SPIT Into This, Please

By Wayne Rash  |  Posted 2005-03-16

SPIT Into This, Please

Picture the world of voice traffic on the Internet as a dark and forbidding place, rife with mobsters, con artists and shadowy sellers of dubious products.

Now picture getting hundreds of calls from these people every day.

Imagine your worst day ever of telemarketing, back before the Do Not Call list, and then magnify it 10 times over.

Thats the depressing future of VOIP (voice over IP), according to a report just released by the Burton Group.

According to analyst Daniel Golding, the reports author, low costs brought on by outsourcing and offshoring, coupled with VOIP communications that are essentially free, can bring you exactly that kind of future, unless you take precautions.

According to Golding, current federal laws prohibiting such unsolicited calls are also part of the driving force for those overseas call centers.

"The big issue here is: How much do I have to spend to get a certain number of responses?" Golding explained.

He predicts that most of the calls will come from organizations operating illegally or committing fraud.

He said this will mean that they wont care about the Do Not Call list, or about the hostility telemarketers currently meet.

"They dont care if 99 percent of the people hate them," Golding said. "They know that 1 percent are idiots."

Despite all of the hoopla about just how much of a problem VOIP spam might be, theres little agreement.

In fact, theres little agreement on what constitutes VOIP spam (sometimes called "SPIT," for spam over Internet telephony).

On one hand, youll hear that U.S. consumers are about to feel an onslaught of tens of thousands of telemarketing calls from overseas call centers taking advantage of cheap calling, and using their location to avoid U.S. do-not-call regulations.

On another, youll hear that the real threat is more traditional spam aimed at VOIP systems, or perhaps denial of service attacks on these systems.

And on a third hand, youll hear that the problem isnt all that bad, and that it can be managed.

Next Page: Nothing certain.

Nothing certain

In fact, the one thing thats certain is that no one is certain. But the horror stories will still get your attention.

Will U.S. households get hundreds of calls every day from VOIP-equipped call centers safely outside the reach of U.S. laws?

Will legions of hijacked computers flood the E911 system, compromising emergency services in the United States?

There are suggestions that gangs of mobsters might attempt to launch VOIP denial of service attacks against major providers as a way to get ransom money.

So what could happen?

First, the really worrisome prediction is that E911 would be put out of service.

Not true, according to Drew Morin, CTO of TeleCommunication Systems of Annapolis, Md.

TCS provides the majority of E911 service in the United States.

Morin said that in general, spam from overseas will be hard to control, but that emergency calls arent likely to be affected.

"There are some capabilities within the IP network to determine where the network address and source data are coming from," Morin said.

He said that its not difficult to simply refuse any connection attempts coming from outside the United States.

In fact, its possible to determine approximately where a caller is, using a variety of technologies.

While this wont eliminate the threat to the 911 system, it will keep it to a manageable level.

But thats only part of the problem. What about hundreds of calls per day?

Anybody who knows about outsourcing knows about the idea that there are millions of educated workers in places like India, China and Russia who are available to work in call centers at salaries much lower than what similar workers would make in the United States.

"The salaries are much lower, but theres only 20 percent differential when you count all the costs," said Elizabeth Herrell, an analyst for Forrester Research.

"There are savings, for sure, but its not so significant that its driving everyone offshore," she said.

Herrell also pointed out that just because a call center might be outside the United States, the company sponsoring them can still be charged with federal crimes by the FTC (Federal Trade Commission).

In fact, one government spokesperson told eWEEK.com that the FTC had every intention of enforcing the Do Not Call laws wherever the violators are, including in foreign countries.

But such laws dont prevent VOIP spam created by people who are already criminals.

And if the situation gets even half as bad as the Burton Group suggests, users are going to demand changes.

Next Page: Possible solutions.

Possible solutions

Fortunately, there are solutions. Steven Johnson, president of Ingate Systems Inc., a company that makes a VOIP firewall, says that his companys products can already filter out VOIP spam, and should be able to handle much of the spam that the Burton Group is predicting.

"We can manage whats allowed in," Johnson said, "We can filter on IP address, headers, etc. The organization can allow in what they want, and disallow what they dont want."

Unfortunately, even the best firewalls cant keep out everything, so Johnson suggested that companies that make media gateways will also have to play an important role.

However, Thomas Howe, CTO of Versatel Networks Inc., in Gatineau, Quebec, isnt so sure.

While he says that some media gateways, including Versatels, can provide services such as call intercept (in which callers are asked to identify themselves before the call goes through), he doesnt think theres a lot that can be done to prevent spam over IP telephony.

"Theres no real way for the people terminating the call to determine intent," Howe said.

That means theres no good way to know whether a call is for telemarketing, extortion or just a friendly chat.

Like the analysts in the Burton Group, Howe said he thinks theres great potential for fraud as VOIP becomes more popular.

Howe said he also thinks that overseas call centers will be quickly supplanted by criminal activities, with fraud and extortion being the primary activities.

He said that current "bot" nets used for spam can easily be used to attack carriers of VOIP traffic, with big cash payments being the price for stopping.

"They will use spamming techniques to overcome rules against such calls," Howe predicted. "Welcome to the Internet," he said.

But at least its not all negative. "I think its a good example of how security will become the big thing in voice over IP in the next three to five years," Howe said, adding that it will become critical because of fraud and extortion.

Check out eWEEK.coms for the latest news, views and analysis on voice over IP and telephony.

Rocket Fuel