AAPL Stock: 117.81 ( -0.22 )

Printed from

Cisco forces firmware update, new privacy policy on users

updated 07:30 pm EDT, Tue July 3, 2012

E2700, E3500, E4500 'cloud' routers affected, rollback possible

Router and switch maker Cisco recently pushed an automatic firmware update on some of its routers that forced users to sign up for a new service, and also mandated a less-private "shrink wrap" EULA at the same time, outraged users report. Internet forums lit up about both the firmware update and privacy document, which suggested Cisco could track and share information about users' Internet usage, such as sites visited, data quantities sent and received, and "other information" in the interest of improving service quality.

Users of the E2700, E3500, and E4500 routers that did not specifically opt-out of the automatic upgrades found themselves asked to log in to the newly launched Cisco Cloud Connect service with no notification of the change. Power-cycling the router restored the old login and password, but also crippled the router by removing or changing control of a number of advanced functions, such as port forwarding, DMZ application, and parental controls.

On June 27, On June 27, Cisco's privacy statement in a "shrink-wrap" license with the upgrade was changed to read: "When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); internet history; how frequently you encounter errors on the Service system and other related information ('Other Information')." This sentence has been removed entirely from the current version of the security policy.

A new clause was added to the privacy policy near the end of the document -- Cisco reserves the right in some circumstances (determined by Cisco) to automatically update its routers, regardless of the auto-update setting.

Cisco Systems reported that the privacy policy for the Cisco Connect Cloud service was a mistake, and has been removed, but the auto-update provision remains. Should users remain with the new service, provisions exist in the EULA to forcibly disable the routers by disconnection from the Connect Cloud service should they be used for illicit purposes, at the sole discretion of Cisco.

Should the routers be used for "obscene, pornographic, or offensive purposes, to infringe another's rights, including but not limited to any intellectual property rights, or... to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability," Cisco reserves the right to "take such action as we deem necessary or are otherwise required to take by a third party or court of competent jurisdiction, in each case in relation to your access or use or misuse of such content or data. Such action may include, without limitation, discontinuing your use of the Service immediately without prior notice to you, and without refund or compensation to you."

An administrator on the Cisco Home Community forum provided information on how to downgrade the routers' firmware, and how to opt-out of future automatic updates. Cisco warns, however, that the 'advanced features' of the routers won't be available if the upgrade is not performed.

by MacNN Staff



  1. Makosuke

    Joined: Dec 1969


    "obscene, pornographic, or offensive"

    I always find those "obscene, pornographic, or offensive" clauses somewhat ironic, since in many areas of the US, and/or depending on definition, pornography is entirely legal, and to my knowledge offensive things are pretty much everywhere by most definitions of the word "offensive." Obscenity, generally not.

    In this case, of course, the pornography part goes from legalistic clause to raging irony and/or completely preposterous, since a substantial number of the people buying the product are going to be shoving pornography through it. For some percentage that's probably their main reason for owning the thing.

    Not even illegal pornography, just regular, vanilla, legit p***.

  1. climacs

    Joined: Dec 1969


    WTF Cisco

    sounds like someone's listening to the legal dept. too much, or got played by RIAA/MPAA.

  1. climacs

    Joined: Dec 1969



    keep in mind that 98 times out of 100, the company writing the contract/EULA/fine print is going to do so in a way that covers their butt to the maximum.

    I think what they are trying to do is cover their butts with regard to being sued because someone used a Cisco router to download kiddie p***.

    Does anyone sue Ford because one of their cars was used to commit a crime?

    Is there any need for Cisco to involve itself in what people do with their routers?

  1. The Vicar

    Joined: Dec 1969



    That's going to hurt Cisco's sales. Badly. As in "going out of business next year" badly. This single act probably removed them from the list of approved vendors of just about every single corporate IT department in the world, because nobody wants to have to explain to the CEO that he can't get his e-mail because you knowingly built your network out of pieces which aren't under your control.

    Of course, having had to use Cisco's website to look up some support data recently, I'd have to say "good riddance". They're getting as bad as HP.

  1. testudo

    Joined: Dec 1969


    Re: Ouch

    Corporate types care? Nah, why would they care? Next thing you know they won't allow their company to buy Apple products because they lack any sort of defined service and update policy!

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented