By May 2007 VoIP no Longer Secure
This must have slipped under my radar. We have talked about this on the podcast and were watching for developments. It is a bit old this news but not much must have been said about it or I missed it.
Reported on the 9th of June was the fact that the U.S. Court of Appeals upheld a previous ruling from August 2004 saying that interconnected VoIP providers must allow wiretapping by 14th of May 2007.
For soft phones I guess this means building in some type of backdoor to allow authorized agencies to have access to what is being communicated. At this time Skype is encrypted, I think at 256 bit. Meaning that the communication done on and through that network is basically uncrackable (almost… a super computer would do it via brute force… but it would take a bit!).
For a backdoor to be built in to VoIP software is a disaster. Not that I have anything to hide, but as has been proven time and time again even systems we believe are locked up tight can be exploited by hackers or others. This is a concern. How long will it be before we are anxious about using our VoIP software because of the security risk this implies and it is no longer "authorized" agencies listening to our calls and reading our messages?
This drama continues to be played out in the courts and the blogosphere. Yesterday a blog post was made with reference to a claim that the addition of a backdoor would make these systems more secure. I don’t know where these people have their heads but I think it is in the sand!
There is a long line of links to this story and response followed by retort and rebuttal. It all becomes rather academic in my book as it appears to be inevitable in the long run. Users still have course for concern and yet something else to consider in their uptake of new technologies. For existing users just somewhere else we have to watch and potentially get hacked through.
I wonder who will take responsibility for a situation where through a backdoor a hacker gains access and causes damage, loss or worse? Is it the VoIP provider who wrote the code or the American Government that ruled the backdoor be there? Interesting times ahead. This is not the end of the debate by any stretch.
August 13th, 2006 at 9:27 am
“these people have their heads but I think it is in the sand!” until the conversation with their mistress is tapped by their wife, or until the conversation between researchers of their company is tapped by researchers of a foreign company (or even a national competitor).
There are more benefits to encryption then disadvantages, and criminals will always find other safe ways to communicate if necesary!
August 14th, 2006 at 1:13 am
Thanks Jean for the comment. I visited your blog but due to the fact that it is a Blogger Blog and I do not have an account there I could not leave a comment. This is one of the major grypes of Blogger – Unless you are a user you can not leave a comment, you can not email the owner, hell you can’t do anything to get in contact with the owner!! So I have left a comment here for you… Phew.
One suggestion: Head over to WordPress.com and start a blog there, they look better, feel better have heaps of features and free… and you can import your content from Blogger.
Thanks again! I do not think that we have heard the end of the Skype Encryption debate, we shall see what the future holds…
August 14th, 2006 at 3:54 am
Hello Dave,
as you noticed i am a “very young and inexperienced” blogger. I will think about your suggestion to head over to something else (WordPress – or anything else).
There was however a link to my profesional website on my blog. Through this link you could have contacted me
Anyway, i was also looking for a way to contact you directly, and did not find! But probably i am blind
.
I hope Skype can stick to the encryption. How bigger the userbase in the US, how smaller the probability that lawmakers will oblige them to make a backdoor IMHO – at least i hope so. Because some of them (or their kids, relatives, wifes, etc.) will also already be using Skype!