Cisco Pulls Back on Routers’ ‘Supplemental Privacy Policy’

Cisco appears to have retracted a controversial addition to its privacy policy that allowed the company to track data, including complete Internet histories, for users of its Linksys E2700, E3500 and E4500 routers.

The policy revisions were part of an automatic firmware update that outraged users last week, who tried to log in and found they must instead install the new Cisco Cloud Connect service. The automatic upgrade came without notice and with forced acceptance of a less-private user agreement.

Cisco appears to have retracted a controversial addition to its privacy policy that allowed the company to track data, including complete Internet histories, for users of its Linksys E2700, E3500 and E4500 routers.

The policy revisions were part of an automatic firmware update that outraged users last week, who tried to log in and found they must instead install the new Cisco Cloud Connect service. The automatic upgrade came without notice and with forced acceptance of a less-private user agreement.

Of particular concern was this item: “When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); internet history; how frequently you encounter errors on the Service system and other related information (‘Other Information’).”

Joel Hruska at ExtremeTech this week reports the offending paragraph had been removed from the supplemental privacy statement. However, Cisco apparently isn’t backing down from the auto-update setting by default.

According to the site Electronista.com: “Cisco Systems reported that the privacy policy for the Cisco Connect Cloud service was a mistake, and has been removed, but the auto-update provision remains. Should users remain with the new service, provisions exist in the EULA to forcibly disable the routers by disconnection from the Connect Cloud service should they be used for illicit purposes, at the sole discretion of Cisco,”

Such illicitness includes “obscene, pornographic, or offensive purposes.”

The Cisco Home Community forum has instructions on how to downgrade the routers’ firmware and opt-out of future automatic updates. However, the company says the routers’ advanced features will not be available until the upgrade is performed.

Suggested articles

BlackEnergy Malware Plug-Ins Leave Trail of Destruction

Researchers at Kaspersky Lab discovered a cache of Windows and Linux plug-ins for the BlackEnergy malware that, in addition to data theft, allow it to target Cisco routers and even destroy hard drives it infects.

Discussion

  • Steve on

    A mistake?  I've worked for big companies in the network space and there is no way that this was a mistake.  In addition, so they changed the wording in the EULA but they still have the functionality built in to monitor.  Hardly makes me want to rush out and buy a Cisco product for my network.

  • intrntworkolution.net on

    Cisco appears to have retracted a controversial addition to its privacy policy that allowed the company to track data, including complete Internet histories, for users of its Linksys E2700, E3500 and E4500 routers.

  • internetworksolutions.net on

    Cisco appears to have retracted a controversial addition to its privacy policy that allowed the company to track data, including complete Internet histories, for users of its Linksys E2700, E3500 and E4500 routers.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.