Phil Zimmermann, the creator of email encryption software Pretty Good Privacy (PGP), has released Zfone, a VoIP encryption program for Windows.
Zfone, which is still in beta, was made available earlier this year to Mac and Linux users. The application uses a new protocol called ZRTP, which has been submitted to the IETF as a proposal for a public standard and will work with any standard SIP phone, according to Zimmermann's Web site.
When Zimmermann made PGP available on the Internet as freeware in the early 1990s he became the target of a three-year criminal investigation by authorities in the US under legislation restricting the export of cryptographic software. Eben Moglen, now the Free Software Foundation's lawyer, defended Zimmermann and the case was eventually dismissed.
But some in the industry are speculating that Zfone may put Zimmermann under renewed government scrutiny.
Zimmermann said he believed Zfone would not be affected by US wiretapping legislation -- the Communications Assistance for Law Enforcement (CALEA) -- as this law only applies to service providers, and only the end users of Zfone will have access to the keys.
"CALEA does not apply to end users," said Zimmermann in an FAQ on Zfone. "CALEA imposes requirements on VoIP service providers to give law enforcement access to whatever they have at the service provider, which would be only encrypted voice packets. ZRTP does all its key management in a peer-to-peer manner, so the service provider does not have access to any of the keys."
But Zfone may fall foul of the UK's Regulation of Investigatory Powers Act (RIPA). Last week it was revealed that the UK government is preparing to give police the authority to force organisations and individuals to disclose encryption keys.
Although governments are likely to be concerned that such cryptography software may be used by terrorists, Zimmermann told the The New York Times that the primary market for this software is not those trying to avoid government surveillance, but corporate users. He predicted that spyware will be used in the future to eavesdrop on Internet telephone calls made by businesses.
"They will have entire digital jukeboxes of covertly acquired telephone conversations, and suddenly someone in Eastern Europe is going to be very wealthy," he told the paper.
Earlier this month security professionals at a conference expressed concerns that VoIP is not mature enough to provide secure business communications.