 Ninth Circuit Court of Appeals decision [PDF] that refused to dismiss wiretapping claims against Facebook for tracking people even when they've logged out of the social networking service. A week ago, the US Supreme Court declined to hear Facebook's appeal to undo that decision.
[...] The Register asked Intel and Contentsquare to comment on the wiretapping lawsuit, and both companies declined. ®
Get ourTech Resources
(Score: 0) by Anonymous Coward on Tuesday March 30 2021, @06:50PM (5 children)
If you don’t like it don’t use it or turn off JavaScript
(Score: 1, Touché) by Anonymous Coward on Tuesday March 30 2021, @06:59PM
I only consented to cookies, they didn't make me agree to being wiretapped. Yet.
(Score: 5, Insightful) by Tork on Tuesday March 30 2021, @07:14PM (3 children)
Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
(Score: 2) by DeathMonkey on Tuesday March 30 2021, @09:11PM (2 children)
Agreed.
But as for the lawsuit in question Intel is is intercepting communications between her and Intel. So doesn't that mean the following would NOT apply?
(Score: 3, Interesting) by DeathMonkey on Tuesday March 30 2021, @09:26PM (1 child)
On further reading...
I think of "intercept" as a third party creating a copy of some data exchanged between two other parties. So I wouldn't think of interception as me recording your interaction with my website.
However, what I think doesn't matter when they define the term in the law. And damn, do they define it broadly!
By that definition it seems like you could sue me if you call me and leave a voicemail! Or I save a copy of an email you send me...
(Score: 3, Informative) by The Mighty Buzzard on Wednesday March 31 2021, @02:06AM
It's not by any stretch of the definition wiretapping. Wiretapping requires an intentionally transmitted signal. They were recording, on her computer, things that she never meant to send anywhere and then sending them to themselves. So it's not wiretapping.
It could very well fall under unauthorized access via the CFAA though.
My rights don't end where your fear begins.
(Score: 2) by KilroySmith on Tuesday March 30 2021, @07:50PM (10 children)
I'm not involved in web development, or website analytics, so I'm throwing this out for those who are.
What useful information does a website get from "keystrokes, click events, and cursor movements" that goes above and beyond the information they'd get natively from navigation? Sure, you can tell that I clicked in the "Username" field, and typed in my username, but you'd get that anyway when I hit enter. Why would they pay for analytics that make the user experience slow, laggy, and painful, and what do they get out of doing so?
(Score: 0) by Anonymous Coward on Tuesday March 30 2021, @08:06PM (6 children)
- find errors or pinpoint areas of confusion on input forms
- see how users engage with a page, what is interesting or where they leave the page
(Score: 1) by Ethanol-fueled on Tuesday March 30 2021, @08:17PM (3 children)
- Identifying cross-site users by their unique fingerprint
(Score: 0) by Anonymous Coward on Tuesday March 30 2021, @09:29PM (2 children)
That's not what these telemetry analytics are for. Don't get your evils confused.
(Score: 2, Insightful) by Ethanol-fueled on Tuesday March 30 2021, @09:48PM (1 child)
I meant to say that certain patterns of timing and movement could identify 1 or more users, or a group of specific users at least with a large sample size.
I wasn't referring to browser/configuration fingerprinting. But if you still mean what you said I'll take your word for it. Intel, after all, seems more interested in furthering the woke agenda [techspot.com] rather than making decent silicon. No surprise given that they are a Jewish company, but their declining dominance in silicon is suspect. Perhaps they're getting low-key sanctioned for collaborating with the enemy, or otherwise releasing or getting their backdoors hacked to unfriendly nations who used it to their advantage.
(Score: 1, Informative) by Anonymous Coward on Tuesday March 30 2021, @11:43PM
Intel has been taken over by people who do not view engineering as the key, overwhelming focus of the company, as is obvious by your link. They got so big and wealthy, they thought they couldn't fail. Well, they can and they have for years now. Wokeness does nothing to get you to the next design node.
(Score: 1, Interesting) by Anonymous Coward on Tuesday March 30 2021, @09:58PM (1 child)
- stealing your passwords for credential stuffing attacks, because they can see what you typed in the password field
(Score: 0) by Anonymous Coward on Tuesday March 30 2021, @10:34PM
You mean those ⬤⬤⬤⬤⬤⬤⬤⬤⬤?
(Score: 0) by Anonymous Coward on Tuesday March 30 2021, @08:21PM
"What is the best location to place button X when we compare experiment A against control C? How many more people find/don't find the button?"
I mean, they're fiddling with match-sticks anyway. It's bullshit and numbers for numbers' sake. They got onto the bandwagon of "telemetry inherently makes you product better by just being present and therefore we must telemetrize". In the end, does it matter? Not really...
(Score: 2, Interesting) by Anonymous Coward on Tuesday March 30 2021, @08:40PM (1 child)
There are a few valid security reasons (and I played around with it briefly strictly for that purpose) but it is a deep rabbit hole and there are plenty of easier, less intrusive methods. I don't use any trackers -- but if there is a hack attempt (normally script kiddies) I record and retain the ip address and URL indefinitely. Keep at it and the i.p. automatically gets blocked for a few days.
But imo this "wiretapping" absolutely pales in comparison to all the other Orwellian b.s. going on.
(Score: 2) by HiThere on Tuesday March 30 2021, @10:51PM
While true, you can't prosecute unless someone has passed a law that enables this.
Yeah, there's lots worse stuff. But much of that isn't legally actionable. If this is, then go for it.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 4, Informative) by Mojibake Tengu on Tuesday March 30 2021, @08:32PM (3 children)
There are more criminal corporations out there.
Razer. Its keyboards/mouses driver for Windows is connected to the cloud and it even has the sound enhancement capability, whatever that could mean (it actually deteriorates sound quality).
My own experience, the behavior is pretty suspicious: when the machine is offline, the driver loads the configuration to the peripherals just fine (blinkenlights and button map). But when the net interface is up, the driver does not initiate the configuration map to its input devices at all and insists on getting unrestricted connectivity to its cloud first, by repeating annoying popups.
I could not stop laughing when I heard the news last week about Razer driver is coming to Linux...
Another example of quite pretty hardware spoiled by stinky software.
But this all is but an iceberg hidden under the surface. Shame on you all, nasty spooks!
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2, Informative) by The Mighty Buzzard on Wednesday March 31 2021, @02:09AM (2 children)
That's what you get for using Windows.
Linux already has FOSS Razer drivers that send nothing anywhere. I'm using one right now for my keyboard.
My rights don't end where your fear begins.
(Score: 2) by Mojibake Tengu on Wednesday March 31 2021, @05:32AM (1 child)
Are you sure about that OpenRazer userspace daemon? Really??
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 1) by The Mighty Buzzard on Wednesday March 31 2021, @01:23PM
Check it yourself [github.com] if you feel the need. I've modified mine a few times, so I already have.
My rights don't end where your fear begins.
(Score: 2) by Snotnose on Tuesday March 30 2021, @09:05PM (1 child)
the problem with this. If you steam open an envelope, or otherwise intercept messages sent via US Mail that's a felony. If you intercept and read a postcard sent via US Mail, I dunno.
Reading email/web traffic seems to be in between the two. Unless you use SSL, in which case if a third party reads the content they just committed a felony and either they and/or their company's Cxx suite should be looking at felony jail time + all the horrors of having a felony hung to their name entails.
I just passed a drug test. My dealer has some explaining to do.
(Score: 0) by Anonymous Coward on Tuesday March 30 2021, @10:27PM
Not the same at all. This is Intel recording the user's interaction with their browser and phoning that home, and I'm not convinced that it only records browser interactions. Are they able to intercept mouse and keyboard input to other programs while the browser is open? Like, say, my password manager?
(Score: 3, Interesting) by dltaylor on Tuesday March 30 2021, @10:52PM (2 children)
I haven't waded through Florida's wiretapping law, but I see this as more like failing to inform a party that they may be, or are being, recorded in a telephone call. In California, at least, that warning is required, unless you are a cop who may, or may not, have bothered to get a warrant.
Also, depending on your focus settings, you may be interacting with something else on your computer. in which case it surely looks and sounds like eavesdropping.
I think the last time I used Intel's website for anything was for looking up the specs for my Xeon X5570s. Before that, it was probably drivers for the i740 graphics card.
(Score: 2, Interesting) by The Mighty Buzzard on Wednesday March 31 2021, @02:12AM (1 child)
That's exactly what it's like. Thing is, failing to inform someone you're snooping around their computer and gain permission is not wiretapping according to the law. It does fit the definition in the CFAA of unauthorized access though, which is even more fun since that carries a prison sentence.
My rights don't end where your fear begins.
(Score: 1, Touché) by Anonymous Coward on Wednesday March 31 2021, @06:58AM
Simple, I set keylogger on my computer, if you are keylogging my keylogging, it is wiretapping.