Intel’s website records and tracks keystrokes, mouse clicks, and user cursor movement

Cybersecurity specialists report that Intel is facing a class action lawsuit for violating an anti-wiretapping law in the state of Florida, US. The plaintiffs argue that the company hid software on its website that allowed it to record users’ keystrokes and mouse movements without their express consent.

This is a new case of practice known as session replay, used by multiple companies to take detailed records of how their users interact with their websites, involving the capture of mouse movements, clicks and information queries on the page visited.

Under the lawsuit filed in Lake County Circuit Court, Florida, Intel is violating the state Communications Security Act, enacted in 2020 and which, among other things, prohibits companies from intentionally intercepting any electronic communication without consent.

Holly Londers, one of the plaintiffs, claims to have visited Intel’s website at least a dozen times between late 2020 and early 2021, which the company took advantage of to intercept its interactions without its consent on at least a couple of occasions: “This practice represents a flagrant invasion of our privacy as users,” Londers says.

It should be noted that this is a class action lawsuit and its scope applies to any user in the state of Florida who has visited Intel’s website and viewed their intercepted communications. The main objective of the plaintiffs is for Intel to stop carrying out this practice, in addition to forcing the company to delete records collected without the express consent of users.

Although the demand does not specify the name or type of software used by Intel for session playback, an additional report ensures that it is Clicktale, owned by the Contentsquare analytics company. Experts mention that this is a cloud-based analytical system and service that allows customers to visualize the visitor experience on their website. These tools were designed to improve presentation and functions on websites, although as detailed in previous paragraphs, their primary use is session replay.

This is not the first similar legal case, as a lawsuit filed in 2017 filed similar claims against companies such as Casper Sleep and Navistone Inc. for violations of the Electronic Communications Privacy Act, in effect since 1986. However, this case was dismissed for failures in the process.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.