We were up to visit with my folks on Sunday to correct a couple of small problems their PCs were having and while we were there the topic of my pending lack of employment came up. Dad asked if I had considered dropping my traditional phone service in favor of keeping my broadband connection and signing up for VOIP via Vonage or some similar company, something I have kicked around from time to time even before my employment became an issue. About the only reason I haven’t given it a shot so far has been my lack of a cell phone which would mean that if the broadband went out for some reason then I’d be without phone service at all. Of course, if I can’t afford to pay the current phone bill then the result may essentially be the same.
Now the folks at Wired have an article on the potential vulnerabilities of VOIP including such potential aggravations as “SPIT” (Spam over Internet Telephony):
“It is really just a matter of time before it is as widespread as e-mail spam,” said Michael Osterman, president of Osterman Research.
Spammers have already embraced “spim” (spam over instant messaging), say the experts. Dr. Paul Judge, chief technology officer at messaging-protection company CipherTrust, says 10 percent of instant-messaging traffic is spam, with just 10 to 15 percent of its corporate clients using IM. “It is where e-mail was two and a half years ago,” said Judge.
To put that in perspective, according to another messaging-protection company, FrontBridge Technologies, 17 percent of e-mail was spam in January 2002. It put that figure at 93 percent in November 2004.
So the inference is that “spit” (spam over internet telephony) is just around the corner. Certainly, the ability to send out telemarketing voicemail messages with the same ease as blanket e-mails makes for appealing economics.
Additional potential threats being debated include hackers eavesdropping on conversations, rerouting or answering other people’s calls, interfering with or capturing the audio streams, and so on. Concerns such as this have prompted the formation of the VOIP Security Alliance (VOIPSA) which launches today with the goal of educating consumers and collaborating on means of securing VOIP for the future. Current VOIP providers such as Vonage and Skype question whether this new organization is attempting to solve a problem that doesn’t really exist as of yet. They cite measures they’ve already taken to help offset some of the risks (such as end-to-end encryption of data streams) as showing that they are already being proactive in making VOIP as secure as it can be.
It does seem that the VOIPSA folks might be hyping some of the potential problems a bit much, but given the known history of email and instant messaging in being a conduit of spam and scams on an unprecedented scale it wouldn’t be wise to write them off as alarmist. We should learn from our mistakes in those two arenas and start looking now at any potential problems emerging technologies like VOIP may hold. Otherwise we could end up with a similar conundrum where email is difficult to fix because the standard has been so widely adopted that the changes needed to eliminate the problem are impractical to undertake.
At the very least, it gives me something else to consider and research before jumping into VOIP with both feet.