Is VoIP too secure?

It's hard to imagine, but roughly 10 years ago as VoIP was being rolled out corporate networkers were quite concerned about the security of VoIP. As we faced a move from voice going over a traditional (and, by the way, unencrypted) network, there was concern that VoIP would be much too easy to eavesdrop on - especially if it traversed the Internet.

We'll leave the question of whether "legal intercepts" as a political and civil liberty question. Indeed, virtually any "good" technology can also have a dark side. Nevertheless, "wiretaps" have been a part of voice communications essentially forever. Sometimes for the good of all. Sometimes not.

And "tapping" a traditional voice call, whether in analog or digital (PCM) format is trivial. Additionally, as discussed in an excellent interview, "Web Wiretaps Raise Security, Privacy Concerns" on All Things Considered, as cellular technology was rolled out, there were provisions made for "lawful intercept."

The issue that was discussed by FBI General Counsel Valerie Caproni is that with VoIP solutions - and Web-based VoIP in particular - the individual conversations can be quite difficult to intercept and decode. Further, while at one time Internet-based voice conversations were largely limited to "major" applications like Skype, there is rapid and widespread proliferation of "voice chat" capabilities. For instance, you can do a voice chat, a video chat, or even call an external phone from Gmail. And this only covers voice-like capabilities, and doesn't include other messaging.

Interestingly, and in a move that makes sense, the government is not specifying exactly which services need to be modified so that they can be more easily modified. As pointed out in the above-referenced interview, if the systems that were difficult to monitor were identified, then this would make it obvious which ones could be best used for less-than-honorable purposes.

The implications for this for the corporate enterprise network are yet to be identified since we're just on the leading edge of the issue. But it is clear that we've come a long way from the days when VoIP was a "toy." And the fact that it's "just another application" is making the task of lawful intercept even more difficult.

Learn more about this topic

The U.S. Patriot Act has an impact on cloud security

'Patriot Act' phishing e-mails resurface, FDIC warns

Domestic spying: Is the price worth the sacrifice of privacy?

Join the discussion
Be the first to comment on this article. Our Commenting Policies