Category: Verizon Wireless

Verizon Launches Voice Cypher Secure VoIP Mobile App… With A Government Backdoor

Verizon Wireless this week did something that initially seemed quite impressive – they launched “Voice Cypher”, an app available for iOS, Android and Blackberry that promises secure end-to-end encryption. It uses VoIP and is an “over-the-top” (OTT) app that works on any carrier.  If you read the marketing material on their web site, it all sounds great!  Indeed their “Learn More” page has all the right buzzwords and security lingo – and says quite clearly: Voice Cypher provides end-to-end encryption between callers, even if the call crosses over multiple networks.” They include the requisite network diagram that shows how it protects against all threats:

Verizon Wireless Voice Cypher

It turns out there’s just one small little detail … as reported by BloombergBusinessweek, the app comes complete with a backdoor so that Verizon could decrypt the phone calls if requested to do so by law enforcement!

As the Businessweek article states:

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.

Unfortunately, in this post-Snowden era I don’t know that many of us put a great amount of trust in our governments to only access communications with a “legitimate law enforcement reason”.  Or perhaps the concern is that what gets classified as “legitimate” can be widely construed to mean almost anything.

The article does point out that Verizon is bound by CALEA to provide lawful intercept  to the phone networks, but points out an interesting caveat that Verizon could have used:

Phone carriers like Verizon are required by U.S. law to build networks that can be wiretapped. But the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

A Verizon Wireless representative indicated that they believe government agencies looking for ways to protect sensitive information may be  customers of this service, as may be corporate customers concerned about leaking private information.

But… as we continue to hear more and more information about the massive amount of pervasive monitoring and surveillance by government agencies from many different governments around the world, you do have to wonder how safe those agencies and companies will feel with a “secure” solution that already comes with a backdoor.  The problem with a known backdoor is that even if you may trust Verizon Wireless to only allow legitimate law enforcement access… how do you know that some attacker may not be able to penetrate that backdoor?   The “secure end-to-end encryption” isn’t entirely secure.

Given that the service has a higher price tag of $45 per month per device, I do wonder how many businesses or agencies will actually embrace the service.

On reading about this Voice Cypher service, it certainly sounds quite interesting.  We need more secure voice solutions out there – and it’s very cool that Verizon Wireless is delivering this as an OTT mobile app that will work across different carriers.

It’s just too bad that it’s not truly “secure end-to-end”.  :-(

P.S. I also recorded an audio commentary on this same topic.

Over 25% of Verizon Wireless Traffic Is Now Over IPv6

Verizon Wireless IPv6 statsWe were very pleased to learn via a blog post that a new set of network operator measurements are up on the World IPv6 Launch site at:

http://www.worldipv6launch.org/measurements/

One of the most interesting statistics to me was that IPv6 traffic on Verizon Wireless’ network has now climbed to 26.25%.  This reflects the fact that IPv6 is part of Verizon’s rollout of LTE, as documented in a Verizon Wireless presentation about IPv6 and LTE given at APNIC 34 in August 2012.

Congratulations to Verizon Wireless for passing the 25% mark! They are the first to do so of the mobile operators that are being tracked as part of the World IPv6 Launch measurements.

I’ll note, too, that when you go to that IPv6 measurements page and click the column headed “IPv6 traffic” twice you wind up with a list sorted by highest percentage of IPv6 that is quite interesting:

Network Operator IPv6 Traffic

Somewhat predictably a number of universities are leading the way with Gustavus Adolphus College having an outstanding 62.17% of all traffic being IPv6. Great to see the U.S. Navy’s SPAWAR network in there, too, with 41.30% IPv6 traffic. It’s also nice to see webhosting providers Dreamhost and Hurricane Electric in the top 10 with just over 29% (Dreamhost) and 25% (HE) of all their traffic being IPv6.  I admit that I do find it a bit fascinating to scroll through the lists and see who is doing what with IPv6. The graphics further down the page are also interesting to see.

Note that these measurements are only from network operators that ask to be included in the World IPv6 Launch.  If you are a network operator providing IPv6 connectivity and are interested in being included on this list, please fill out the form on the World IPv6 Launch site.

Now, the question in my mind is, who will be the next mobile operator to climb over 25%?  And how soon will Verizon Wireless pass other prominent marks?