Reader: Where VoIP encryption is needed

Opinion
Aug 1, 20052 mins

* Reader argues for VoIP encryption in certain situations

In continuing our discussion on encryption of VoIP, one reader responded with an analysis of areas where he felt it was important to encrypt VoIP traffic.

The reader pointed out that while he agreed in principle with our premise that encryption was generally not necessary, he pointed out some areas where he felt encryption was most appropriate.

In particular, he noted:

“1. Any IP contact center VoIP traffic (public or private sector), where confidential information may be disclosed during the conversation (calling a bank, calling the Motor Vehicle Office, County Treasurer, etc.); especially as ‘inline’ click-to-talk proliferates (and I certainly accept encryption with any form of secure VPN, whether Web-based/SSL, or IPSec). This would be predominantly non-intranet-based customer-to-agent traffic.

“2. Rich media or collaboration server sessions, where triple-play services are used. For example – Cisco MeetingPlace sessions, where IP-based Web, video and voice traffic are in the session. Collaboration servers and services (such as WebEx or Microsoft Live Meeting) are becoming extremely popular, more so with the cost of travel skyrocketing. These are hosted services typically, and ride the public Internet, in many instances.

“3. VoIP traffic in the first responder and public safety space – whether wired or wireless. Whether pure VoIP, or LMR traffic over IP, this should definitely be encrypted (common example – cop car with IP phone, talking over a 802.11 hot spot, back to substation, or metropolitan base station).

“4. College campuses, where VoIP – wired or wireless – VLANS, and/or hot-spots carry sensitive information (student personal data, exam scores, medical information, etc.).

“5. Healthcare where there is a HIPAA or confidentiality mandate to secure VoIP traffic/data.”

We think the fifth point is particularly relevant. Not only is it important to be concerned about protecting information where necessary, but it’s also important to comply with regulations. (And we’ll wait for our readers to comment on whether mandated encryption in certain situations is or is not appropriate.)