Cisco's ugly bait and switch

Can a network security vendor that betrays its customers ever be trusted again?

You may have heard about Cisco's shenanigans last week, in which an automatic firmware update for several models of the company's Linksys home wireless routers forced users to create and log into a Cisco cloud service account to manage their router. In addition, some previously available functionality disappeared in the update. I cannot fathom how a company whose reputation is built on its tech savvy could concoct such a disaster of a scheme. And it gets worse.

The terms of service users are required to accept (in order to operate a router they've already bought) gives Cisco the right to monitor and track information about your Internet usage. The language also hints that if you download copyrighted files, or obscene or pornographic images, Cisco could potentially brick your router.

[ Also on InfoWorld: Teach your router new tricks with open source alternative DD-WRT. | Get expert networking how-to advice from InfoWorld's Networking Deep Dive PDF special report and Technology: Networking newsletter. ]

A network intrusion

In the intervening days since the discovery of this disgusting display of corporate thuggery, Cisco has backtracked. The company promises to modify the terms of service to remove some of the more egregious language, but as ExtremeTech points out, that doesn't matter -- Cisco can still update those terms at any time. Cisco has also provided a way to downgrade affected devices, but that leaves users without an upgrade path in the future. It's actions like this that make open source solutions all the more attractive.

The long and the short of this is that everyone loses. Anyone who purchased one of these routers has an essentially orphaned device on their hands. What Cisco sold them for hundreds of dollars is no longer the same device it was prior to this action. The hardware hasn't changed, but the service, support, and functional environment has been compromised. Given that these routers are still actively for sale, one might think Cisco could be taken to court over some breach of the law.

Imagine if you bought a toaster, and after a few months of normal operation, the manufacturer came to your house and removed internal parts so that it no longer toasted properly. And while they were there, they forced you to agree to let them monitor your kitchen and potentially deactivate the toaster if they didn't like what they saw. It's lunacy.

This blatant technical malfeasance needs to be crushed early. The backlash against such corporate actions has to be massive in order to dissuade these scenarios from playing out in other areas. A similar, highly publicized case was VeriSign's Site Finder debacle back in 2003. As soon as VeriSign turned on Site Finder, the Internet exploded into a rage as mail started bouncing for no reason, applications began failing, and massive amounts of information destined for other places wound up on VeriSign's doorstep. For instance, if you made a typo in the address of a sensitive email, that message was delivered to VeriSign instead of bouncing back as undeliverable. It was a catastrophe for Internet users and inflicted much to damage to VeriSign's reputation (which wasn't great to begin with).

1 2 Page 1
Page 1 of 2