Zfone, a free piece of software that encrypts VoIP (voice over IP) calls in a way that may circumvent government eavesdropping laws in some countries, is now available to Windows users, its developer said on yesterday.
The software works in a P2P (peer-to-peer) manner, exchanging encryption keys directly between the two people making a voice call. Other approaches, such as the commonly used PKI (public key infrastructure), typically rely on a centralised database, usually hosted by a third party, to manage keys.
The distinction is important in some places, where the debate about the right of governments to eavesdrop on their citizens' phone calls is growing increasingly heated.
Zfone presents a challenge in the US, for example, where the government has ruled that VoIP providers will soon have to turn over call detail records, just like regular phone companies. But the law in the US applies to service providers, not end-users. That means that callers can use Zfone to encrypt calls and the government currently can't demand that the users share the encryption keys in order to understand the contents of the call.
Zfone could be less effective for privacy advocates this side of the Atlantic, however. Last week, the government signalled that it is working toward enacting regulations that would require companies and individual people to hand over encryption keys or face jail time. With the encryption key in hand, authorities could listen to conversations made over VoIP calls.
The software uses extensions to RTP (real-time transport protocol) for the key exchange. Zfone's developers have submitted the extensions, under the name ZRTP, to the IETF (Internet Engineering Task Force) for consideration as a standard.
Both participants of a VoIP call must be running Zfone for its encryption to work. For now, Zfone can only be used with software VoIP clients, like those used on computers, but developers can license it to integrate it into their hardware. Customers of service providers such as Vonage Holdings, for example, who use adapters that allow the use of existing analogue telephones, won't be able to use Zfone because the software isn't yet built into the adapter hardware.
Zfone also can't be used with Skype because Skype uses a proprietary protocol.
Customers can download the software here. Versions for Mac OS X and Linux are already available.
Philip Zimmermann, the creator of the email encryption tool PGP (Pretty Good Privacy), developed Zfone. The US government launched and later dropped a criminal investigation into Zimmermann as a result of PGP.