Intel accused of wiretapping in class action lawsuit

By Katie Wickens
published

Potential session monitoring scripts in use on the Intel site could spell privacy issues for innocent browsers.

Privacy issues
(Image credit: Pixabay)

Back in February, Intel was accused of violating wiretapping laws with the use of keystroke and mouse movement tracking on its site. Now, the lawsuit has been moved up from Florida state court, to the federal district court of Orlando, with growing weight surrounding claims that the multi-billion dollar company employs tracking software to monitor individuals use of the website.

Cut the cord...

(Image credit: Steelseries)

Best wireless gaming mouse (opens in new tab): ideal cable-free rodents
Best wireless gaming keyboard (opens in new tab): no wires, no worries
Best wireless gaming headset (opens in new tab): top untethered audio

An article by The Register (opens in new tab) points to a court document PDF which outlines the lawsuit (opens in new tab) in more detail. It notes that Holly Londers, who brought the information to court, claims that at least a dozen of her visits to the Intel site revealed potential "tracking, recording, and/or 'session replay' software" which was used to "intercept use and interaction with the website."

Although there's no specific software stated in the court documentation, an attorney involved in the case hinted to The Register that the third party company involved is believed to be Clicktale.

According to information gleaned from Blacklight (opens in new tab), a site that exposes tracking software on sites, the Intel site uses "a session recorder, which tracks user mouse movement, clicks, taps, scrolls, or even network activity." However, the site didn't detect any keystroke logging and it is unclear how the session data is being used.

Intel's privacy statement (opens in new tab) on the site explains the following:

Intel collects information as part of its business operations, to provide services, to respond to requests and offer customer support, to fulfill legal and contractual obligations and to build its innovative products. You provide some of this data directly, such as when you order an Intel product, contact customer support, or register for an Intel event or publication. We also collect information through your interaction with Intel® Services and our website, for example, using embedded product technologies and cookies. We also obtain data from third parties.

(Image credit: Intel)

And, in regards to these third parties, it notes "We might also obtain information through a partner, or co-create datasets with a partner, as part of our business operations." It's clear some kinds of information are being gathered, then, but there's nothing specific to say what type of information is being recorded and stored, which is presumably the reason this case has gained so much momentum.

Gunes Acar, a postdoctoral researcher at Princeton CITP, talked a bit about analytics scripts back at a FTC PrivCon event in 2018 (opens in new tab). He explains "it's the website's responsibility—or maybe third party can have a an API or something—to inform the users that their mouse movements, or keypresses are being monitored." He goes on to note that "companies could be nudged to be more transparent, more upfront about what they collect, and the risks about this collection."

Katie Wickens
Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been demystifying tech and science—rather sarcastically—for two years since. She can be found admiring AI advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. She's been heading the PCG Steam Deck content hike, while waiting patiently for her chance to upload her consciousness into the cloud.

See comments