VoIP seems poised to really take off, but did somebody forget about encryption? In the light of NSA eavesdropping, the question remainds: can a technology be secure if the government has access to communications? Bruce Schneier wrote in Wired that there are four and only four ways to eavesdrop on a telephone call:
One, you can listen in on another phone extension. This is the method preferred by siblings everywhere. . . . Two, you can attach some eavesdropping equipment to the wire with a pair of alligator clips. ... Three, you can eavesdrop at the telephone switch. . . . Four, you can tap the main trunk lines, eavesdrop on the microwave or satellite phone links, etc.
When most people think about IP telephony -- voice over internet protocol, or VOIP -- that's the threat model they probably have in their heads. Unfortunately, . . . Internet telephony's threat model is much closer to the threat model for IP-networked computers than the threat model for telephony.
And the Internet's threat model is vastly greater than telephony's.
Data packets can be eavesdropped on *anywhere* along the transmission path. Data packets can be intercepted in the corporate network, by the internet service provider and along the backbone. They can be eavesdropped on by the people or organizations that own those computers, and they can be eavesdropped on by anyone who has successfully hacked into those computers. They can be vacuumed up by nosy hackers, criminals, competitors and governments.
This is why encryption for VOIP is so important. VOIP calls are vulnerable to a variety of threats that traditional telephone calls are not. Encryption is one of the essential security technologies for computer data, and it will go a long way toward securing VOIP.
Which bring Schneir to the question of US encryption policies.
Basically, the government likes the idea of everyone using encryption, as long as it has a copy of the key. This is an amazingly insecure idea for a number of reasons, mostly boiling down to the fact that when you provide a means of access into a security system, you greatly weaken its security.
Encryption for IP telephony is important, but it's not a panacea. Basically, it takes care of threats No. 2 through No. 4, but not threat No. 1. Unfortunately, that's the biggest threat: eavesdropping at the end points. No amount of IP telephony encryption can prevent a Trojan or worm on your computer -- or just a hacker who managed to get access to your machine -- from eavesdropping on your phone calls, just as no amount of SSL or e-mail encryption can prevent a Trojan on your computer from eavesdropping -- or even modifying -- your data.
So, as always, it boils down to this: We need secure computers and secure operating systems even more than we need secure transmission.