Voice Encryption May Draw U.S. Scrutiny

Eugen Leitl eugen at leitl.org
Mon May 22 13:19:04 PDT 2006


http://www.nytimes.com/2006/05/22/technology/22privacy.html?_r=2&oref=login&p
agewanted=print

May 22, 2006
Voice Encryption May Draw U.S. Scrutiny
By JOHN MARKOFF

SAN FRANCISCO, May 21 b Philip R. Zimmermann wants to protect online
privacy. Who could object to that?

He has found out once already. Trained as a computer scientist, he developed a
program in 1991 called Pretty Good Privacy, or PGP, for scrambling and
unscrambling e-mail messages. It won a following among privacy rights
advocates and human rights groups working overseas b and a three-year
federal criminal investigation into whether he had violated export
restrictions on cryptographic software. The case was dropped in 1996, and Mr.
Zimmermann, who lives in Menlo Park, Calif., started PGP Inc. to sell his
software commercially.

Now he is again inviting government scrutiny. On Sunday, he released a free
Windows software program, Zfone, that encrypts a computer-to-computer voice
conversation so both parties can be confident that no one is listening in. It
became available earlier this year to Macintosh and Linux users of the system
known as voice-over-Internet protocol, or VoIP.

What sets Zfone apart from comparable systems is that it does not require a
web of computers to hold the keys, or long numbers, used in most encryption
schemes. Instead, it performs the key exchange inside the digital voice
channel while the call is being set up, so no third party has the keys.

Zfone's introduction comes as reports continue to emerge about the
government's electronic surveillance efforts. A lawsuit by the Electronic
Frontier Foundation, a privacy rights group, contends that AT&T has given the
National Security Agency real-time access to Internet communications.

In the wake of 9/11, there were calls for the government to institute new
barriers to cryptography, to avoid its use in communications by enemies of the
United States. Easily accessible cryptography for Internet calling may
intensify that debate.

"I'm afraid it will put front and center an issue that had been resolved in
the individual's favor in the 1990's," said James X. Dempsey, policy director
for the Center for Democracy and Technology, a Washington-based public policy
group.

The Federal Communications Commission has begun adopting regulations that
would force Internet service providers and VoIP companies to adopt the
technology that permits law enforcement officials to monitor conventional
telephone calls. But for now, at least, F.C.C. regulation exempts programs
that operate directly between computers, not through a hub.

"From the F.C.C.'s perspective you can't regulate point-to-point
communications, which I think will let Phil off the hook," said Marc
Rotenberg, director of the Electronic Privacy Information Center, an advocacy
group in Washington.

Zfone may face more of a challenge in Europe, where the British government is
preparing to give the police the legal authority to compel both organizations
and individuals to disclose encryption keys.

But Mr. Zimmermann, 52, does not see those fearing government surveillance b
or trying to evade it b as the primary market. The next phase of the
Internet's spyware epidemic, he contends, will be software designed to
eavesdrop on Internet telephone calls made by corporate users.

"They will have entire digital jukeboxes of covertly acquired telephone
conversations, and suddenly someone in Eastern Europe is going to be very
wealthy," he said.

While Mr. Zimmerman is giving away his software so far, his goal is to attract
VoIP software and hardware developers to license his technology and embed it
in their products.

Zfone can automatically encrypt any call between users of freely available
VoIP software programs like X-Lite, Gizmo or SJphone. It can be downloaded at
www.philzimmermann.com.

The system does not work with Skype, the VoIP system acquired by eBay, which
uses its own encryption scheme. But at a conference last week in Cyprus,
German officials said they had technology for intercepting and decrypting
Skype phone calls, according to Anthony M. Rutkowski, vice president for
regulatory affairs and standards for VeriSign, a company that offers security
for Internet and phone operations.

Mr. Zimmermann said he had not yet tested Zfone's compatibility with Vonage,
another popular VoIP service.

Mr. Zimmermann contends that the nation is better off with strong
cryptography. Indeed, Zfone can be considered an asset, he said, because it
allows people to have secret conversations without hiding their Internet
protocol addresses, which could be traceable geographically. Those observed
having a secured conversation could come under suspicion, of course. But for
that reason, he argued, sophisticated criminals or terrorists are unlikely to
use the technology.

"I'm sympathetic to the needs of the intelligence community to catch the bad
guys," he said. "I specifically protect the content the criminals want, while
simultaneously not interfering with the traffic analysis that the N.S.A. is
trying to do. You could make the case that I'm being socially responsible."


--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]





More information about the cypherpunks-legacy mailing list