Techly NewsGet the app

Get the latest tech news

A tech-law measurement and analysis of event listeners for wiretapping


The privacy community has a long track record of investigating emerging types of web tracking techniques. Recent work has focused on compliance of web trackers with new privacy laws such as Europe's GDPR and California's CCPA. Despite the growing body of research documenting widespread lack of compliance with new privacy laws, there is a lack of robust enforcement. Different from prior work, we conduct a tech-law analysis to map decades-old U.S. laws about interception of electronic communications--so-called wiretapping--to web tracking. Bridging the tech-law gap for older wiretapping laws is important and timely because, in cases where legal harm to privacy is proven, they can provide statutory private right of action, are at the forefront of recent privacy enforcement, and could ultimately lead to a meaningful change in the web tracking landscape. In this paper, we focus on a particularly invasive tracking technique: the use of JavaScript event listeners by third-party trackers for real-time keystroke interception on websites. We use an instrumented web browser to crawl a sample of the top-million websites to investigate the use of event listeners that aligns with the criteria for wiretapping, according to U.S. wiretapping law at the federal level and in California. We find evidence that 38.52% websites installed third-party event listeners to intercept keystrokes, and that at least 3.18% websites transmitted intercepted information to a third-party server, which aligns with the criteria for wiretapping. We further find evidence that the intercepted information such as email addresses typed into form fields are used for unsolicited email marketing. Beyond our work that maps the intersection between technical measurement and U.S. wiretapping law, additional future legal research is required to determine when the wiretapping observed in our paper passes the threshold for illegality.

View a PDF of the paper titled Every Keystroke You Make: A Tech-Law Measurement and Analysis of Event Listeners for Wiretapping, by Shaoor Munir and 4 other authors Different from prior work, we conduct a tech-law analysis to map decades-old U.S. laws about interception of electronic communications--so-called wiretapping--to web tracking. In this paper, we focus on a particularly invasive tracking technique: the use of JavaScript event listeners by third-party trackers for real-time keystroke interception on websites.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of analysis

analysis

Photo of keystroke

keystroke

Photo of event listeners

event listeners

Related news:

News photo

The U.S. is losing thousands of manufacturing jobs, analysis finds

News photo

Nvidia’s Huang Sees China as a $50 Billion Opportunity

News photo

US Is Throwing Away the Critical Minerals It Needs, Analysis Shows

« Euronext to Replace Teleperformance on Benchmark CAC Index
The obstacles to scaling up humanoids »