Cisco apologizes for privacy 'confusion,' makes cloud service an opt-in feature

Customers had complained about automatic updates and a policy document that said Cisco might track Internet use

Cisco Systems has taken a step back from its Cisco Connect Cloud service, removing it as the default setting for management of its Linksys EA Series Wi-Fi routers after a firestorm of complaints from customers about automatic firmware updates and the service's terms of service.

The default method for managing the high-end Linksys routers has been changed to traditional setup and management over the local network, Cisco said in a blog entry posted on Thursday. When the company brought Cisco Connect Cloud online last week, it made the Internet-based administration service into the default tool for the routers.

Now, users who want the features of Cisco Connect Cloud will have to choose on their own to use it. This is a major step back from a service that the company had promoted as part of its vision of the future of home Wi-Fi routers. In a previous response to complaints, Cisco had stepped in to help users return to the older management system if they wanted, but the latest move makes users actively choose the new service. In the blog post announcing the change, Cisco also apologized twice and repeatedly sought to extinguish customers' concerns about privacy and automatic firmware updates.

"We believe lack of clarity in our own terms of service has contributed to many of our customers' concerns, and we apologize for the confusion and inconvenience this has caused," wrote Brett Wingo, vice president and general manager of Cisco Home Networking.

"Cisco Connect Cloud and Cisco Linksys routers do not monitor or store information about how our customers are using the Internet and we do not arbitrarily disconnect customers from the Internet. The Cisco Connect Cloud Service has never monitored customers' Internet usage, nor was it designed to do so," Wingo wrote.

"Cisco will not push software updates to customers' Linksys routers when the auto-update setting is turned off," he wrote.

The blog entry said Cisco would update its terms of service and related documentation as quickly as possible, though that would not be the first time the company has done so during the crisis. Changes announced last Friday failed to quell some vocal users' concerns.

Cisco Connect Cloud was announced in April alongside a new generation of Wi-Fi routers for homes, the Linksys EA2700, EA3500 and EA4500. Cisco said it would allow users to manage their wireless LANs remotely via a Web browser or a smartphone app, and it announced six third-party apps to work with the service and opened up the platform to other developers.

When the cloud service went live last week, some owners of the EA3500 and EA4500 routers complained on user forums that Cisco had updated their routers' firmware overnight and effectively forced them to move to cloud-based management. A LAN-based option was made available, but the users said it lacked many of the features that came with the previous LAN-based management.

Even worse, disgruntled customers looked into Cisco Connect Cloud's terms of service and found that Cisco said it might collect information about use of the service, including users' Internet history. The terms also said Cisco might share "aggregated and anonymous user experience information" with third parties. That language sparked outrage among customers, some of whom said they would stop using the Linksys routers.

After the complaints, Cisco rewrote the privacy policy and took steps to help users roll back their router firmware to the previous version and opt out of automatic updates. But complaints continued. The updated privacy policy raised concerns among some customers that Cisco might take their routers offline based on the terms of service.

While changing the default status of Cisco Connect Cloud, Cisco stood by cloud-based router management in Thursday's blog post. "We are committed to providing both Cloud-enabled and local management software," Wingo wrote.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts