Secure VoIP calling, free software, and the right to privacy

Secure VoIP calling, free software, and the right to privacy


All free nations in the world today recognize certain basic principles, such as freedom of speech, freedom of thought, and the freedom of privacy. These values that we all share were articulated by and fought for by people such as Voltaire, Jefferson, and Bolivar. This common heritage of freedom is today under attack by those who wish to turn the clock back on human progress. We all know that a government that lives in such fear of its own citizens that it must spy on them and claims the authority to do so en-mass and unchallengeable is not a legitimate government of the people it claims to serve.

There is an interesting story about George Washington during the American Revolutionary War. At one point some of Washington's officers were plotting rebellion against him, and he accidentally received a dispatch that was meant for one of the conspirators. Having opened it, and read it, he realized what had happened, and then asked the courier to please apologize because the letter was not meant for him. He choose to act as best he could in a manner as if he had not read the letter. For Washington understood that even at a time of war, there are certain ideals that must never be sacrificed, otherwise even if victory was achieved, it is not worth the price of a nation nobody would wish to live in.

With these thoughts, we chose, on the first Monday of this October, to release a stack for secure VOIP calling, as free software developed through GNU Telephony, a loose organization of developers who specialize in free software for telecommunications. We accomplished this by creating a free software stack that implements Phil Zimmerman's ZRTP, as well as the Secure RTP spec. This is now part of the GNU RTP Stack, ccrtp. We chose to make this available for immediate use in the most compelling way, by having available at the same time, a complete secure softphone client anyone can also download and use and which implements the secure calling features in an easy to use manner. This client was the Twinkle Softphone client, developed by Michel De Boer, and modified with his help to meet this goal in time with our initial release.

Secure calling VOIP using ZRTP operates much like ssh in concept. The keys for communication are generated locally, rather than using an external certificate authority, hence preventing weak or poisoned certificates which SRTP potentially allows. Fingerprint session signatures are shown and cached much like the ssh host fingerprints, so that one can determine if there is a man in the middle decrypting at one end and encrypting to another.

What we have developed does not interfere with lawful police investigations, since the end point can still be compromised with physical access, presumably executed as part of a lawful and judicially supervised court order. But it does prevent arbitrary and mass spying on what people say, which must come to an end before all other freedoms are lost. With additional technologies including tls secured SIP and anonymizing connection proxies, it is possible to also reduce associative information signal that intelligence so desperately wishes to mine, and that is a goal of later phases of this project.

Since it is free software, anyone can download and use it. Since it is offered as a library, it can be used to produce applications, like Twinkle, that can perform secure communications by design, rather than as an afterthought. This technology is here to stay. There are enough people who have set it up now around the world, including some I personally showed. The source is available and mirrored worldwide. Binaries have been build and now distributed in Debian. Much of that was all done very rapidly and early on at the start of the month, the rest while I was in Maturin speaking at the IVth International Free Knowledge Conference, which I will write about next week, to deliberately make sure it was immediately usable and widely disseminated.

This technology we are bringing to free VOIP software was of course first proposed, in a proprietary form, and as an external proxy known as zfone, by Phil Zimmerman. Much of the work in developing secure calling in the GNU RTP Stack was done by people like Werner Dittman and Federico Pouzols, and with lots of Michel De Boer from Twinkle. Whether you are a head of state wishing to communicate in private, a union organizer within a company, or simply talking to your family and friends, you have a basic right and expectation of privacy. We intend to do everything in our power to help further that goal.

Further information can be found at GNU Telephony

Category: 
Opinions
Tagging: 
free software
vista
secure voip
privacy
telephony

Comments

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I thought I had read that with Jabber, they can listen in your conversation and sell data to third party concerns.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Thanks a lot for this, your efforts are highly appreciated: this is *exactly* what we needed.
I hope many clients will start supporting this, like Twinkle.
Thanks!

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Many of us who only use *nix OS's and who have not enogh money to spend in software would be able to communicate over the net with this programs and libraries

Author information

David Sugar's picture

Biography

David Sugar is an active maintainer for a number of packages that are part of the GNU project, including GNU Bayonne. He has served as the voluntary chairman of the FSF’s DotGNU steering committee, as a founder and CTO for Open Source Telecomm Corporation, and currently owns and operates Tycho Softworks.

Most forwarded

Interview with Dave Mohyla, of DTIDATA

Dave Mohyla is the president and founder of dtidata.com, a hard drive recovery facility based in Tampa, Florida.

TM: Where are you based? What does your company do?
DTI Data recovery is based in South Pasadena, Florida which is a suburb of Tampa. We have been here for over 10 years. We operate a bio-metrically secured class 100 clean room where we perform hard drive recovery on all types of hard disks, from laptop hard drives to multi drive RAID systems.

Anybody up to writing good directory software?

Since the very beginning, directories (of any kind) have had a very central role in the internet. (I have recently grown fond of Free Web Directory. Even Slashdot can be considered a directory: a collection of great news and invaluable user-generated comments. As far as software is concerned, doing a quick search on Google about software directories will return the free (as in freedom) software directories like Savannah, SourceForge, Freshmeat and so on, followed by shareware and freeware sites such as FileBuzz, PCWin Download Center and All Freeware (great if you're looking for shareware and freeware, but definitely less comprehensive than their free-as-in-freedom counterparts).

Interview with Mark Shuttleworth

Mark Shuttleworth is the founder of Thawte, the first Certification Authority to sell public SSL certificates. After selling Thawte to Verisign, Mark moved on to training as an astronaut in Russia and visiting space. Once he got back he founded Ubuntu, the leading GNU/Linux distribution. He agreed on releasing a quick interview to Free Software Magazine.

Is better education the key to finding better software?

I read David Jonathon's article Anybody Up To Writing Good Directory Software? the other day, which got me thinking about software directories in general. As David mentioned, many of the software directories one finds when doing a quick google search are free as in beer, not as in freedom. But what interests me is the software directories that already exist, providing a combination of both free as in beer software, and open source software. Sites such as Freeware Downloads and Shareware Download don't advertise themselves as providing free as in liberty software, but each of them have a good selection of open source software available... if you know where to look.

Most emailed

Free Open Document label templates

If you’ve ever spent hours at work doing mailings, cursed your printer for printing outside the lines on your labels, or moaned “There has got to be a better way to do this,” here’s the solution you’ve been looking for. Working smarter, not harder! Worldlabel.com, a manufacture of labels offers Open Office / Libre Office labels templates for downloading in ODF format which will save you time, effort, and (if you want) make really cool-looking labels

Creating a user-centric site in Drupal

A little while ago, while talking in the #drupal mailing list, I showed my latest creation to one of the core developers there. His reaction was "Wow, I am always surprised what people use Drupal for". His surprise is somehow justified: I did create a site for a bunch of entertainers in Perth, a company set to use Drupal to take over the world with Entertainers.Biz.

Update: since writing this article, I have updated the system so that the whole booking process happens online. I will update the article accordingly!

So, why, why do people and companies develop free software?

More and more people are discovering free software. Many people only do so after weeks, or even months, of using it. I wonder, for example, how many Firefox users actually know how free Firefox really is—many of them realise that you can get it for free, but find it hard to believe that anybody can modify it and even redistribute it legally.

When the discovery is made, the first instinct is to ask: why do they do it? Programming is hard work. Even though most (if not all) programmers are driven by their higher-than-normal IQs and their amazing passion for solving problems, it’s still hard to understand why so many of them would donate so much of their time to creating something that they can’t really show off to anybody but their colleagues or geek friends.

Sure, anybody can buy laptops, and just program. No need to get a full-on lab or spend thousands of dollars in equipment. But... is that the full story?

Fun articles

Santa Claus - the most successful open source project

It dawned on me the other day, as I was shopping for the dozens of gifts it seems I have to buy every December, that Santa Claus is the most successful open source project in history. (Bridget @ Illiterarty would agree with that). Santa Claus is essentially a marketing development that is embodied by everyone who stuffs a sock, gives a gift, hosts a dinner or wishes Merry Christmas over the holiday season.

Most emailed

Editorial

When I first started thinking about Free Software Magazine, I was feeling enthusiastic about the dream. I had Dave, Gianluca, and Alan willing to help me, I had established members of the free software community willing to help me out, I had writers volunteering their time and energy for free, and I had a generous offer from OpenHosting for servers, all before I'd proved myself. There was a sense of excitement in the air, and I thought maybe, just maybe, I could make this work.

Free Software Magazine uses Apollo project management software and CRM for its everyday activities!