Identity Authentication and VoIP Wireline Services

Despite the many efforts to make the Internet a safe and accountable place, the Internet has always been exceptionally good at providing anonymity. This has often been considered one of its strengths, but it poses challenges for VoIP service providers.

One area where identity masking is a challenge is when it comes to lawful call interception. While in recent months the news has been filled with stories of unlawful snooping, it is important to recognize that there are many instances when eavesdropping is legal and necessary for law enforcement.

How to achieve this, however, when identity on a VoIP call is harder to authenticate than it has been with traditional analogue services?

“In nearly all cases outside the PSTN, there's no fixed association between either a device or an access connection and the parties to the call,” wrote Tom Nolle, president of CIMI Corp, in a TechTarget blog post last week. “Many experts believe that the problems of lawfully intercepting VoIP calls simply can't be solved for wireline voice in the future.”

Connecting parties requires the ability to create a path between parties, and interception could take place reliably at network access points. But access points are unpredictable in the VoIP world, and there are cases when they might be outside of the legal jurisdiction of those wanting to lawfully intercept.

There’s also the issue of authoritative identity.

“On the public switched telephone network, when copper loops connected to black phones through carrier switches, they created the user connection to a voice network,” noted Nolle. “The identity of the user was fairly authoritative. With VoIP services today, virtually all providers allow the user to set the caller ID that will be reported, which can lead to caller ID spoofing. Plus, there's no validation of the ID supplied.”

Really there are only two options around this problem. First, there could be refusal of connectivity for any non-conforming network that can’t provide authoritative identification, since any room for anonymity compromises the whole project of authoritative identification.

The second option is moving toward custom endpoint devices that can authenticate authoritatively and provide relatively rigorous identification, much the way that cell phones do today.

That’s the eventual path as advocated by Nolle.

“Over time, this strategy is likely to be adopted,” he noted. “Virtual device clients could also be authenticated, so we could see the voice evolution path leading toward a framework where all forms of communication could be authorized.”

Trust services could be one of the most important services that service providers will offer in the future. Communicating on VoIP is easy, but establishing identity is a little harder.

Edited by Alisen Downey