fbpx

Footlocker, SessionCam “Wiretapping” Visits to Website California Class Action

“Wiretapping” used to mean things like eavesdropping on telephone calls. Nowadays, it may refer to secretly monitoring a visitor’s actions at a website. The complaint for this class action alleges that Foot Locker Retail, Inc. and SessionCam, Ltd. perform this kind of wiretapping, “to secretly observe and record website visitors’ keystrokes, mouse clicks, and other electronic communications including the entry of Personally Identifiable Information (‘PII’), in real time.

The class for this action is all California residents who visited the Footlocker website, whose electronic communications were intercepted or recorded SessionCam.

Footlocker sells shoes. The other defendant in this case is SessionCam, a British company that offers software as a service (SaaS). One of its products is Session Replay, which can record the “session” of customers who visit the website, exactly as the visitor sees it while using it.

The complaint quotes SessionCam as saying that companies can “[u]se session replay to see the website experience you actually deliver to customers…” It allows companies like Footlocker to “see mouse movements, clicks/taps, masked form input, page scrolling and mobile gestures like pinch, zoom, tap, double tap, swipe, tilt and screen resizing.”

How does SessionCam manage to do this without the visitors knowing? It uses embedded snippets of code … [that] watch and record a visitor’s every move on a website, in real time.” The sessions are not just statistics; they are meant to be played back, as if the watcher is looking over a visitor’s shoulder.

This kind of recording can be both intrusive and dangerous, the complaint says, because users can unknowingly be exposed to data leaks and other security problems.

According to the complaint, “A 2017 study by Princeton University found that session recording technologies were collection sensitive user information such as passwords and credit card numbers. The research notes that this was not simply the result of a bug, but rather insecure practices.”

Footlocker is one of the companies that has chosen to work with SessionCam, embedding its code in the Footlocker website. The recording of a session begins as soon as a visitor accesses or interacts with the website.

The plaintiff in this class action, John Jacobo, III, visited the Footlocker website in December 2020 to buy a pair of sneakers. The complaint alleges that at the time of his visit, the software captured his keystrokes and actions, and also the time, date, and duration of his visit, his IP address, his location at the time, his browser type, and his computer’s operating system.

The complaint quotes the Princeton study as saying that “the extent of data collected by these services far exceeds user expectations; text typed into forms is collected before the user submits the form, and precise mouse movements are saved, all without any visual indication to the user. This data can’t reasonably be expected to be kept anonymous.”

The counts include violations of the California Invasion of Privacy Act, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Footlocker, SessionCam “Wiretapping” Visits to Website California Complaint

January 19, 2021

“Wiretapping” used to mean things like eavesdropping on telephone calls. Nowadays, it may refer to secretly monitoring a visitor’s actions at a website. The complaint for this class action alleges that Foot Locker Retail, Inc. and SessionCam, Ltd. perform this kind of wiretapping, “to secretly observe and record website visitors’ keystrokes, mouse clicks, and other electronic communications including the entry of Personally Identifiable Information (‘PII’), in real time.

Footlocker, SessionCam “Wiretapping” Visits to Website California Complaint

Case Event History

Footlocker, SessionCam “Wiretapping” Visits to Website California Complaint

January 19, 2021

“Wiretapping” used to mean things like eavesdropping on telephone calls. Nowadays, it may refer to secretly monitoring a visitor’s actions at a website. The complaint for this class action alleges that Foot Locker Retail, Inc. and SessionCam, Ltd. perform this kind of wiretapping, “to secretly observe and record website visitors’ keystrokes, mouse clicks, and other electronic communications including the entry of Personally Identifiable Information (‘PII’), in real time.

Footlocker, SessionCam “Wiretapping” Visits to Website California Complaint
Tags: Your Privacy, wiretapping