To understand the significance of voice over IP (VoIP), it's useful to travel back in time. Specifically, go to 4:45am on Sunday, September 3, 1967. If you happened to be in a car in Sweden at that moment, you had to stop the car and do nothing for five minutes. Then at 4:50 you had to move your car from the left side of the road to the right, and then stop again. Finally, at 5am, you could proceed, on the right. In those 15 minutes, the entire country changed a 300-year-old custom of Vanstertrafik, left-side driving, to Hogertrafik, right-side driving.
In fact Dagen H, or H Day as it was called (the H for Hogertrafik), began earlier than 4:45 that morning. It began in 1963, when the Riksdag (Swedish parliament) voted to switch in order to simplify border crossings with right-side- driving Norway, and to reduce accidents associated with Sweden's use of left-hand-drive cars on the left, which puts the driver at the edge of the road instead of the middle.
It was an epic cultural and infrastructural shift. Sweden created the Hogertrafikkommision (HTK) - an entire bureaucracy to manage the massively complex project. Bus stops jumped sides of the street, traffic lights moved, roads got new lines and signs, one-way streets went the other way. And, of course, people had to figure out how to drive on the right, so an education program started that included psychologists.
Even the day itself was more complex than a 15-minute square dance of Saabs and Volvos. In fact, nonessential vehicles were banned from the roads until 6 a.m., an hour past the official 5am crossover. Stockholm extended its ban until 3pm. A picture taken of a street in Stockholm right before the switch shows vehicles comically strewn across a street, like someone bumped a table full of Matchbox cars. Still, it worked. No fatalities were reported on Dagen H, and over the long term it seemed to have the desired effect, or at least no measurable negative effect, on road safety.
Similar to Dagen H, the changeover from plain old telephone service, POTS, to VoIP will deeply challenge ingrained customs. For 100 years, telecommunications has been carried on a closed proprietary network, highly stable but limited in its applications, and connected to tens of millions of cheap appliances, dumb terminals called phones. A utility.
Open and Extensible
As voice over IP and voice over the Internet grow, telecomm will change to become open and extensible, capable of supporting limitless new applications, often traversing an insecure and unstable public network and connected to complex and vulnerable multitasking end points called computers. An enterprise.
Unlike Dagen H, though, VoIP is switching over organically, driven by market forces, not a bureaucracy. There is no four-year plan and no education program preceding its rollout. No choreographed crossover on some target date. VoIP is just kind of happening.
This would seem to create security concerns and, yes, VoIP is following IT tradition by being rushed to market before its security implications have been thought through. But this story isn't another lecture to CSOs and CISOs on the need to secure VoIP. Regardless of how well the protocol is secured, security executives have a far more substantial challenge: mapping the new threat landscape of voice communications when their organizations decide to shift from closed to open, from dedicated to shared, from utility to enterprise.
With VoIP, phone conversations move around the world in the same way - sometimes on the same fiber-optic cable - that e-mail, spam, World Cup video highlights, IM conversations and malicious software attacks all move around the world, as little packets of 0s and 1s.
It is a cultural and infrastructural shift as epic as Dagen H. Soon, in a very real way, voice will no longer be voice. It will be data.
"We have this inherent belief of a certain quality of service and security with phones, of what the system can do for us," says Andrew Graydon, the chair of the VoIP Security Alliance. "Most of that is pure speculation; we don't know for real, but it doesn't matter. It's what people believe."
Just what people believe, without ever really thinking about it, is quite specific and detailed. People believe that their phone will work, perhaps even in a blackout; that the number they dial will connect to the phone assigned to that number, and the number that caller ID identifies is where that call comes from; that the call is not being surreptitiously recorded; that people taking advantage of the system, like telemarketers, can be controlled; and that breaking into this system is difficult enough to make it an undesirable criminal vector, which in turn pushes vulnerability elsewhere (to, say, computer communications).