Encrypted VoIP

Just read and commented on Rich Tehrani’s blog on how encrypted VoIP may be bad for the industry.

I'm on the fence on this one, on one hand I side with the privacy folks and on the other with meeting CALEA requirements.

CALEA imposes the following obligations to service providers supporting law enforcement agencies :
1) call intercept
2) accessing call identifying information
3) delivering intercepted communications
4) While providing minimal interference yet maintaining subscriber
privacy

Given encryption export restrictions , I would assume that any commercially available standard could be broken by law enforcement agencies.

What is your opinion?

Trackback URL for this post:

http://blogs.globalcrossing.com/trackback/115

gxnorm – Mon, 2006 – 05 – 22 14:28

VoIP

gxnorm's blog

Encrypted VOIP

Phil Zimmerman's Zfone is not going to be broken by intercepting the traffic and cracking the encryption. The weaknesses are at the endpoints--the security of the systems running Zfone, and the physical security around the systems. When the government or miscreants have broken PGP, they have done so in the following ways:

1. Interception of passphrases with keyloggers (either hardware or software).
2. Obtaining passphrases from memory (e.g., with AccessData's Password Recovery ToolKit product).
3. Using software (e.g., malware) on the endpoint to intercept the traffic prior to encryption or after decryption.

As Ed Felten points out, malware on the endpoint is the most likely mechanism for defeating Zfone.

lippard – Tue, 2006 – 05 – 23 10:20

IP Convergence: Beyond VoIP, Beyond Cost Savings

Regional Blogs

Podcasts

Subscribe

Topics

Industry Bloggers

Recent blog posts

User login

Navigation

Terms

Technorati

Encrypted VoIP

Trackback URL for this post:

Encrypted VOIP

Post new comment