Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco's Connect Cloud Policy Change Was Bad Business

Cisco did a very strange thing June 27: It pushed a firmware update to its Linksys EA4500, EA3500 and EA2700 wireless routers that required router users to create a Cisco Connect Cloud account and changed its privacy policy. The update gave Cisco the rights to collect and retain data. That's a problem for anyone who cares about privacy and could affect your organization's governance policy.

There are two troubling aspects to what happened: The first is requiring that end users create a service account before they're allowed to access the equipment they bought. When the access points shipped there was no such requirement, and when Cisco pushed out the new firmware, some owners were surprised to find they were locked out of the routers.

Brett Wingo, VP and general manager of Cisco Home Networking, cheekily said in a blog post that the only people affected where those who opted in to automatic updates. ZDNet's Steven J. Vaughan-Nichols, who owns one of the affected router models, said auto-update was enabled by default. So, pretty much everyone who bought the product was affected. By the way, I turn off auto-updates on everything I own.

Wingo just announced that Connect Cloud is no longer required to manage the routers nor will Cisco arbitrarily disconnect Connect Cloud users from the service based on how they are using the Internet. Cisco is being responsive to the complaints.

The primary issue causing the uproar was a change in the Cisco Connect Cloud Supplement policy that stated the company could "keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); Internet history; how frequently you encounter errors on the Service system and other related information ('Other Information')" [emphasis added]. The policy immediately explains that this data will be used for support and optimized service. Cisco has since changed the supplement and removed the language granting it access to your data.

Next: When Data Gathering Makes Sense

  • 1