An accountant once advised me, “always ask for more than you reasonably expect to receive”. Software and web-based service companies have taken this advice to its limit: they don’t ask; they just take. Facebook tramples on users’ privacy, and when they’re caught, they apologize and retreat until the heat goes away. We reluctantly expect this bad behavior from service vendors.
The newest twist on the abuse-of-privacy theme is Cisco’s recent update of its Linksys brand EA3500 and EA4500 routers. The routers shipped with firmware that, when connected to the Internet, connects to Cisco, without notice to the routers’ owners, and downloads updates from Cisco. The update then removes administrator access rights to the router, adds remote administrator capability <yikes!> and, when the router owner attempts to login as admin to his own router, he’s redirected to a Terms Of Service (TOS) page to which he’s required to agree. Buried in the terms is an agreement to allow Cisco to collect whatever information they wish to. In a small network, this is the firewall between your computers and the hordes waiting outside the gates. You’ve agreed to install spyware on this critical component.
At one time both Cisco and Linksys were honorable companies. Cisco built a good reputation in the enterprise marketplace; Linksys did the same in the small business and home office (SOHO) marketplace. Linksys was founded by a husband and wife team who originally built small boxes that linked computers and peripherals together. Linksys produced the classic WRT54G router, which I like. When they looked for a corporate buyer, they wisely chose Cisco; they insisted that Cisco retain the Linksys name.
With this stupid firmware update, Cisco has seriously damaged the good reputations of both brand names. Cisco issued two apologies and rolled back the update. Not good enough. To ensure that it doesn’t happen again, heads should roll.
Read Cisco’s “apology”. It doesn’t apologize for bad intent; it apologizes for failure to clearly define its (bad) intent. That’s no apology. I repeat: heads — upper managers’ heads — should roll.
Does this sound too harsh? No, it’s necessary. Look at the stupid way that Yahoo! stored clear-text passwords on its servers. Yahoo! replaced its CEO (again).