California Law Firms Reveal Shocking Website Wiretapping Secrets

man writing on paper

Understanding Wiretapping

When thinking about wiretapping, a website is not usually the first thing that comes to mind. Typically, images of federal agents with headsets and tape recorders are conjured. However, technologies such as chatbots or tracking pixels might also be considered forms of wiretapping.

What is Wiretapping?

The legal definition of wiretapping can be found in the California Invasion of Privacy Act (CIPA). According to California Penal Code §631, wiretapping involves using a device to intentionally connect via a line or cable to read or attempt to read the contents of a communication. Both ‘pen register’ and ‘trap and trace’ devices are prohibited without explicit consent or a court order.

Pen Register

A ‘pen register’ records dialing, routing, addressing, or signaling information transmitted by an instrument but does not capture the content of the communication.

Trap and Trace Device

A ‘trap and trace’ device records incoming impulses that identify the source of the signal without collecting the content of the transmission.

The key point is that these devices capture routing information rather than phone numbers. The vague nature of this definition presents various challenges.

Website Owners Facing Wiretapping Lawsuits

Last year, a motion to dismiss was denied in Greenley v. Kochava. The plaintiff argued that including code in an SDK that forwarded user location information was akin to using a pen register or trap and trace device. This interpretation stretches from the original intent of CIPA.

Plaintiffs have filed many lawsuits in California courts applying CIPA to new technologies. While not all suits succeed, some plaintiffs have seen success.

Common Targets

Businesses using chatbots, website session replay technologies, and pixel tracking technologies are common targets for these lawsuits. Chatbots are compared to secret wiretaps allowing third parties to listen without user consent. Session replay technology may be used for targeted advertisements by eavesdropping on private conversations. Pixel tracking can collect information about user interactions surreptitiously.

CIPA’s Wide Reach

CIPA can impact businesses outside California if certain conditions are met:

  • The website is California-specific.
  • The company drives California residents to its site.
  • The company profits from California viewers.

These questions help determine if CIPA applies, but answers are not always straightforward.

Avoiding Lawsuits

User consent is crucial for compliance with privacy laws like CIPA. Explicit permission should be requested for installing cookies or recording session information. This protects clients from unnecessary legal issues and future-proofs websites against new privacy laws being enacted across various states.

Implementing well-written privacy policies, comprehensive terms of service, and effective cookie consent banners can shield businesses from aggressive privacy lawsuits. Tools like Termly and Termageddon simplify this process for small businesses lacking dedicated legal teams.