Interview with PGP founder Phil Zimmermann: Zfone, secure VoIP media encryption software
(photo credit: CPU Magazine) Many internet users have switched their land line phones to ‘voice over internet’ (VoIP) phones, unaware that the SANS (SysAdmin, Audit, Network, Security) Institute has named VoIP Servers and phones as one of the top 20 internet Security Attack Targets. Philip Zimmermann’s worldwide famous email encryption software, PGP, had revolutionized the security of email communications in the 1990s and I wondered what his thoughts were on VoIP, now that it has become ‘mainstream’ for high-speed internet users.
*When I stumbled across a link to his latest invention, The Zfone Project, I was intrigued. After all, I use VoIP and I don’t like the idea of saying Goodbye privacy: cellphones spy for FBI, web tools record voip. So, I emailed Mr. Zimmermann to find out more. Less than an hour later, he phoned me from Brussels, Belgium, joking that this was an international interview. His voice was crystal clear and I couldn’t distinguish any ‘lag’ in the phone call’s quality even though we were speaking via VoIP (I have VoiP too).
He spoke briefly about how Zfone provides web security for VoIP. The following is an amalgam of our interview and materials he provided me to answer my questions. (hope my memory is good enough, because I sure as h*ck don’t record my phone conversations, let alone this one!)
“Zfone and its innovative encryption technology sets the standard for securing VoIP phone calls. Zfone lets you whisper in someone’s ear from a thousand miles away…” [Zfone Project : Home Page heading]
Mary: Why do we need this product, Zfone, when we have Skype, which also encrypts phone conversations?
Phil Zimmermann: The Internet is not a safe medium to carry our phone calls. But Zfone solves these problems. Zfone uses a new protocol (called ZRTP), which is better than the other approaches to secure VoIP (more…). Because Zfone works with industry standards of voip, it can be implemented to work with most existing VoIP products and services. However, Skype uses a proprietary encryption algorithm which doesn’t work with Zfone.
Mary: How do you counter people who say PGP and Zfone just help the bad guys, the criminals of the internet, especially in light of 911 and homeland security?
Phil Zimmermann: As we watch our phone calls move from the relative safety of the PSTN (traditional landline network) to the more lawless Internet, we would be foolish and irresponsible not to protect this critical infrastructure with strong encryption. Perhaps some people in the law enforcement community see this as an impediment to legitimate wiretapping, but the broader law enforcement perspective of protecting society from massive criminal exploitation means we cannot expose 99.99% of our phone calls to criminals just to preserve the government’s easy access to the 0.01% tiny minority of calls they want to wiretap.
Mary: Are landlines inherently safer than VoIP? If I don’t plan to use a product like Zfone, is it wise to stick with my land line phone for now?
Phil Zimmermann: Traditional packet switched network (PSTN) phone calls are sent over a closed circuit between two parties and not over the internet. VoIP phone calls, however, are sent over the Internet, which allows much greater opportunities for interception, so VoIP phones need encryption because the threat model for VoIP interception is much broader.
(Mary: scratches head; oh, I see: I need encryption on VoIP! period! unlike my home phone which didn’t require encryption. I don’t have important conversations, but on the web, I can see a need for encryption: for times I speak with my doctor, for times I use my credit card, in short for any time I’m trying to have a private conversation.)
Mary: Q. I see a Zfone beta is available for Windows. I plan to download and test it on my Windows computer.
Phil Zimmermann: A. If you have questions, you may ask them. I recommend you read the faq and familiarize yourself with the software which you may download from my site after you register for it. The Windows beta version was issued in July, 2006, and has not yet been updated to reflect the many improvements and fixes already implemented in the November 7, 2006 Linux and Mac OS X counterpart beta releases. The reason for this is it was easier for us to develop the software on other platforms than Windows. We plan to port it over to Windows after most of the work has been done. Over the next few weeks, we may be porting it to Windows and I’m working on it now.
I don’t develop on Windows. It may interest you to know that although I made PGP, I never actually used it on Windows.
Mary: I signed up and I’ll wait for the newer version. Thanks for answering these questions!
I told Phil he wasn’t missing out on anything: Windows security for the average joe is a daunting task right now. (The SANS Institute 2006 report also says that Microsoft Windows Libraries and Services are among the most vulnerable applications on computers today.) I told Phil I thought media and consumer interest in Zfone would spike, now that people are more aware of the inherent risks in voip security and thanks to articles in the news about the ease of cell phone tapping.
*This morning I read Robert Cringley’s column: can the government really listen in to your VoIP calls? Yes they can [via Dealing with the Devil, David Van Couvering, link via Megite Technology News] and followed a link in the comments to the Zfone Project, Phil Zimmermann’s secure VoIP media encryption software.
Dear Readers: Do you use VoIP or do you plan to switch to VoIP soon? If so, how important is strong encryption of voip to you?
Disclaimer: None of this interview may be exact quotes, because, dear reader, I didn’t record our conversation. (I can’t wait to try VoIP with Zfone!)
Technorati Tags: VoIP, Zfone, encryption, Phil Zimmermann, powered by performancing firefox
Related Stories
POSTED IN: Articles, Defend Yourself, Security, cool software
1 opinion for Interview with PGP founder Phil Zimmermann: Zfone, secure VoIP media encryption software
Zfone voip exempt from CALEA, US phone tapping law » Tips and Tricks to help you Master Your Computer
Dec 7, 2006 at 11:57 am
[…] In followup questions to my interview with Phil Zimmerman, I asked how Zfone, his encrypted VoIP phone project, reconciled with CALEA, the US phone tapping law which enables Homeland Security and other US agencies to decrypt and listen to VoIP phone calls. Phil referred me to his faq, which says: “… Only Zfone’s end users are involved in the key negotiation, and CALEA does not apply to end users… “ […]
Have an opinion? Leave a comment: