How Secure Is Your VoIP Call?

voip

By: Doug Mohney with VoIP News

Everyone values privacy, and nobody wants to have an unwanted third party listening in on a conversation, regardless of the content. Voice over IP (VoIP) solutions offer several ways to ensure a confidential discussion, but callers should be aware of caveats when it comes to claims of secure calls.

The analog public switched telephone network (PSTN) provides the benchmark for gauging how secure phone calls are. Most PSTN users are assured that conversations are private because the local phone company owns and operates the vast majority of the equipment involved in moving calls. Conversations traveling through the PSTN are not encrypted, but a law enforcement or national security agency needs to get permission from the courts to listen in on, or wiretap, conversations.

For a larger organization or business, voice security becomes more complex. Although calls are moved in and out of the office through a service provider and onto the PSTN, the organization’s own phone system adds another layer of complexity for voice transport. An improperly secured or unmanaged internal phone system provides potential opportunities for misuse, be it a traditional private branch exchange (PBX) or a modern IP PBX.

VoIP paradoxically offers both more security and more uncertainty, depending on the solution and how it’s implemented. The most secure VoIP solutions operate in peer-to-peer mode, with a single software app directly connecting to another one. In peer-to-peer communication, there are no intermediary servers between two callers to provide potential attack points for monitoring communications.

Encryption of the media stream—the actual voice audio—is a standard feature in many software-based VoIP solutions, making calls secure against casual listening. Today’s encryption methods appear to be too good for government agencies to break easily, judging from recent comments by senior officials around the world. Both the United States and the United Kingdom have floated the idea of encryption schemes that would provide national security agencies with backdoor access to secure communications, while China has passed a law requiring companies to release technical interfaces and assist with decryption if security agencies are working to prevent or investigate a terrorist attack. Apple, Google, Facebook, Microsoft, and other tech firms are strongly opposed to building in such backdoor access, fearing that intentionally providing such access would provide potential access for attackers.

Privacy advocates are also concerned about existing legal requirements permitting law enforcement access to voice communication. In the United States, the Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications carriers and manufacturers of telecommunications equipment as well as broadband Internet access providers and VoIP providers that connect to the PSTN to provide electronic surveillance access upon presentation of a court order or other lawful authorization. Any VoIP service provider that connects to the PSTN must provide CALEA access. The Electronic Frontier Foundation believes that CALEA will be the basis for expanding law enforcement access to all VoIP services, not just those connected to the PSTN. Software-based systems such as Skype and WhatsApp would be required to provide a place for law enforcement agencies to simply “plug in” upon presenting a warrant, with access to voice, instant messaging, and video communication.

For ultimate privacy, a few entities offer solutions claiming to be independent of government monitoring requirements while providing completely encrypted peer-to-peer VoIP calls. Open Whisper Systems offers Whisper, a free, open source encryption VoIP voice and texting app for iOS and Android devices. Silent Circle provides a subscription service with access to a secure cloud-based network along with Blackphone 2, a security-hardened mobile phone.

In daily practice, most of us are quite comfortable with the level of security provided in existing VoIP software, such as Apple FaceTime, Microsoft Skype, Facebook Chat, and many other clients available for free download. Continuing efforts by the United States and other countries to mandate government backdoors for accessing encrypted communications suggests that VoIP can be much more secure than we might expect.

Contact Joe Sankey today at 901.725.9271 for the right Telecom Solutions for your organization.

Don't Forget to Share