Cisco's Connect Cloud Policy Change Was Bad Business

Cisco did a very strange thing June 27: It pushed a firmware update to its Linksys EA4500, EA3500 and EA2700 wireless routers that required router users to create a Cisco Connect Cloud account and changed its privacy policy. The update gave Cisco the rights to collect and retain data. That's a problem for anyone who cares about privacy and could affect your organization's governance policy.

There are two troubling aspects to what happened: The first is requiring that end users create a service account before they're allowed to access the equipment they bought. When the access points shipped there was no such requirement, and when Cisco pushed out the new firmware, some owners were surprised to find they were locked out of the routers.

Brett Wingo, VP and general manager of Cisco Home Networking, cheekily said in a blog post that the only people affected where those who opted in to automatic updates. ZDNet's Steven J. Vaughan-Nichols, who owns one of the affected router models, said auto-update was enabled by default. So, pretty much everyone who bought the product was affected. By the way, I turn off auto-updates on everything I own.

Wingo just announced that Connect Cloud is no longer required to manage the routers nor will Cisco arbitrarily disconnect Connect Cloud users from the service based on how they are using the Internet. Cisco is being responsive to the complaints.

The primary issue causing the uproar was a change in the Cisco Connect Cloud Supplement policy that stated the company could "keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); Internet history; how frequently you encounter errors on the Service system and other related information ('Other Information')" [emphasis added]. The policy immediately explains that this data will be used for support and optimized service. Cisco has since changed the supplement and removed the language granting it access to your data.

Next: When Data Gathering Makes SenseNetworking vendors like Cisco and Juniper have added data-gathering functions to their enterprise equipment that, when directed by support or initiated by an administrator, will bundle together a bunch of data like the configuration and current status and send it to technical support. This is beneficial because it saves the administrator the hassle of running a bunch of obscure comments, capturing the output, zipping it up and sending it to support. But you, the administrator, have to kick off the process with the enterprise products.

Having the same feature in a home router makes sense provided you, the router owner, are the only person who can initiate the process. Giving Cisco carte blanche to gather data at will is not right, and Cisco was overreaching. What the company could have done, and should have done, is made the data gathering opt-in and then made a brief request on what it wanted to gather and how the data would be used. Data acquisition is common in mobile apps, where the developers ask if they can collect data so they can track feature use and focus development efforts. I bet there are many customers, including me, who agree to the data collection. The key is: Ask first.

Data gathering is a particularly troubling governance issue for enterprises that have home employees. The amount of data like host names, application names and even query parameters in an HTTP request can lead to inadvertent data exposures. If you, the employer, can't determine where your data is residing, you have a potential governance issue, and automatic data collection, even for benign reasons, is a problem. Granted, most remote employees access IT resources over a VPN, but there's no guarantee that some data doesn't leak out. The point is, you don't know.

The second issue was the affected routers required customers to sign up for a Connect Cloud account before they could manage the router. Prior to the update, customers could just log in locally. Cisco should not have tried to force customers to create accounts to access devices they already purchased.

Worse, if you were found in violation of the Cisco Connect Cloud Terms of Service, "Cisco shall have the right, in its discretion, to modify, suspend or discontinue the Service at any time without liability to Cisco."

You could, apparently, disconnect the Internet side of your router to get local access, but that's not helpful especially if you are troubleshooting a problem that you're researching on the Internet.

Subscribing to Connect Cloud should be optional unless you're explicitly buying a system that's marketed as a hybrid management system, where the box clearly states that you're required to sign up for an account prior to use. Vaughan-Nichols tried it and reported that he thought there were some nice features. There very well may be excellent features, but don't pull a fast one and require an account after customers have already bought and installed the product.

I understand that companies like Cisco want to create good services and a good customer experience. I don't believe they are Evil Corp., wanting to spy on your every move, but there are better ways of making service changes such as asking before you make fundamental changes to a product and allowing those fundamental changes to be optional for those who don't want the features. Because remember, Cisco: Your customers are using your products in ways beyond your intended use, such as remote employees, and service changes can have broad impacts.