by Glenn Hefley
One of the things I really love about VoIP and Skype in particular is the call
encryption. Its not that I say anything or do anything worth the scrutiny of
world governments (or even the person on the other side of the line) it is just
that I like to know my privacy is there. You don't have to be criminal to enjoy
privacy. If it was just the government, like the FBI with their Carnivore system,
I wouldn't be that concerned, but its not, its any kid with software package.
In fact, many ISPs use packet sniffers as diagnostic tools. Also, a lot of ISPs
maintain copies of data, such as e-mail, as part of their back-up systems.
Encryption these days is easy. Even at the level of email and file transfers.
I use it out of habit now, all of my telnet and ftp programs are really Secure
shells and Secure FTP programs. Even my email is a secure connection with GMail.
I didn't start using Skype, instead of the many other VoIP providers out there
because it was secure, but I continue to use it for that reason.
Governments however are starting to look at personal and available encryption
as a problem. A large problem from the sounds of things. Skype for example
is under a great deal of scrutiny. Skype uses 256-bit, industry-standard AES
encryption that is nearly impossible to break without the key. The Skype privacy
FAQ explains the system this way:
"Skype uses AES (Advanced Encryption Standard) - also known as Rijndael
- which is also used by U.S. Government organizations to protect sensitive,
information. Skype uses 256-bit encryption, which has a total of 1.1 x 10^77
possible keys, in order to actively encrypt the data in each Skype call or
instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User
public keys are certified by the Skype server at login using 1536 or 2048-bit
RSA certificates."
You don't have to do anything to encrypt your call with Skype. If you are
talking to someone on the VoIP, who is of course also on the Internet, and
not on a normal phone, then the call is automatically encrypted. If you are
talking to someone on a land line through your Skype connection, then of course
that person's phone can be tapped just like any other normal phone. But on
line you are fairly secure.
The FCC ruled last year that VoIP providers need to offer backdoors into their
systems for wiretapping reasons, but Skype isn't based in the US and so is
not subject to the rule. It is subject to the EU's new Data Retention Directive,
though, which may require them to retain call logs and decryption keys for
a period of time. If so, real-time monitoring of Skype calls would still be
out, but after-the-fact review of recorded calls from people of interest might
well be possible for the government.
Skype isn't the only ones in the VoIP world that see encrypted calls as important
to their customers. AVM's "Cordless VoIP" exhibit at Cebit 2006 presents
in action the first highly integrated combination featuring an ADSL modem,
a WLAN router, a DECT telephone, and Voice over IP. The FT 7150 D permits phone
calls both over the Internet and over a fixed line, with no need to turn on
the computer. Thanks to factory-activated WPA encryption and a unique password,
the WLAN is protected against eavesdroppers.
I expect to see a great deal more VoIP's featuring encryption in the future,
whether under the FCC rule or not.
This article may not be copied or distributed in part or in full from this site and is copyright D24 Media Limited.
|
Recommended: Click here to scan your PC for outdated drivers
