Permit/Deny Ziff Davis Enterprise
Advertisement
Advertisement
Friday, December 28, 2007 1:45 PM/EST

VOIP Calls Need Strong Privacy Protection

Just before Christmas I had a chance to catch up with Network Instruments on Dec. 12. Our subject was the GigaStor network analysis family of tools. I've been impressed with the quality of Network Instruments tools and network analytics for some time. But today, as I look over my notes, I'm struck by the erosion of privacy in the workplace and at home with every network analytics advance.

Starting with my first test of a VOIP system, I've wondered what wiretap rules would apply to these types of telephone calls. From what I've seen, e-mail "acceptable use" policies have made it pretty clear that in the United States employees using company networks and computers can have no expectation of privacy in their written, electronic communication. Many of these policies are being applied to VOIP calls. After all, both e-mail and voice communication end up as data packets on the network, no different technically from any other application.

When I first entered the work force and got a phone that could make direct-dialed, long-distance calls (I started in tech support) I saw how phone records were used to enforce acceptable rules. Then, the president's admin assistant would look over the monthly phone bill and search for long call times or suspicious area codes.

Network sniffers have had for some time now the ability to capture and replay a VOIP call. Network Instruments demonstrated an ability to retain the packet data needed to troubleshoot connectivity or call quality problems without saving the actual call payload. Even so, for the most part, it's up to the scruples of the network technician to skip listening in on the actual telephone conversations that can be saved and replayed by network analysis tools.

I think it's time to make it clear that telephone calls are a special form of communication that should be protected from eavesdropping. It should be mandated in law and become part of the generally accepted practice of network engineers to put the content of voice calls strictly off-limits. The settled practice of monitoring call origin, destination and length should be enough to ensure the acceptable use and effective troubleshooting of VOIP calls.

Posted by Cameron Sturdevant on December 28, 2007 1:45 PM

| Comment (4) | del.icio.us | digg.com | Trackback | Post a Comment
View all of deny
TrackBack

TrackBack

http://blogs.eweek.com/cgi-bin/mte/mt-tb.cgi/12326

Comments (4)

JP :

Your wrong on that. If you want to make a personal phone call while in the office use your cell phone. The business phone is for business purposes and any conversation should not be deemed private.

Posted by JP | December 28, 2007 3:43 PM

dh :

Actually JP's statement is too broad. If a person is using a company phone, the company has some claim to monitor the phone conversation. Other entities including government should have to obtain approval before tapping those phones. More homes are also using VOIP and that is purely within the personal privacy realm. No outside entity has the right to tap those conversations!

Posted by dh | January 3, 2008 1:40 PM

steve :

You are naive and a dreamer. CALEA (Communications Assistance for Law Enforcement Act) mandates that all communications devices be tappable and that has led to deep-packet mining tools which can grab almost any type of packet, re-assemble it and decode and decypher it on the fly. In business, you basically have no reasonable right to privacy from your employer with the exception of medical and personnel conversations with management or its designees. The company, however, needs to maintain confidentiality of all communications so that legislatively-protected NPI (Non-public Personal Information) is not compromised.

If you want to say something that is so important, buy a military-grade scrambler for you and your counterparty. But, I sincerely doubt that anything you may have to say is that important; as most of us overestimate the value and worth of our conversations. The key to privacy is to severely punish those who use or release overheard conversational detail -- and that's the law NOW -- as are the libel laws for false utterances with damaging consequences.

Posted by steve | January 7, 2008 1:40 PM

brad Kirkpatrick :

Isn't it true that Network Instruments just uses Open Source "snort" as a capture engine? The issue is not just Network Sniffers, but something that the person in the next cube downloaded.

Posted by brad Kirkpatrick | January 14, 2008 1:59 PM

Post a Comment

 
 


Breaking News

Advertisement

ajax

apple

Application Development

application security

book review

botnet

Company Announcements

compliance

Configuration Change and Management

CRM

data center management

database

defense against the dark arts

deny

DNS

endpoint management

honeypot

hosted apps

intrusion detection

IPv6

Microsoft

network hardware

network management

network troubleshooting

open source

Patch and Update

penetration testing

Privacy

product review

RSA Security Conference

Seen and heard

Software as a Service

system management

Under test

virtualization

web 2.0

Advertisement

Syndication

Subscribe: Related Blogs: