Cisco Does Damage Control over Cisco Connect Cloud Fiasco

A couple of weeks ago, Cisco launched Cisco Connect Cloud, a cloud platform for Linksys Smart WiFi routers that was designed to make setting up and using the router much simpler and more user-friendly and included a convenient mobile app and third-party apps that offered enhanced functionality such as easy streaming to smart TVs.

Suffice it to say that however Cisco expected the early returns on the platform to go, it was not expecting the amount of blowback it received; apparently, not everyone wants to be forced into opting in to a cloud service, especially one that contained the following in its original Terms of Service:

When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); internet history; how frequently you encounter errors on the Service system and other related information (“Other Information”).

Users of certain Linksys routers (the E2700, E3500, and E4500 to be exact) with the automatic firmware update option selected were suddenly prompted to log in with new Cisco Connect Cloud credentials, effectively signing them up for the service.

Cisco Connect Cloud screenshot
Screenshot of Cisco Connect Cloud

Within two days of the service’s launch, Cisco had to whip out a blog post clarifying questions about the service, in which it apologized for the obtuse opt-out process, promised a more clear update, and gave a phone number users could call to have an agent walk them through the opt-out process. (We hope some manager bought all those unfortunate agents donuts every day.)

This week, Cisco penned yet another blog further addressing users’ concerns. In summation: Users are not required to sign up for Cisco Connect Cloud, they can manage their routers without it, their service will not be terminated based on Internet usage, the routers do not gather personal data about Internet activities, new login credentials are only used for logging in to the service and local administrative passwords aren’t stored online, and no software updates will be pushed out to users with the auto setting switched off.

How the service works

Some of the most egregious language appears to have been removed from the ToS, as well, which had included agreements that users wouldn’t invade others’ privacy or violate their rights, look at pornography, send out spam or malware, and so on. None of that is even remotely germane to a piece of networking hardware, which makes it all the more bizarre.

In the end, the debacle has more to do with a poorly-written ToS and clumsy implementation than an evil plan of some kind, but regardless, the damage has been done. Cisco messed with a good thing--its popular and reliable routers--and has learned a difficult lesson as a result.