VoIP Now

The term SPIT stands for Spam over Internet Telephony, which may or may not include vishing attempts. I've never noticed this until recently, but on the Share Skype blog, each person commenting on a post has their Skype id revealed, as well as their current online status.

On the one hand, it's kind of cool because you can click-to-call that commenter. On the other hand, a spambot can easily harvest the page and compile a list of Skypers for later SPIT/ vishing activities en masse. It's possible this feature has always been there, but I've never consciously noticed. How do you feel about this? Do you think it's a big deal or nothing to worry about?

The Eye in the Sky: Pushing the IP Communications Envelope
There's been a lot of talk about SEDs - service-enabled devices. SEDs will have their own IP address and are thus pingable across the Internet. Now, imagine that you could query a satellite view a web browser. That's what Iridium is planning: satellites that monitor the Earth, taking pictures. And because they'll be IP-based satellites, Iridium can sell services over the Internet to clients who need to monitor, say, a facility.

Privacy Obligations For VoIP and Telecom Providers
The US FCC is rethinking how it will expect telecoms and VoIP providers to handle CPNI (Customer Propietary Network Information) data - or what amounts to call records and subscriber information. This is as a result of the Hewlett-Packard phone records pretexting scandal and similar cases. Privacy and Security Law Blog has more details on some of the new rules that may be imposed.

Cell Phone Been Bugged?
Despite all the issues of communications -related privacy and security, it's unlikely that most of us have our phones or IP communications bugged. But for whatever reason (jealous spouse, insane employer), if you suspect you do, check out Lauren Weinstein's post How to tell if your cell phone is bugged and the accompanying YouTube video Is your cell phone bugged?

Oh behave. The UK Sun reports on a BT poll that says about half those surveyed talk naked on their cell phones (though this is not what Robert Scoble and Shel Israel meant by Naked Conversations). Women, it seems, are more likely to participate in the buff. What's more, over 80% of people multitask while chatting. Maybe Andy Abramson was right about multitasking while video calling. Women are also more likely to answer the phone if a parent is calling [via 21Talks; Sun link not provided; NSFW - site not (always) safe for work]

I guess if you consider that cell phones (and cordless phones) actually enable this sort of thing. Imagine walking around au naturel using a landline phone. Speaking of stuff going on in the background while conducting business video VoIP calls on your laptop, there was a great TV commercial clip at Very Funny Ads (companion website of the TV show World's Funniest Commercials, hosted by Saturday Night Live alumni Kevin Nealon). Seems a young man is in the middle of a video conference for work, from his apartment, and his girlfriend unwittingly gets into her lingerie and tackles him. Except that it was there yesterday and it seems gone today.

Someone's psychology, sociology, and/ or electronic anthropology doctoral paper is lurking beneath all this latest research that shows phishers/ spammers/ scammers are using ever sophisticated methods to grab your attention so they can grab something of yours - preferably e-money.

Now I'm not going to get into the psych makeup of phishers; that's not my intent, despite my opinions. But the low cost of the latest communications technology and its ease of implementation makes it ever so much easier for you to at least be a target if not a victim. That means more vigilance in 2007 and beyond, as several experts are saying that the lastest avenues for phishers are vishing and smishing (SMS phishing). VoIP and SMS are, in fact, the latest tech platforms for phishers.

Tech intelligence and social intelligence seem unfortunately mutually exclusive in these cases. Fortunately, about computer-based crime in general, those getting caught are being given stiffer penalties.

It's pure coincidence but as I'm working on this brief article, I've just finished hearing Led Zeppelin's classic Communication Breakdown song. Radio 3net has their own 500 top albums for listening for free online. Yeah, 500. And all the classics are there; all you need is Windows Media Player to listen.

That said, this is a brief overview of some of the issues that could make or break how widespread IP communications becomes. Or at least delay ubiquity.

1. Countrywide bans.
   First, numerous countries in the Middle East and some in Asia (China, South Korea) either fully or partially banned VoIP services - except to the status quo providers in some cases. Then India, who recently allowed Yahoo to provide VoIP services, decided they were going to ban outside providers.
2. Jail sentences.
   Seriously?! Vietnam sentenced a South Korean business man to 16 years in jail after he set up five VoIP systems in Hanoi and Ho Chi Minh City (formerly known as Saigon). It's amazing to think that in the 21st century, there are still people in power who are short-sighted. Or do such people just gravitate to government? Why not absolve him, make him pay a provider fee and a fine, and actually utilize his entrepreunerial spirit? That would actually make sense. This is a similar VoIP crime to what five Asian men did in Namibia, but were out on bail.
3. e911, e999, emergency services.
   Or lack of them. Let's not forget that 911 in the United States was not ubiquitous until, I believe, the late 80s. Still, that's no excuse. In E911 still struggling after 10 years, Wayne Rash says that there's a 16% chance your wireless 911 call won't go through, or that the emergency center won't know where you are. Sad but true. (I didn't know that it's been 10 years since the US FCC mandated e911, aka enhanced 911.) In the UK, they call it 999, and pending regulations by Ofcom (the regulator) could put lives at risk according to ITSPA (Internet Telephony Services Providers Association).
4. Perceived security issues re closed protocols.
   I.e., Skype, which in some cases is the reason countries, corporations and universities have banned Skype in particular.
5. Wiretapping.
   Let's not be naive. Several countries including those considered democracies already have widespread wiretapping in place, whether you know it or not. But Internet tech experts have openly said that architecting a backdoor into VoIP soft clients is not only very difficult but a bad idea.

Almost every guy that's ever gone nightclubbing probably has the same goal: meet someone. For whatever reasons. And no doubt some have scored a phone number. Out of those, there are the guys that got a real number and those that got a fake one. If you sit back and think about it, it's understandable. Some guys are relentless, and women generally aren't very confrontational; at least not in the past. So to defuse the situation, some of them hand out a fake number. Well online dating has changed the entire dating game, the environment, the rules, etc., but the objective is essentially the same: meet someone compatible. But for women especially, some semblance of anonymity is desirable. To that end, a new service, MatchTalk, from dating site Match.com, uses VoIP technology from Jangl to set up calls between two members without revealing phone numbers.

It's nothing new; Jangl offers their own semi-anonymous calling. Match.com has just integrated Jangl tech [Alec Saunders] into their offering. MatchTalk sets up a unique phone number between each two members that want to connect, so their own phone numbers don't have to be handed out until and if they are ready. This is a step up from Verbdate, which reveals your Skype username if you allow it to be public. Now if someone just added semi-anonymous video calling, touch, smell, etc., nightclubs might just go out of style. But seriously, long-distance relationships would be easier to maintain.

Skype Enterprise Features Coming?
Skype execs have hinted at upcoming enterprise and call center features. So maybe this will be how eBay finally monetizes Skype?

Speed Demons
The 100-Gigabit Ethernet (100-GbE) technology is here, being demonstrated by a number of companies and the University of California Santa Cruz. A test run sent a signal from Tampa, Florida to Houston, Texas, and back - a first for a live production network. If I understand this correctly, IP backbones will get this technology fairly soon. And as 100-GbE becomes commonplace, likely in several years time, it should mean some incredible real-time video conferencing ability, superfast downloads of movies, and live video broadcasts, to name just a few benefits.

Legal Issues Surrounding VoIP Enterprise Implementations
TechRepublic details legal issues to be aware of when planning a VoIP implementation. They have real alphabet soup of issues, some of which I've only peripherally aware of: SOX/ Sarbox (Sarbanes-Oxley Act), GLBA, HIPAA, E911.

VoIP services have been blocked in the recent past in a number of countries in the Middle East. One of them, Jordan, recently reversed their decision and will unblock Skype in particular. The UAE (United Arab Emirates), however, have held to their ban.

Word is that this ban may be lifted by the TRA (Telecommunications Regulatory Authority). The UAE is blocking Skype and other VoIP services in some of the Emirates, including Dubai. On the other hand, other reports indicate that the TRA has claimed they are not ready to lift the ban just yet. They may be working with Etislalat and Du to license VoIP, but other services, including Skype, would probably remained blocked. That is, mostly legacy/ incumbent telecom providers would be allowed.

Seems to me like the status quo just found a way to remain the status quo - at least in small countries where the powers that be can gain something by blocking and selectively unblocking VoIP. The question is, are they doing this to gain monetarily or so that all calls can be monitored discreetly somewhere in a warehouse? Not to say that larger countries don't do they very same thing, but they don't block VoIP for the entire nation. The interesting thing, if I've understood correctly, is that a very large percentage of the UAE populace is made of foreigners (to them). So having affordable long distance rates to call friends and family is of high importance.

In short, for most people, especially fans of VoIP and VoIM clients such as Skype, AIM, MSN Messenger or Yahoo Messenger, there's no hope for their unblocking in the near future in the UAE.

[sources: Gulf News, TradeArabia, 7Days, VoIP News AU]

The Swiss government is considering a piece of spyware-like software that would be used for wiretapping VoIP calls. The software would not be available to anyone except agencies, but one question is how it would be installed. Both The Register and TechWorld have written about it. If the Swiss government does this, it begs the question of whether any VoIP recording should ever be admissable in court.

If you've spent anytime on YouTube, you might have seen one of the probably many video mashups of some famous person reciting something, maybe a song. For example, this one of President Bush "singing" the lyrics from the U2 song Sunday, Bloody Sunday, which is about an awful event in Northern Ireland three decades ago. Watching the video, it's obvious that it's been mashed up, doctored, or whatever you want to call it. But had the video portion been removed and the intentional audio hiccups been cleared up, it might have been harder to tell that the audio was not authentic in that form.

Take things a step further, and you can see that with the right equipment, audio "proof" of VoIP phone calls could be concocted to make someone appear guilty of something. A frightening thought. In the wrong hands, people could be convicted something they didn't do. History has show this to have happened to dissidents, and not just in countries outside the USA.

The movie Minority Report, based on a Philip K Dick short story, comes to mind. Falsified VoIP recordings could be used to pre-convict someone. I know I'm simplifying, and I'm fully aware of a wide range of mathematical algorithms for analyzing sound. (I've written my own FFT (Fast Fourier Transform) software to analyze audio and visual signals.) I also don't want to delve too deeply into politics, but I'm concerned about acts like CALEA, and regulations on VoIP.

In spillover activity spurred on by the recent Hewlett-Packard "phonegate" scandal, Verizon is suing 20 data brokers for fraudulent activity re pretexting. Pretexting is where someone pretends to be someone else so that they can access their phone records. Interestingly, the president and vice chair of Verizon is on the HP board of directors. Verizon says it has spent $100,000 investigate the pretexting fraud.

In related news, Democrats in the US House of Representatives, controlled by the Republicans, stalled a bill to make pretexting illegal. The activity is illegal in some states, including California, where the alleged activities took place. As part of an US House of Representatives probe into the pretexting scandal, five private investigators and at least two HP executives have been subpoenaed. HP is also under investigation in California.

The US House of Representatives has been busy subpoenaing people, including five private investigators and at least two HP executives, for the House probe into the Hewlett-Packard scandal. The whole mess was precipitated by now-former Chair Patricia Dunn when she had PIs access the private phone records of some board members.

Her actions were outside of any legal action such as CALEA. In fact, records were obtained by pretexting, an illegal method that involves having people impersonate someone else to access records. (I've had something similar happen to me. A now ex-friend impersonated me just over ten years ago and convinced my phone company at the time to transfer yet another person's phone bill to my phone. After a shouting match with the company, who denied they'd ever do such a thing - despite my friend's confession - I switched to cell phones, and now VoIP, and have not owned a landline since.)

After the arrest of five foreign nationals in Namibia providing VoIP service without a license, as well as goings on in various Asian and African countries in regards to VoIP, you might be wondering if VoIP is under attack there. Marcelo Rodriguez takes a crtical look [Voxilla] at what Russell Shaw [ZD Net] and Rich Tehrani [TMC Net] are saying.

Rodriguez points out that both Shaw and Tehrani mention "Third World" countries as locales where VoIP seems to be under attack, possibly due to affiliations between the government and the traditional telecoms, but that they leave out the US as being in a similar category. (Examples: Korea and the UAE blocking Skype.) He then goes on to reveal several examples of lobbying, campaign contributions, and all-expense golf vacations.

The Voxilla piece is very revealing and extremely politically charged. I'm going to take my cue to up the voltage. Let's take a few separate scenarios. First scenario, conspiracy: the entire telephony system in North America is fully wiretapped and all calls are monitored either by humans or machines, for whatever political purpose the real men with power wield. Second scenario: the first scenario is crock, but phone calls are a valuable commodity and thus extremely lucrative. Third scenario: a combination of both the first and second scenarios.

Choose your scenario. Either way, VoIP threatens the status quo, and hence spawns acts like CALEA, possibly attacks on Vonage's share price, and debates like neutrality vs tiered Internet service. Everything that is happening politically in telephony satisfies one of those three scenarios. Let's face it: VoiP is a threat no matter how you slice your political pie.

President Asks For Warrantless Wiretaps
US president George Bush is asking for warrantless wiretaps, particularly in relation to prisoners held at Guantanamo Bay. [via CNBC TV] Recently, US District Court Judge Anna Diggs Taylor ordered a halt to the wiretapping program, concluding in her report that warrantless wiretapping is unconstitutional. CALEA allows a backdoor for law enforcement agencies to wiretap calls if public security is threaten. However, the wiretapping program in question was secretly signed by President Bush in 2001.

Telus Corp Wins 5-Yr Telecom Contract
The government of the Province of Ontario (Canada) awarded Telus Corp (second-largest Canadian phone company) a five-year, Cdn$140 M contract to manage and supply various network services, including IP communication. [via CNW] Telus recently announced that they were converting to an income trust.

Yahoo Messenger Plugins: Pandaf Sudoku Battle
Not sick of the immensely popular Sudoku number puzzles? The Pandaf Sudoku Battle plugin for Yahoo! Messenger 8 lets you battle against an opponent. I assume you race to finish first. This is of course quite the variation on the puzzle, as it's traditionally a one-player challenge.

Stratus Techologies Acquires Emergent
  Stratus Technologies announced the US$10 M buyout of Emergent Network Solutions [Extreme VoIP], a VoIP infrastructure company.

Jupiter Web is giving away free copies of the Avaya edition of VoIP Security for Dummies eBook (PDF, 68 pages) in consideration for people joining the Avaya developer community. The link was sent to me in a regular Jupiter Web email, so I cannot guarantee you'll be able to use it, but I don't see why not.

The ebook is pretty "dummy-ish", in the sense that they've simplied a wide range of IP telephony security issues and summed each of them up in a few short paragraphs. It even mentions privacy issues such as CALEA (Communications Assistance for Law Enforcement Agencies) and a number of US govt regulations that add up to considering why you should record VoIP calls in your company.

This is certainly not a book you would use to actually implement VoIP security measures, but it's not a bad place to start if you feel you don't know enough about the issues, or don't know where to start reading about them. (The book is of course geared towards discussing Avaya solutions, so it's not exactly vendor-neutral.) You can sign up free (just your name, email, and job function) at this Jupiter Web page and download your copy.

Your company has sensitive information and you think that one of your high-profile board members - not employees - is leaking details to the media. What do you do? If you're Hewlett-Packard's Chairwoman Patricia Dunn, you hire private investigators and obtain phone records [CRN] for the suspects. Problem is, those investigators used illegal means to acquire those phone records. Now, the California attorney general is investigating the whole mess.

Acts like Sarbanes-Oxley (aka Sarbox) were designed to protect investors by instituting a number of measures that would ensure transparency in accounting procedures of public companies. The act might even be interpreted in such a manner that a company would decide to record all employee conversations for Sarbox and even CALEA reasons. In this case, however, the records of home and cell phone calls of board member George A Keyworth were obtained, which I'm assuming is out of the scope of both Sarbox and CALEA.

In light of this, I'm wondering if soft VoIP calls stand a chance of not being put under the domain of CALEA. Soft VoIP does not yet have a backdoor (for law enforcement) for recording calls, but some politicians are pushing for it, for dubious reasons.

Recent talk was that India's mobile phone market would be the largest in the world. But not surprisingly, China might exceed that. The 400 million mobile phones they'll produce this year make up half the world's output and will be used in other countries, but they could just as well be used there, too.

As for India, its come a long way. One East Indian friend joked to me that in India, even the janitor has a cell phone. Which was not meant to be derogatory, but to indicate how far the country has come. Not so long ago, it had daily power outages, but now has the juice to drive cellular networks that include everyone in several financial classes.

However, with the increasing number of middle-class citizens in China, it's more than possible that the Chinese mobile market may exceed India's, where they're focusing on IPTV for some reason. The VoIP market in Asia in general is growing. Though with issues such as VoIP service being illegal in China, I'm not sure if certain types of phones and PDAs are allowed in the country or not.

Even if China and India actually run close numbers for mobile use, broadband use in China is growing at about 80% annually and expected to reach 130 million users by 2010. Part of the increase will be a side effect of hosting the 2008 Summer Olympics in Beijing.

Given the political situation in China, and the fact that VoIP is illegal there, it might be difficult to understand how that government would allow the estimated 80 million users playing online games. When you run a country banning the use of certain words in print or online, it's hard to let any sort of digital interaction go unmonitored. This sort of atmosphere would permeate into a lot of things, including the way events are handled and technologies deployed.

However, dig deep into the history of the Olympics during the time that Juan Antonio Samaranch was top dog of the IOC (International Olympics Committee), and you'll see that the Olympics actually were repeatedly granted to countries and regions where there was political, civil, and/or social unrest,. The net result of hosting the Olympics in those locales actually improved conditions considerably.

Whether or not this happens in China, resulting in more open government policies, remains to be seen. But if it does, China will likely dominate in Internet use whether, whether mobile or stationary, and there will be an explosion of VoIP services and possibly some innovations.

Comverse's fugitive CEO, Jacob Alexander, who is wanted on securities fraud charges, apparently was traced to a town in Sri Lanka (island country off the south coast of India) because of a one minute Skype call to the US that he made. It's unclear whether CALEA was enforced, since soft VoIP services are not currently bound by it. But Skype does record the incoming IP address. Someone was obviously monitoring the recipient's computer. More details at VoIP News and The Register.

Comverse Technology is involved in a number of businesses and had recently purchased Netcentrex and more recently Netonomy (real-time billing and customer management).

[Updated: Wed Aug 30/06]Philips is giving Australian customers a choice for combining VoIP with PSTN. They now have a couple of cordless handsets that either use Microsoft Live or Skype (not both). You do need a PC and a broadband Internet connection to use the phones. [via The VoIP Weblog]

Because Baby Boomers are expected to migrate to specific urban or rural areas over the next twenty years or so, companies like ComSpan will beneft from offering triple play services. [via VoIP Magazine; free registration required]

Asterisk has just released a free voicemail client, Tycho, for Win32, Linux x86, and Mac OS X computers. [via Asterisk VoIP News] I assume Tycho has nothing to do with Tycho Softworks - who offer an open source telephony stack - but I could be mistaken. [CORRECTION: It's in fact Sip-Syndication that has released Tycho, not Asterisk/ Digium. Apologies for the error.]

[Updated: Aug 22/06] Wiretapping without a warrant is unconstitutional says US District Judge Anna Diggs Taylor in Detroit, Michigan. She ordered a halt to the wiretapping program which was apparently secretly authorized by President Bush in 2001. The actual action will be delayed until another hearing on Sep 7/06.

While privacy advocates are no doubt happy, not everyone thinks Judge Taylor reasoned well in her decision and have criticized her as a Liberal, despite that her verdict was based on a number of Act violations.

One of the most important comments in her 43-page decision (or as the Washington Post calls it, "opinion") is the following:

... are no hereditary Kings in America and no powers not created by the Constitution.

This standing of hers is quite likely the primary basis for her detailed decision, and since it is aimed directly at President Bush, is the reason why "Congressional Republicans quickly condemned" her ruling.

See the Washington Post [via 21Talks ] for more details.

CALEA, or Communcations Assistance for Law Enforcement Act, has a lot of misconceptions surrounding it in terms of its applicability to VoIP, as well as security issues. The IT Association of America (ITAA) has isued a report (PDF, 21 pgs) to educate VoIP service providers.  [source: TMC Net]

The deadline for CALEA compliance for VoIP providers is May 14, 2007, and the ITAA questions the ability of smaller providers to comply in time, due to the expected financial cost. Amongst other things, they also question whether standards can be developed for CALEA for VoIP because of all the different VoIP types. The ITAA paper includes Vinton Cerf of Google as an author.

Another group, GLIIF (Global Lawful Interception Industry Forum) issued a rebuttal (PDF, 8 pages) with pretty much the exact same title as the ITAA document.

My pure gut instinct says that the GLIIF report sounds like a bunch of companies protecting their own investment in future CALEA solutions, because my educated guess indicates that their main rebuttal points are in turn refutable. In fact, from the glance I had at the GLIIF document, it contradicts the opinions and public statements about CALEA made by many well-known Internet experts earlier this year.

However, that's just my feeling, and without reading both documents thoroughly, I'm not make any definitive declarations. Ultimately, whether I support it or not, I think all types of VoIP calls will be wiretapped - maybe not immediately because of technical issues, but eventually. It's been that way for decades with PSTN lines, and governments are just not going to give up that kind of surveillance power. (Having worked for telcos, I've heard things that worry me, but things aren't going to change, especially in the current climate of fear.)

Hackers-cum-researchers performed an interesting security-testing experiment earlier this year using VoIP phone numbers and Internet social networks. They presented their findings recently at Defcon.

Their primary plan was to determine if secret signals could be passed right out in the open, from enemy agencies to their agents. They theorized that the use of social networks to transmit carrier messages might increase the noise ratio so that it would be harder for "unauthorized parties" to decode the secret but publicly-transmitted messages.

This is in fact a technique already used covertly by intelligence agencies. However, they use shortwave numbers stations, and all governments have denied such operations. The general technique is to broadcast streams of seemingly nonsensical numbers or words, often in a female or child's voice. Of course, the stream represents a code, and only a few parties have the cipher to decode it.

Strom Carlson, a security researcher, and the hackers collective Project Evil teamed up to see if someone could do the same thing using the Internet, particularly using any of the abundant social networks out there. What they did was set up their own numbers stations. But instead of using shortwave transmissions, they used VoIP phone numbers and recordings. If you called such a number, you would hear a stream of code words. They advertised the existence of the VoIP numbers stations using Craigslist pages, using fake messages, to see if anyone would participate.

In short, they were successful getting others with a cryptographic interest to participate and decode messages using a one-time key. They figure enemy forces could be too. This is something proponents of CALEA may want to take note of: if hostile parties want to use VoIP, they are not necessarily going to use unencoded messages. (On the other hand, this experiment by Carlson might just give CALEA proponents more fodder.)

CALEA stands for Communications Assistance for Law Enforcement Act, and, in short, gives any Law Enforcement agency the right to wiretap communications networks, including the Internet and VoIP, in special circumstances. Although to date, it's not on the agenda to tap soft VoIP calls using clients such as GoogleTalk and Skype.

Of course, there are those people that believe that email spam is being used as numbers stations for intelligence communications. Although who is behind it is hard to say. (I particularly notice some interesting word patterns in the spam in my university alumni email account.) Public key cryptography concepts date back centuries, and the Internet is a perfect distribution vehicle. Just never thought VoIP could be used as a supplementary broadcasting outlet.

Additional sources: Slashdot, Homeland Stupidity, Defcon.

Om Malik paints an interesting VoIP application scenario with an in-beta service called Jangl. Jangl deals with issues of VoIP presence as well as security using a unique bidirectional phone number that allows two parties to communicate without revealing their own phone numbers.

The example Om gives is one applying to the dating scene. Considering that there are online dating services like Verbdate, which integrate Skype's VoIP software to allow people to talk to each other for free, there's obviously a market for VoIP dating applications. But with the way the world is, partial anonymity, or at least security from having to reveal personal info, is a boon. Jangl does this by assigning a phone number between two parties, which acts as a bridge, regardless of the numbers they are using to make the call.

Jangl joins the growing list of new companies that are opting for private financing instead of going IPO. However, history shows that when a VC firm pumps in money, they want to not only make their money back but get a return on it. That's kind of why VCs exist, right?

Jangl is only in beta, so it's yet to be seen whether they can make money from their model. Still, with all the free VoIP options available these days, the ones taking advantage of the Long Tail phenomena will be most likely to succeed. That is, give away parts of your service/ product offerings for free, and hope that a large number of people will use your paid services once in a while. Or if you're lucky, frequently. (Which is why I think that Skype's plan to enter the enterprise VoIP market is a bad idea, besides the fact that their Skype is not enterprise grade.)

But since so much VoIP service is free, it's the companies that give good value-added services at a reasonable price who are candidates for business success.

Here's my jaded prediction: new tech (and web 2.0) companies will continue to stay private for the next year or two, followed by a large number of IPO offerings in the very late 00s, capped by a market crash in 2010. History (i.e., market data and news archives) shows a recession at the beginning of every decade since at least 1970, which inevitably means tech stocks crash and burn. Only those VoIP companies who develop a stable footing in the next year or two are likely to survive, and that means having private funding, instead of suffering the vagaries of the stock market and suddenly finding that cash is low.

As mentioned in the previous post, CALEA and Sarbox regulations are reasons you should record corporate VoIP. The problem is, VoIP does not lend itself well to wiretapping. Fortunately, VoIP carriers have until May 2007 to comply, which provides the industry nearly a year to work out a solution.

While Sarbox is aimed at publicly-traded businesses, CALEA applies to any business or private citizen. Even people that do not use VoIP could be affected by this act.

Some of the drawbacks of eavesdropping on VoIP data for CALEA is that more than just voice traffic has to be captured. Thus, a significant amount of irrelevant data has to be filtered out, including other VoIP users calls. What it amounts to, from a privacy perspective, is that some law enforcement official could then know a private citizen's every activity online. This goes beyond the objective to wiretap calls "of interest" and moves towards something potentially more sinister.

There are also other technical issues such as firewalls, and even Wi-Fi access that is not secured. For example, if you have a Wi-Fi network at home but have left it as open access, either because you don't care or don't know how to secure it, you might have a problem. What if your scruffy-looking neighbour across the street conducts questionable phone calls from his VoWiFi (VoIP over Wi-Fi) handset using your Wi-Fi?

Similar issues will probably suuround calls over Municipal Wi-Fi. For example, a project in Taipei City, Taiwan, expects to have 200,000 VoIP phones in use, by year's end, by administrative and public school workers. After that, they hope that private citizens will use the network for VoWiFi calls. How do you wiretap VoWiFi calls that could be made anywhere in the city, outdoors or indoors?

Another question people are asking: should CALEA extend to soft clients such as Skype? Truth is, I wouldn't be surprised if text IM clients such as Google Talk or any of the Messenger-type of software are already "monitored". But VoIP clients are another issue.

Sources: Network World [via FierceVoIP]

A group of internet security experts have said that the efforts of the U.S. government which requires VoIP providers to permit law enforcement agencies to wiretap phone calls could result in cyber security problems to the internet.

Wiretapping would be requiring either a massive re-engineering of the internet or introduction of broad security risks. This could also stall innovations in the fields of internet in the U.S. as hundreds and thousands of dollars would be required for the set up and maintenance by the VoIP providers and other internet applications which provide voice services.

Via pcworld

As per a study conducted the Information Technology Association of America, it says that since VoIP relies on a different network architecture from that of traditional phone lines therefore it would result in enormous costs to the industry and could even cause security risks. This report is in response to snooping being permitted on VoIP networks.

The report also states that it would not be possible for the government to expect all products that make use of VoIP to comply with the FCC requirements mandating wiretapping backdoors for government surveillance. The requirement is being backed by Bush administration.

Via silicon

Pretty Good Privacy PGP creator Zimmerman is likely to launch Zfone, a free VoIP encryption program for Windows. Zimmerman launched Zfone for Mac and Linux sometime back this year. Zfone as designed by PGP creator will provide standard VoIP service to the users. Zimmerman's IP service will able to maintain secrecy in the communication.

The striking feature of Zfone is that it does not need a web of computers to hold the keys or long numbers. Rather it carries out the communication process inside the digital voice channel. Hence a third party has no keys.

Via: [VoIP Central]

PGP privacy, made famous by Phil Zimmermann , will now be available for VoIP users via Zfone. It is undergoing tests at this time and will be initially available for Mac and Linux users. Windows users will come later.

Zfone differs from most other secure encryption systems that use certificates issued by a server system. Zfone's encryption protocol uses no keys - the keys are created by the hardware and destroyed after the end of the call.

Under development since 1996, one of the main problems with Zfone's system is that the encryption protocol must be integrated into the hardware or software of a VoIP device.

What is the other problem? There are more Windows-based users of VoIP than other platforms.

Via VoIP News