After hours Toolkit

Rupert Goodwins' Diary

Rupert Goodwins ZDNet.co.uk

Published: 19 Dec 2003 17:15 GMT

Monday 15/12/2003
There's an increasing buzz about voice over IP: not only are previously diehard opponents like BT getting in on the act, as we reported last week, but the quality of the alternatives is getting better. One program that's attracting a lot of interest is Skype (rhymes with tripe), which is a peer-to-peer telephony package written by the people behind Kazaa. Today, with a brain rendered numb by the approaching festivities, I finally download the thing and have a play (my ID is rupertgo -- if you see me on, gissa tinkle).

It looks on the surface like an instant messenger client with telephony built in, an idea that's hardly new, but it has a long list of nice features like decent call management, directories and logging. Oh, and encryption.

Encryption is the really interesting part. Although it's still illegal for people to tap phone calls without a warrant, at least in the UK, practically every other aspect of personal electronic communication is fair game. Your ISP has to store your Web sites, emails and other details of your online sessions for delivery to the forces of law and order; your mobile phone network is equally accommodating. With good encryption, at least in theory, you can have a conversation with anyone in the world and nobody else can find out what you said -- even with authority to tap. PC voice over IP may be the only way to do this, soon.

So is Skype's encryption good? Hard to say. It's supposedly the US government standard AES, which is designed to be uncrackable by anyone other than, er, the US government -- and even they'll have problems. But since Skype is closed code, one has to take their word for it: until the code itself or a third party security analysis becomes available, it can't be trusted.

There is an alternative, which I'm amazed nobody's done yet -- voice encryption using huge one-time pads of random numbers. Make a DVD full of true random data, give a copy to your pal and use it to encrypt your voice. In the words of Bruce Sterling, this is encryption that God himself couldn't break: once you've run out of DVD, which should take a month or so, toss it on the fire and that's that. Your conversations are part of the heat noise of the universe.

All that the spooks and bad guys can do is prove you had a conversation. Even that can be disguised -- use a server that mixes your conversation with that of forty-nine others and sends all fifty to all fifty. Or set up peer-to-peer links that relay through a few other clients, who throw in their data. You can only decrypt yours, of course, but nobody looking at your data can tell which that is. All you'll need is a DVD writer and broadband, which are two things that will be pretty well universal.

Next year, perhaps, we'll see the tide of privacy turn in our favour.