A Florida lawsuit accusing Intel of unlawful interception of electronic communication – aka wiretapping – claims the company used the software to capture mouse movements and clicks, data input into the website, content viewed on the website, dates and times of visits, and how the plaintiffs generally interacted with the tech giant’s site.
The class-action suit is based on the 2020 Florida Security of Communications Act, which makes it a crime to intercept a wire, oral, or electronic communication without all of the parties’ prior consent.
The news was first reported by The Register.
What you need to know about session replay software
“Session replay reproduces your user’s online experience like it’s video,” according to FullStory, a web analytics firm that identifies user web page behavior.
The website goes on to explain that session replay software tries to reproduce the user’s interaction with a website “exactly or as closely as possible to how the user actually experienced it.”
Session replay captures mouse movements, clicks, page visits, scrolling, tapping and other interactions.
The software got attention in 2017 when a study was published by Princeton’s Center for Information Technology Policy, according to The Register.
The study found that the scripts of seven of the most popular session replay services were used on 482 of the Alexa top 50,000 websites.
The study echoed other descriptions of session replay software but added that “unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.”
How insidious is session replay software?
“Nearly every website records site and user interaction analytics such as page clicks, time spent on each page, and form data submitted by the user,” Ray Kelly, principal security engineer at WhiteHat Security, a San Jose, California-based provider of application security, told Fox News.
General Data Protection Regulation (GDPR) states that collecting analytics is fine as long as it’s anonymous or the user explicitly gave consent to use their data, Kelly said.
“In the Florida class-action lawsuit, the defendants would need to prove that the data captured is able to be directly tied back to them or … if they can prove personal identifiable information (PII) was collected without consent,” Kelly said.
That sentiment was echoed at a Federal Trade Commission event, FTC PrivCon 2018, by Gunes Acar, at the time a post-doctoral research associate in Princeton’s Center for Information Technology Policy.
“When you start providing data to the page — like, input forms. For example, writing your name — surname, Social Security number, credit card number, for example, for buying products — then there’s a problem.”
Intel declined to comment when contacted by Fox News.