:: Open Content
VoIP is a developing field - there are three major (and several minor) competing standards, two of which are directly supported by major players like Microsoft, and the UK's Telecomms Infrastruture owner (BT), which is planning to move its current digital TDM system to VoIP. The question I find myself asking all too often is, "Why is everyone up in arms about it, either for or against? If one didn't know any better, one might think this technology is the savour of mankind, or the face of evil. Dave Howe submitted the following editorial to osOpinion/osViews which puts the issue in perspective.
In fact, it is neither...or both.
VoIP, like any other realtime telecommunications network, is only useful in direct proportion to the number of nodes that exist. When Fax machines were still prohibatively expensive, there was no incentive to produce them cheaply in bulk - because, there were only a few weather Bureaus and government offices that you could send faxes to. These days, everyone
in business has a fax machine, and the decision to not
have one at a business is not taken lightly.
The same could well have applied to mobile phones - everyone remembers the hugely expensive housebricks and some even remember when a mobile phone was either a car or briefcase job - due to sheer size. Mobile phones however, bootstrapped themselves onto the conventional telephone system, so that a mobile phone could call a conventional telephone, and vice versa. Once this happened, and the arials for coverage were in place, it was almost instantly ready for the mass market. There were thousands of people who would buy a phone if it were cheaper, and millions who would buy it if it were much, much cheaper - not to mention light enough so that you could carry it in a pocket without concern.
VoIP is going though this stage now - it is becoming simpler to use, but its real value only lies in support for gateways back to the conventional telephone system. and here we find an apparent strength - current billing technology in conventional and
mobile fields are based on per minute distance charging - the further you call, the more it costs, and the longer you call, the more it costs.
With VoIP, the internet segment is for most people global and unmetered - if your website is in china, it costs no more for an American to access than one in America or England does. Some people still have to pay per-minute (or per megabyte - another metering scheme) but for the majority, that isn't as big an issue
What a VoIP gateway does is bridge the gap - it turns a Internet phone call into a local
phone call at the destination; costs are vastly reduced, for everyone, and surely nobody could be unhappy about that, could they?
Well, obviously, at least some people can be. The most obvious victims here are the telecomms companies currently making a massive profit from long distance calls. It's beyond dispute that telecomm companies stand to lose a big (say, 25%) chunk of their revenue if VoIP gateways are allowed to spread at local call rates, unchecked.
Second, the government is also at the trough - all those long distance calls are taxed at least once, and depending on the governments enroute and/or at each end, possibly more than once. Lower charges mean less tax payments, and anything that cuts government income tends to have a big, heavy bureaucratic boot applied until it produces at least as much revenue as the old scheme did, plus possibly a little more to cover the additional regulation.
Third in the chain come the current "value added" providers - Mobile phones, parasitic revenue schemes (such as paid chatlines) and service resellers. Each is out in the cold here - VoIP gateways do not talk to the former two (they charge connect-though fees that are too compex to charge the final recipient for, at least right now) and the latter has nothing to resell.
And Finally, (for different reasons), is Law Enforcement.
Encryption is the bugbear of the law enforcement agencies - it is not known how secure the current encryption is, but even at a pessimistic estimate, it is prohibitively expensive to break any
encrypted message unless you know in advance it is worth the effort - estimates range from millions of years down to just a few weeks, but cost estimates go down only as low as $100,000 per message
broken, provided the encryption concerned is sound (and most is, these days; little snakeoil still exists on the market, although you can find some if you look hard enough)
VoIP is hard to tap at all, compared to conventional telephony, (which has had electronic tapping capabilities mandated in for years now); merely identifying and differentiating domestic and international calls (as many law enforcement agencies are required to, particularly in the USA) is a hard problem when all you have is an IP address on a packet, and even harder if you take into account diverse paths, packet loss, conference calling abilities that "relay" though a chosen machine, and so forth.
If you add encryption on top of that, (which some protocols do) then you have something that sets LEA tapping abilities back thirty years, and the LEAs really, really don't want to give up what technology has given them, just because technology wants to take it away again.
There is also another problem, which relates to the strength of VoIP - that even without a conventional gateway, it is itself a parasite on the Internet, and quite a high cost parasite at that. VoIP has massive demands in terms of quality of service (packets must get there fairly fast and reliably) and bandwidth (VoIP has a tradeoff between bandwidth and compression technology; for a computer, you might get enough compression at realtime speeds to allow only a narrow pipe, but your typical dedicated handset just hasn't got the power, so needs
that broadband connection to work.
What is often forgotten is that the Internet itself is largely parasitic on the telephone network. not for the ISPs - even though many are telcos in their own right, as it simplifies things like owning transatlantic cables - but for end users. Anything that impacts the revenue streams for telecomms companies (particularly those who have had a monopoly for so long that they consider making a minimum of 300% profit on anything a normal way of doing business) could cause a crisis for them, and companies in crisis tend to lash out.
When your attacker is directly dependent on your existance for its
existance, and the opposite isn't the case, the lashing out can be punative indeed. Many welcome and openly lobby for government intervention in this field, simply because it is a direct threat to them, and one that regulation could stave off for many years.
It isn't that VoIP is easy to regulate - it isn't - but that even a trivial attempt at a registration requirement would exclude 90% of potential users, and a serious clampdown would force the all important gateways to close, leaving peer to peer chat as the minority element it has been for many years (few people even know that it is built into such clients as the America Online instant messenger, and that ICQ not only contains VoIP but Video over IP (webcam) support too; fewer still have ever actually used it)
As a final thought, I will leave you with a discussion of the three main competing technologies out there.
The first is H.323 - which most Windows users would know as "netmeeting", the standard Microsoft package that supports the protocol. It is notoriously hard to route, firewall, or indeed do anything with - and the reason is it was never designed for IP networks in the first place, but for Videoconferencing over ISDN lines. The H.323 standard is (in common with many legacy standards documents from the ITU) pay only and expensive, but details can be found here for the interested. Encryption is almost unheardof for this protocol, and if implimented, is almost always as an outer wrapper (VPN or similar)
The second is SIP - an open internet standard being increasingly supported by such major players as Cisco and Microsoft. While the standard itself is open (details here) there are a much more limited list of clients available to actually use the standard with, and none to my knowledge impliment the encryption part of the protocols (at least in their free versions; XTen sell a crypto-enabled version of their SIP software (and also sell hardware phones) but use their own, propriatory crypto rather than the SIP one.
Newest, but definitely not least, is the well regarded Skype system. Currently free for download, Skype has good quality compression, an inherent encryption system, and no support outside of its sole manufacturer (this is unfortunate, but a consequence of the closed source and undocumented, proprietary nature of its protocol.
In contrast, the former two *are* supported, and very well indeed - many commercial PBX manufacturers now sell SIP and H.323 modules, and at least one free one (Asterix) supports both, in addition to conventional telephony and a wealth of voice menuing and routing features. ::