November 7, 2007.............Privacy issues in borderless communication.

In the days of PSTN, a wiretap could be accomplished by clipping a listening device to a pair of wires at either the top of a telephone pole or at the "central office" of the telephone company where communication traffic would terminate to a switch. Calls were not encrypted, and governments that declared their telephone infrastructure to be a public utility used that status as an excuse to listen to traffic on "their" wires. In most western countries, laws were instituted to require court orders to initiate this spying. Nevertheless, someone using this public utility had to always assume that privacy was not guaranteed with respect to either government or private interests.

In some ways, the move to VOIP has made privacy even more of a problem. Unencrypted calls can now be tapped at any point along the stream of IP packets. Most commonly that would be at the ISP, or at the server in the case of VOIP that is not of the point-to-point variety, or on a cable circuit, or more especially on a LAN. Law enforcement authorities are just starting to discover the wiretapping potential of VOIP, and private (criminal) interests have known about it for a long time. The Internet is LESS secure than the PSTN network, and therefore requires special precautions.

Encryption is essential to privacy in any form of Internet communication, whether voice or video, or even text.... especially email whose "store and forward" nature makes it particularly vulnerable. The good news is that in most western countries encryption is perfectly legal. In some countries such as the USA encryption is even Constitutionally protected (by the 2nd Amendment - right to bear arms). There is much discussion these days about new laws to regulate government wiretaps of Internet communication. In the USA, CALEA (Communications Assistance for Law Enforcement Act) regulation is being reviewed to re-enable efforts to track criminal and terrorist activity. This of course is no threat to a law abiding citizen that trusts his government, but it is a threat to him if he thinks that his government (or the government of his correspondents) IS NOW OR MIGHT BECOME worthy of distrust.

There are many ways to encrypt traffic. Data traffic between banks for example has always been encrypted, and inter-institutional traffic is commonly conducted over secure (encrypted) lines, but communications for the average person or business communicating with customers is almost open to eavesdroppers. There are services available that correct the problem, and add-on tools that can encrypt generic VOIP traffic when both parties are using them, but there is only one way to put all your Internet communication (text, voice, video, and data) in an encrypted envelope... use Skype. By default, all Skype/Skype traffic is encrypted and the encryption keys are shared with no one, so not even Skype is able to tap your traffic.

Cautionary Note: If you use SkypeOUT, SkypeIN or SkypeSMS services, your communications traffic is decrypted at the point where it leaves the Skype network and enters a "public" or switched network. The communication is vulnerable at this point not only because it is decrypted but also because it is passing through a switch on which it is relatively easy to install a tap. One should not be surprised to see efforts to expand CALEA for tapping into these types of Skype traffic.