VoIP worriesIntelligence, law enforcement face another hurdle: encrypted VoIP

Published 26 February 2009

The intelligence community and law enforcement already are concerned about the difficult they have eavesdropping in Skype communications; a U.K. start-up is going to make life more difficult for them by encryption VoIP communications and concealing more conversations

We wrote the other day about the increasing frustration of intelligence services and law enforcement over their inability to eavesdrop on Skype calls (“NSA May Offer “Billions” for a Solution Allowing Eavesdropping on Skype,” 15 February 2009 HS Daily Wire). These services may soon have another problem on their hands.

A British security firm has urged the U.K. government not to impose heavy-handed interception regulations on VoIP providers, ahead of the forthcoming consultation on communications data. Cellcrypt, based in London, develops and sells a smartphone application that allows companies to make encrypted VoIP calls internationally. The software can be pushed to handsets over the air, offering near-instant voice security for workers in the field.

Chris Williams writes that Cellcrypt called on the government to follow the lead of Washington regulators and take a hands-off approach as use of such services grows. U.S. mobile and fixed line network operators are required to give intelligence and law enforcement agencies access, but VoIP providers are not. Recently, U.K. intelligence agencies have complained that the rise of VoIP makes it difficult for them to monitor communications. The Home Office’s imminent consultation promises counter measures such as new data collection powers. This week the EU launched an investigation into the impact of encrypted Skype calls on law enforcement.

Cellcrypt CEO Simon Bransfield-Garth, a former Symbian marketing chief, said authorities could not hope to keep up with technology or the proliferation of services. “The U.S.’ pragmatic approach is the only one that stacks up,” he said.

The firm’s application for smartphones uses both the AES and RC4 encryption standards and is hoping to lead a new market in securing organization’s mobile voice calls. Export rules on encryption technology meant the source code had to be vetted by GCHQ before it could be sold abroad. Cellcrypt is now trying to sell its technology to government agencies, NGOs, financial firms, and other multinationals. “What I never hear is ‘this isn’t a problem’”, Bransfield-Garth said.

The British start-up is battling competition from applications that secure traditional circuit-switched calls and from often bulky hardware-based offerings, such as General Dynamics’s Sectera Edge, which was mooted as a military-grade secure replacement for Barack Obama’s cherished BlackBerry.

Cellcrypt claims its low latency, ease of use, and availability on ordinary Nokia S60 and Windows Mobile handsets has those alternatives beaten. More mobile operating system releases are planned this year. “It’s not today a mass market technology, but there will come a point where you’ll be remiss not to have voice encryption,” Bransfield-Garth said, signaling ambitions to cut deals to sell the software via operators.

For intelligence agencies used to being able to flick a switch to listen to any traditional phone call, such a mass distribution of encryption software might be worrying. We will know how worried GCHQ and the intelligence agencies are by VoIP when the Home Office finally publishes its consultation.