Cisco changes privacy policy for Linksys routers after uproar

Cisco Systems said a privacy policy for the Cisco Connect Cloud service that alarmed some customers was a mistake and has been removed.

The cloud service, which among other things allows users of some Wi-Fi home routers to manage their devices from away from home, went live last week and was included in an automatic firmware update to those routers. That brought a flood of complaints to online forums about both the firmware update and the privacy document, which said Cisco might track and share information about customers’ Internet use and other data.

“We removed content that could have been misinterpreted as being inconsistent with Cisco’s privacy statement based on a selective analysis,” Cisco said in a statement.

“In a nutshell, this was just a mistake,” Cisco spokesman David McCulloch said.

The specific privacy policy for the cloud service is contained in a “Cisco Connect Cloud Supplement,” that expands upon Cisco’s general corporate privacy policy. There is a link to the supplement on the right side of the general privacy page. Parts of the supplement, including the reference to collecting Internet history, have been removed. McCulloch said he could not immediately explain how the stricken language was included by mistake.

Some users of the Linksys EA3500 and EA4500 routers wrote on online forums last week that Cisco apparently had updated the firmware on their routers automatically without their consent. The new firmware prompted them to start managing their routers through the Cisco Connect Cloud service, which administers a router over the Internet instead of directly over the wireless LAN. Some users said they weren’t able to keep managing their routers locally except through a limited interface that lacked features they were used to.

Along the way, one user pointed out a section of the privacy policy for Cisco Connect Cloud that said the company might keep track of a variety of information including Internet history and might share “aggregated and anonymous user experience information” with service providers and other third parties.

The updated privacy supplement for the cloud service says, “Cisco may collect and store detailed information regarding your network configuration and usage for the purpose of providing you technical networking support.” It says that data will be associated with the customer only when he or she provides an ID number, randomly generated and under the user’s control, to the support representative.

An administrator on the Cisco Home Community forum subsequently posted a link to instructions for downgrading the routers’ firmware and opting out of future automatic upgrades.

But Cisco also responded to the complaints with a dedicated post to its official blog on Friday.

“Cisco Connect Cloud was delivered only to consumers who opted in to automatic updates. However, we apologize that the opt-out process for Cisco Connect Cloud and automatic updates was not more clear in this product release, and we are developing an updated version that will improve this process,” Cisco Home Networking Vice President and General Manager Brett Wingo wrote in the blog post. The post directed customers who wanted to return to the traditional Linksys management software to call the Linksys customer support line.

The blog post also partly addressed the questions about the privacy policy but didn’t say the “Cisco Connect Cloud Supplement” had been changed. McCullough said on Monday that the blog might be updated.

Linksys is a brand used on products from Cisco’s Home Networking Business Unit.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen’s e-mail address is stephen_lawson@idg.com