Windows version of Zfone launched
Zimmermann's baby encrypts VoIP traffic.
By Nancy Gohring, IDG News Service | Published: 14:01, 22 May 2006
Zfone, a free piece of software that encrypts voice over IP calls in a way that may circumvent government eavesdropping laws in some countries, is now available to Windows users, its developer has said.
The software works in a peer-to-peer manner, exchanging encryption keys directly between the two people making a voice call. Other approaches, like the commonly used PKI (public key infrastructure), typically rely on a centralised database, usually hosted by a third party, to manage keys.
The distinction is important in some places, where the debate about the rights of governments to eavesdrop on its citizens' phone calls is growing increasingly heated. Zfone presents a challenge in the U.S., for example, where the government has ruled that VOIP providers will soon have to turn over call detail records, just as do regular phone companies.
But the law in the U.S. applies to service providers, not end users. That means that callers can use Zfone to encrypt calls and the government currently can't demand that the users share the encryption keys in order to understand the contents of the call.
Zfone could be less effective for privacy advocates in some other countries. Last week, the U.K. government signalled that it is working toward enacting regulations that would require companies and individual people to hand over encryption keys or face jail time. With the encryption key in hand, authorities could listen to conversations made over VOIP calls.
The software uses extensions to RTP (Real-time Transport Protocol) for the key exchange. Zfone's developers have submitted the extensions, under the name ZRTP, to the IETF for consideration as a standard.
Both participants of a VOIP call must be running Zfone for its encryption to work. For now, Zfone can only be used with software VOIP clients, like those used on computers, but developers can license it to integrate it into their hardware.
Customers of service providers like Vonage, for example, who use adapters that allow the use of existing analogue telephones, won't be able to use Zfone because the software isn't yet built into the adapter hardware.
Zfone also can't be used with Skype because Skype uses a proprietary protocol.
Philip Zimmermann, the creator of the e-mail encryption tool PGP (Pretty Good Privacy), developed Zfone. The U.S. government launched and later dropped a criminal investigation into Zimmermann as a result of PGP.