July 14, 2006

Your Privacy - More About CALEA and VoIP

As mentioned in the previous post, CALEA and Sarbox regulations are reasons you should record corporate VoIP. The problem is, VoIP does not lend itself well to wiretapping. Fortunately, VoIP carriers have until May 2007 to comply, which provides the industry nearly a year to work out a solution.

While Sarbox is aimed at publicly-traded businesses, CALEA applies to any business or private citizen. Even people that do not use VoIP could be affected by this act.

Some of the drawbacks of eavesdropping on VoIP data for CALEA is that more than just voice traffic has to be captured. Thus, a significant amount of irrelevant data has to be filtered out, including other VoIP users calls. What it amounts to, from a privacy perspective, is that some law enforcement official could then know a private citizen's every activity online. This goes beyond the objective to wiretap calls "of interest" and moves towards something potentially more sinister.

There are also other technical issues such as firewalls, and even Wi-Fi access that is not secured. For example, if you have a Wi-Fi network at home but have left it as open access, either because you don't care or don't know how to secure it, you might have a problem. What if your scruffy-looking neighbour across the street conducts questionable phone calls from his VoWiFi (VoIP over Wi-Fi) handset using your Wi-Fi?

Similar issues will probably suuround calls over Municipal Wi-Fi. For example, a project in Taipei City, Taiwan, expects to have 200,000 VoIP phones in use, by year's end, by administrative and public school workers. After that, they hope that private citizens will use the network for VoWiFi calls. How do you wiretap VoWiFi calls that could be made anywhere in the city, outdoors or indoors?

Another question people are asking: should CALEA extend to soft clients such as Skype? Truth is, I wouldn't be surprised if text IM clients such as Google Talk or any of the Messenger-type of software are already "monitored". But VoIP clients are another issue.

Sources: Network World [via FierceVoIP]

--
Did you enjoy this post?

July 14, 2006 in Privacy, Regulation | Permalink

Free VoIP Newsletter

Subscribe to The RFID Gazetteer, published monthly. Enter your email address:

« Why Your Company Should Record VoIP Calls | Main | Could RFID Transponders Be Used For VoIP e911 Caller Verification? »

Syndicate

Add to My Yahoo! Add to MyMSN
RSS Feed Subscribe at NewsGator Online Subscribe at Bloglines

Click Here

Features

Categories

Archives

Blogroll

Feedback

Network