Global articles on espionage, spying, bugs, and other interesting topics.

Is VoIP too secure?

It’s hard to imagine, but roughly 10 years ago as VoIP was being rolled out corporate networkers were quite concerned about the security of VoIP. As we faced a move from voice going over a traditional (and, by the way, unencrypted) network, there was concern
that VoIP would be much too easy to eavesdrop on – especially if it traversed the Internet.

We’ll leave the question of whether “legal intercepts” as a political and civil liberty question. Indeed, virtually any “good” technology can also have a dark side. Nevertheless,
“wiretaps” have been a part of voice communications essentially forever. Sometimes for the good of all. Sometimes not.

And “tapping” a traditional voice call, whether in analog or digital (PCM) format is trivial. Additionally, as discussed in
an excellent interview, “Web Wiretaps Raise Security, Privacy Concerns” on All Things Considered, as cellular technology was rolled out, there were provisions made for “lawful intercept.”

The issue that was discussed by FBI General Counsel Valerie Caproni is that with VoIP solutions – and Web-based VoIP in particular
– the individual conversations can be quite difficult to intercept and decode. Further, while at one time Internet-based voice
conversations were largely limited to “major” applications like Skype, there is rapid and widespread proliferation of “voice chat” capabilities. For instance, you can do a voice chat,
a video chat, or even call an external phone from Gmail. And this only covers voice-like capabilities, and doesn’t include
other messaging.

Interestingly, and in a move that makes sense, the government is not specifying exactly which services need to be modified
so that they can be more easily modified. As pointed out in the above-referenced interview, if the systems that were difficult
to monitor were identified, then this would make it obvious which ones could be best used for less-than-honorable purposes.

The implications for this for the corporate enterprise network are yet to be identified since we’re just on the leading edge
of the issue. But it is clear that we’ve come a long way from the days when VoIP was a “toy.” And the fact that it’s “just
another application” is making the task of lawful intercept even more difficult.

Read more about lans wans in Network World’s LANs WANs section.

Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler Associates.