New Zfone Release Encrypts VOIP for Windows Users

Zfone, a free piece of software that encrypts voice-over-IP (VoIP) calls in a way that may circumvent government eavesdropping laws in some countries, is now available to Windows users, its developer said on Sunday.

The software works in a peer-to-peer manner, exchanging encryption keys directly between the two people making a voice call. Other approaches, like the commonly used PKI, typically rely on a centralized database, usually hosted by a third party, to manage keys.

The distinction is important in some places, where the debate about the rights of governments to eavesdrop on its citizens’ phone calls is growing increasingly heated. Zfone presents a challenge in the United States, for example, where the government has ruled that VoIP providers will soon have to turn over call detail records, just like regular phone companies. But the law in the United States applies to service providers, not end users. That means that callers can use Zfone to encrypt calls, and the government currently can’t demand that the users share the encryption keys in order to understand the contents of the call.

Zfone could be less effective for privacy advocates in some other countries. Last week, the U.K. government signaled that it is working toward enacting regulations that would require companies and individual people to hand over encryption keys or face jail time. With the encryption key in hand, authorities could listen to conversations made over VoIP calls.

The software uses extensions to real-time transport protocol (RTP) for the key exchange. Zfone’s developers have submitted the extensions, under the name ZRTP, to the Internet Engineering Task Force for consideration as a standard.

Both participants of a VoIP call must be running Zfone for its encryption to work. For now, Zfone can be used only with software VoIP clients, like those used on computers, but developers can license it to integrate it into their hardware. Customers of service providers like Vonage Holdings, for example, who use adapters that allow the use of existing analog telephones, won’t be able to use Zfone because the software isn’t yet built into the adapter hardware.

Zfone also can’t be used with Skype because Skype uses a proprietary protocol.

Customers can download the software here. Versions for Mac OS X and Linux are already available.

Philip Zimmermann, the creator of the e-mail encryption tool Pretty Good Privacy (PGP), developed Zfone. The U.S. government launched and later dropped a criminal investigation into Zimmermann as a result of PGP.

-Nancy Gohring, IDG News Service

For related news coverage, read VoIP Security: It’s All About the Implementation.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.