Is VoIP Too Secure? - meshIP Blog

It’s hard to imagine, but roughly 10 years ago as VoIP was being rolled out corporate networkers were quite concerned about the security of VoIP. As we faced a move from voice going over a traditional (and, by the way, unencrypted) network, there was concern that VoIP would be much too easy to eavesdrop on – especially if it traversed the Internet.

We’ll leave the question of whether “legal intercepts” as a political and civil liberty question. Indeed, virtually any “good” technology can also have a dark side. Nevertheless, “wiretaps” have been a part of voice communications essentially forever. Sometimes for the good of all. Sometimes not.

And “tapping” a traditional voice call, whether in analog or digital (PCM) format is trivial. Additionally, as discussed in an excellent interview, “Web Wiretaps Raise Security, Privacy Concerns” on All Things Considered, as cellular technology was rolled out, there were provisions made for “lawful intercept.”

The issue that was discussed by FBI General Counsel Valerie Caproni is that with VoIP solutions – and Web-based VoIP in particular – the individual conversations can be quite difficult to intercept and decode. Further, while at one time Internet-based voice conversations were largely limited to “major” applications like Skype, there is rapid and widespread proliferation of “voice chat” capabilities. For instance, you can do a voice chat, a video chat, or even call an external phone from Gmail. And this only covers voice-like capabilities, and doesn’t include other messaging.

Interestingly, and in a move that makes sense, the government is not specifying exactly which services need to be modified so that they can be more easily modified. As pointed out in the above-referenced interview, if the systems that were difficult to monitor were identified, then this would make it obvious which ones could be best used for less-than-honorable purposes.

The implications for this for the corporate enterprise network are yet to be identified since we’re just on the leading edge of the issue. But it is clear that we’ve come a long way from the days when VoIP was a “toy.” And the fact that it’s “just another application” is making the task of lawful intercept even more difficult.

Source

Author
Recent Posts

Brian

Managing Partner at meshIP, LLC

Brian Byrne is the founder and Managing Partner of Dallas based meshIP, a technology services firm offering cloud computing strategies and services. He is an accomplished executive with senior management experience in all facets of the technology, telecom, cloud computing, and SaaS industries. He has proven success in developing, financing and executing strategic plans as well as launching new ventures. His background includes a record of significant achievement in international business development and his credentials include a MBA in Marketing and Management Strategy from the J.L. Kellogg Graduate School of Management at Northwestern University, a MS from the School of Computer Science at DePaul University, and a BBA in Finance from the University of Notre Dame.

He is also the inventor of the patented meshDETECT, Secure Prison Cell Phone Solutions.

LinkedIn Profile