Cisco changes privacy policy for Linksys routers after uproar

Cisco removed language saying Cisco might collect and share Wi-Fi router users' Internet history

Cisco Systems said a privacy policy for the Cisco Connect Cloud service that alarmed some customers was a mistake and has been removed.

The cloud service, which among other things allows users of some Wi-Fi home routers to manage their devices from away from home, went live last week and was included in an automatic firmware update to those routers. That brought a flood of complaints to online forums about both the firmware update and the privacy document, which said Cisco might track and share information about customers' Internet use and other data.

"We removed content that could have been misinterpreted as being inconsistent with Cisco's privacy statement based on a selective analysis," Cisco said in a statement.

"In a nutshell, this was just a mistake," Cisco spokesman David McCulloch said.

The specific privacy policy for the cloud service is contained in a "Cisco Connect Cloud Supplement," that expands upon Cisco's general corporate privacy policy. There is a link to the supplement on the right side of the general privacy page. Parts of the supplement, including the reference to collecting Internet history, have been removed. McCulloch said he could not immediately explain how the stricken language was included by mistake.

Some users of the Linksys EA3500 and EA4500 routers wrote on online forums last week that Cisco apparently had updated the firmware on their routers automatically without their consent. The new firmware prompted them to start managing their routers through the Cisco Connect Cloud service, which administers a router over the Internet instead of directly over the wireless LAN. Some users said they weren't able to keep managing their routers locally except through a limited interface that lacked features they were used to.

Along the way, one user pointed out a section of the privacy policy for Cisco Connect Cloud that said the company might keep track of a variety of information including Internet history and might share "aggregated and anonymous user experience information" with service providers and other third parties.

The updated privacy supplement for the cloud service says, "Cisco may collect and store detailed information regarding your network configuration and usage for the purpose of providing you technical networking support." It says that data will be associated with the customer only when he or she provides an ID number, randomly generated and under the user's control, to the support representative.

An administrator on the Cisco Home Community forum subsequently posted a link to instructions for downgrading the routers' firmware and opting out of future automatic upgrades.

But Cisco also responded to the complaints with a dedicated post to its official blog on Friday.

"Cisco Connect Cloud was delivered only to consumers who opted in to automatic updates. However, we apologize that the opt-out process for Cisco Connect Cloud and automatic updates was not more clear in this product release, and we are developing an updated version that will improve this process," Cisco Home Networking Vice President and General Manager Brett Wingo wrote in the blog post. The post directed customers who wanted to return to the traditional Linksys management software to call the Linksys customer support line.

The blog post also partly addressed the questions about the privacy policy but didn't say the "Cisco Connect Cloud Supplement" had been changed. McCullough said on Monday that the blog might be updated.

Linksys is a brand used on products from Cisco's Home Networking Business Unit.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts