Internet Telephony: Cheap, but NOT Private
By Mark Nestmann • March 16, 2010
Only a few years ago, it seemed like a dream: place—or receive calls—from anywhere you have an Internet connection, for only a few dollars a month—or for free? With a technology called "voice over Internet Protocol," or VOIP, you now can.
VOIP technology chops your phone conversations into digital packets and sends them over the Internet. Once the packets arrive at their destination, they're reassembled as speech. Sound quality isn't yet as good as ordinary phone calls in many instances, although it's rapidly improving. Since VOIP largely circumvents traditional telephone carriers—and phone lines—it is saving users billions of dollars in fees and connection charges.
All you need to begin is a computer, a high-speed Internet connection, a pair of headphones, and software facilitating the process. Virtually all telephone carriers, and many independent companies, now offer VOIP services.
Unfortunately, VOIP suffers from the same security vulnerabilities as any communication over the Internet. For instance, if you log on to the Internet at a coffee shop, plug in your headset, and start making telephone calls, it's relatively easy for an eavesdropper within range of the same wi-fi signal to listen in. This makes eavesdropping on VOIP calls significantly easier than monitoring calls on landlines or cell phones. The only effective way to protect your VOIP conversations is to use a virtual private network to encrypt the data channel on which you're conversing.
Hybrid telephone technologies such as Google Voice that combine traditional and Internet-based telephony have also become available. These services provide numerous user conveniences, but often at the expense of privacy.
Google Voice, for instance, assigns you a single number that can be forwarded to your home, office or cell phone. You can originate calls from any of these devices and have your Google Voice number show up instead on the recipient's caller ID. The creepiest feature is that the service allows you to record calls and automatically generates a call transcript that you can download. And it does most of this for free.
But what of privacy? In return for these features, you give Google access to enormous amounts of information about your life. Google has recordings of your telephone conversations, your voice mails, voiceprints of those people calling you matched to an incoming number, and a complete list of incoming and outgoing calls. Your voice transcripts even appear in search engine results, unless you turn off this feature.
One of the most obvious ways Google might use this data is to serve you targeted ads based on voice transcripts. This is already part of its G-Mail service. Even if Google has no intention of using this data for any nefarious purpose, what's to stop the FBI from issuing it a "national security letter" (a secret subpoena that can't be disclosed to targeted persons or businesses) demanding that it turn over records on particular subscribers? In addition, I have no doubt that with this much data available, hackers will target Google Voice to extract data from its archives.
How can you protect yourself? As with so many other aspects of electronic communication, the solution is to encrypt your VoIP conversations. One of the best-known VoIP systems is Skype (http://www.skype.net), which automatically encrypts conversations between Skype users. However, Skype won't release its "source code" so there's no way to know whether the company has programmed "back doors" into the software. In 2008, an Austrian government official revealed that monitoring Skype conversations presents "no particular problems." This means that that police in other countries are probably already monitoring Skype conversations. Still, Skype is a good start to protect your conversations against casual eavesdropping, especially in conjunction with a virtual private network.
A better solution may come from civil liberties hero Philip Zimmermann. In the 1990s, Zimmermann almost went to prison for developing Pretty Good Privacy (PGP), one of the first effective and trusted programs to encrypt e-mail messages. Zimmermann has developed a program called Zfone (http://zfoneproject.com) to encrypt VoIP calls. In an effort to demonstrate that there are no backdoors, Zimmermann has made Zfone's source code publicly available for review by experts. Zfone is now compatible with a variety of VoIP products, including the popular "MagicJack."
It's up to you to decide whether or not to encrypt your VoIP communications. But if you decide not to, don't say anything you wouldn't want printed on the front page of The New York Times—or to appear in a criminal indictment.
Copyright © 2010 by Mark Nestmann
(An earlier version of this post was published by The Sovereign Society, http://www.sovereignsociety.com)