Almost one year ago to the day, I posted about encrypted communications for the average consumer. In it, I said this:
I submit, dear reader, that at some point someone is going to make a plugin for something like Skype, or perhaps even a completely new VoIP application that does good encryption, with keys created and passed around by The People, similar to gpg keys.
Phil Zimmerman is the man who made PGP, and in 1996 he made something like this, but the VoIP technology wasn’t ready for it. Now it is, and he’s made a completely new product called Zfone that handles SIP and TP, the most common VoIP protocols today.
At this point it’s not built into any product, but when installed alongside, it can be used with stuff like Skype. Given its liberal license, I’m hoping it’ll be built into a variety of packages.
If places like Vonage count as Telephone Providers, they’ll be required by law to allow the Feds to tap lines. Which means letting them handle your encryption is a lot like not having any. I wonder if they’d be liable if it were possible for me to run something on my end to encrypt it? That’s an interesting legal foible.
It is my understanding that the jurisdiction of ANY provider of ANY communication service provider ends at the end of “their” equipment. IF you can run the encryption between your phone and the vonage box, you will not be violating any laws or copyrights.
Since the conversion from analog to digital happens in the vonage box, I am not sure you will be able to do this unless you have another converter between the two (your phone and the vonage box) and then will the vonage box accept the SIP or TP packets.
This all being said… you can always try to get a “soft switch” for your PC / MAC and then run the encryption package on that PC and into the soft switch. I know that Broadvoice, the company I use allows for a soft switch. You will have to check and see if there is one that will port to the vonage system.
Thanks for keeping us informed.
Just a couple days ago I was blogging about VoIP and touched on the need for encrypted VoIP for missionaries in closed countries.
http://missions.ritchietribe.net/node/72
Anyway, thanks. I’m going to keep an eye on that.
RFC 2543 defines a protocol for PGP encryption with SIP. http://www.rfcsearch.org/rfcview/RFC/2543#15.2
RFC 3261 obsoleted RFC 2543 and did not include PGP encryption or authentication any more. Reasons for that are at http://www1.ietf.org/mail-archive/web/sip/current/msg11899.html