I posted this in Belkin Routers Route Users to Censorware Ad, here, but I wanted to keep a copy here as well.
I also sent a copy to Belkin.
In response to my letter of indignation to Belkin, I received the same form letter many of you have received, signed by
Kannyn MacRae,
Business Unit Manager, Networking
Belkin Corporation
The letter makes it clear that Belkin still doesn't get it. The letter isn't an apology, it's an explanation, an excuse for Belkin's reprehensible conduct, and it's full of spin - that's the polite way of saying misinformation, which is the polite way of saying lies.
The letter begins by claiming that "a group of privacy advocates have targeted Belkin Routers". That's not the case at all - a single user posted an explanation of Belkin's router's hijacking, and asked if anyone knew any more about it, in the usenet group news.admin.net-abuse.email. No group was involved, and there was no targeting.
The letter continues with a claim that "[t]he Parental Control registration page is not spam, adware or spyware. It is part of the setup process of the router. It does not "hi-jack" the browser." It is, apparently, part of the set-up process, but that's spam in and of itself: the user hasn't purchased Belkin's "Parental Control", but in the process of installing what he has purchased, the user is forced to sit through an advertisement for another Belkin product, whether or not the user has requested this advertisement. That's the essence of spam.
(And yes, I know that businesses like to claim that unsolicited advertisements are not spam if there is a "pre-existing" relationship with the customer, but that's bunk. Buying a product does not involve an implicit agreement to surrender my time to the manufacturer.)
Even if you're willing to buy [corrected 9 Nov 2003] the argument that installing a product should be made more complicated and time-consuming by subjecting you to advertising, the reason that Belkin's received so much unfavorable publicity is not a one-time ad at install. The problem is the ads repeat indefinitely, every eight hours, until you, the user - Belkin's valued customer - takes some action to make them stop. And this is the same as he sneering spammer who sends you unsolicited email with a "click here to opt out" link. Not only does it steal your time, it steals more of your time before you can make it go away.
The letter goes on to state that "nor does Belkin have the ability to advertise to our customers using our routers as a conduit."
Wait a second, lady. This whole brouhaha started because Belkin continues to use its routers as a conduit to deliver customers to its ad for "Parental Control" every eight hours. If your routers didn't have that ability, we wouldn't all be telling you why we're not going to buy Belkin products anymore. This is a blatant lie, and an insult to the intelligence of anyone reading it. The page the router delivers users to is an ad. It's a solicitation to do additional business with Belkin.
The letter also claims that "[i]f a customer clicks "No Thanks" on the first prompt, the for Parental Control signup will no longer appear." Not entirely true. Belkin Manager Eric Deming admitted in a usenet post (since cowardly cancelled, but mirrored here) that clicking "No Thanks" won't work for users behind firewalls. It also appears that the "No Thanks" gets reset if the router is reset, and anecdotal evidence suggests that the (low) quality of Belkin's routers makes resetting rather more usual than it should be - possibly as often as every 20 minutes.
The letter ends on a surreal note, "[the Belkin advertisement web page] is not a browser pop-up, this means that the Parental Control web page will only be displayed if the user opens the browser". Huh? It's not a browser pop-up, because it's only displayed in the browser? Perhaps Ms. MacRae is trying to distinguish Belkin's sneakiness from pop-under sneakiness, but that fact of the matter is, the advertisement is a web page and it appears in the user's web browser.
What the letter needed to have said, and didn't, was that
- Belkin made a serious ethical mistake, by producing a product that intentionally failed to meet its specification,
- in order to force users to sit through unsolicited advertisements,
- while silently discarding legitimate user message traffic,
- in a manner that could jeopardize the security of, and cause legal liability to (think HIPAA), Belkin's customers.
What it needed further to have said, and did not, is that
- Belkin understands that this was a serious ethical lapse,
- that Belkin apologizes for abusing the trust of its customers,
- that those responsible for planning, implementing, and authorizing this indencency have been sanctioned or fired,
- that Belkin undertakes never to do this, or anything similar again,
- and will design a compliance plan to ensure it never happens again.
But you won't see any of that in Belkin's letter, because Belkin still does not get it.
And since Belkin doesn't get it, all potential customers should make sure not to get any Belkin products (even though I expect you'll be able you'll find a number of free routers in the trash of any companies serious about security).