Saturday, December 20, 2003

Telirati Newsletter #26

IP telephony used to have no "killer app." Really, it still doesn't. Which may have something to do with the fact that IP telephony is only now taking off, now that mobile telephony has eclipsed land lines and buying a conventional PBX seems a bit like buying a horse cart. IP telephony still does not, in general, offer better privacy, or even better voice quality than conventional circuit-switched telephony.

Telirati Newsletter #26: Is privacy the killer app?

One major reason why IP telephony makes sense for replacing PBXs is manageability. Data network managers have efficient, powerful, and reasonably priced management tools available to them. Tools for managing voice networks are more expensive due to the fact that the market for these tools is confined to the high end.

A close relative of management is logging. Implementing voice logging in IP telephony systems can be a matter of configuring the software, which makes it cheap, easy, and invisible. In conventional systems, voice logging involves a voice processing port for every trunk line on the system. Combined with the easy and powerful management available in IP telephony, logging systems can tag logged calls with all kinds of call data, for more powerful cataloging and readier retrieval.

This combination of effective, efficient, easy, and inexpensive administration and logging can be a blessing. In environments like retail brokerage operations, voice logging is a necessity. But there are cases where this ease of surveillance can be abused. One might argue that instances where the greatest potential is for abuse rather than benefit are vastly in the majority.

This is no fault of IP telephony. Rather it is the difference between the closed and opaque world of telephone systems and the open, transparent, programmable, and examinable world of data networks.

Privacy and encryption are central to implementing IP telephony in a way that users find trustworthy. Both the cause and cure related to easier snooping in IP telephony rest in another characteristic of IP telephony: the smart endpoint.

If the increased intelligence of the IP telephony system, and its programmability and flexibility make it ideal for (and what a quaint word it now sounds) “wiretapping” the increased intelligence at the endpoints that makes IP telephony possible also makes it possible to guarantee privacy.

This means that to be trustworthy, IP telephony networks do not need to be trustworthy in themselves, only that the endpoints provide trust through strong encryption. This is the requirement: the call has to be secured inside what the user can see, control, even own. The PC, or the dedicated IP telephony handset, has to contain software for encrypting the call so that it can thereafter traverse all manner of exposure on its way to its destination. Without being certain his handset is able to secure the call, users of IP telephony will reasonably conclude that their calls are exposed to the increased capability to perform monitoring and logging in IP telephony systems as well as the increased hazard of hacking in any system as open and diverse in application as the Internet.

So people should want encryption. But people don’t always want what they should want, as many companies selling backup and anti-virus software (and dental floss) will tell you. Is there then, a desire for privacy and security driven by more than innate virtue? If there is it probably lives near the reason people use IP telephony these days: to bypass international long distance charges when calling obscure corners of the globe. This type of call, more than any other, is susceptible to official and semi-official snooping. And often this snooping is more for the purpose of finding financial advantage than for the cause of state security.

Are there enough people exposed to real hazard and with awareness of that hazard to popularize strong encryption for voice telephony? This can only be determined from primary source research into the market: How many people use IP telephony in situations where they have a real reason for concern about snooping? How many people would use IP telephony to secure sensitive calls if security and privacy were available? My impression is that this second group would be larger than the first, and that privacy constitutes something of a killer app, the kind of capability that justifies the whole system.

The downside is that the profile of the early adopter resembles that of the early videotape and Internet enthusiast: he may be more interested in keeping his communications with his Monica-equivalent private than he may be with the general security and trustworthiness of the communications system. So if this is the privacy customer, it would not be the first time a worthwhile technology was paid for by not the visionaries, but rather those blindly driven by their glands. Farfetched? Recently Salon magazine covered the chagrin arising from the fact that Microsoft’s directory servers for users of NetMeeting have become hotbeds, so to speak, for people who want to share more than their pie charts in multimedia conversations.

The best outcome would be like that of other technologies pioneered in their use by less than platonically motivated users: the technology of privacy becomes widespread enough that the default behavior of people is to choose privacy.

Copyright 1998 Zigurd Mednieks. May be reproduced and redistributed with attribution and this notice intact.