Cisco apologizes for privacy 'confusion,' makes cloud service an opt-in feature

Customers had complained about automatic updates and a policy document that said Cisco might track Internet use

Cisco Systems has taken a step back from its Cisco Connect Cloud service, removing it as the default setting for management of its Linksys EA Series Wi-Fi routers after a firestorm of complaints from customers about automatic firmware updates and the service's terms of service.

The default method for managing the high-end Linksys routers has been changed to traditional setup and management over the local network, Cisco said in a blog entry posted on Thursday. When the company brought Cisco Connect Cloud online last week, it made the Internet-based administration service into the default tool for the routers.

Now, users who want the features of Cisco Connect Cloud will have to choose on their own to use it. This is a major step back from a service that the company had promoted as part of its vision of the future of home Wi-Fi routers. In a previous response to complaints, Cisco had stepped in to help users return to the older management system if they wanted, but the latest move makes users actively choose the new service. In the blog post announcing the change, Cisco also apologized twice and repeatedly sought to extinguish customers' concerns about privacy and automatic firmware updates.

"We believe lack of clarity in our own terms of service has contributed to many of our customers' concerns, and we apologize for the confusion and inconvenience this has caused," wrote Brett Wingo, vice president and general manager of Cisco Home Networking.

"Cisco Connect Cloud and Cisco Linksys routers do not monitor or store information about how our customers are using the Internet and we do not arbitrarily disconnect customers from the Internet. The Cisco Connect Cloud Service has never monitored customers' Internet usage, nor was it designed to do so," Wingo wrote.

"Cisco will not push software updates to customers' Linksys routers when the auto-update setting is turned off," he wrote.

The blog entry said Cisco would update its terms of service and related documentation as quickly as possible, though that would not be the first time the company has done so during the crisis. Changes announced last Friday failed to quell some vocal users' concerns.

Cisco Connect Cloud was announced in April alongside a new generation of Wi-Fi routers for homes, the Linksys EA2700, EA3500 and EA4500. Cisco said it would allow users to manage their wireless LANs remotely via a Web browser or a smartphone app, and it announced six third-party apps to work with the service and opened up the platform to other developers.

When the cloud service went live last week, some owners of the EA3500 and EA4500 routers complained on user forums that Cisco had updated their routers' firmware overnight and effectively forced them to move to cloud-based management. A LAN-based option was made available, but the users said it lacked many of the features that came with the previous LAN-based management.

Even worse, disgruntled customers looked into Cisco Connect Cloud's terms of service and found that Cisco said it might collect information about use of the service, including users' Internet history. The terms also said Cisco might share "aggregated and anonymous user experience information" with third parties. That language sparked outrage among customers, some of whom said they would stop using the Linksys routers.

After the complaints, Cisco rewrote the privacy policy and took steps to help users roll back their router firmware to the previous version and opt out of automatic updates. But complaints continued. The updated privacy policy raised concerns among some customers that Cisco might take their routers offline based on the terms of service.

While changing the default status of Cisco Connect Cloud, Cisco stood by cloud-based router management in Thursday's blog post. "We are committed to providing both Cloud-enabled and local management software," Wingo wrote.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Management Solutions

Endpoint Security Management

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »