The benefits and limitations of encrypting your phone calls

Secure phone lines with advanced encryption at your business can bring you a lot of benefits, but there are also a few trade offs you might not be aware of. 

Encrypting phone lines is a common security practice among companies of a number of industries, especially those that handle sensitive client information on a daily basis. It helps organizations remain compliant with industry standards on personal information handling.

So how do you go about encrypting your calls? Encryption of phone calls may be easier than you expect. However, it’s often limited in scope.

Business Phone System developer VirtualPBX, author of the post, aims to offer an introduction to the way a phone system is structured and the reality of data encryption in the voice channel, including its benefits and limitations.

Phone Networks and Encryption: A Brief Primer

The public phone network comprises millions of miles of decades-old copper cables as well as new fiber connections. It patches together individuals’ phone calls by relaying digital and analog signals through servers and satellites, both locally and on a global scale.

In a word, it’s complex. And it all started with the Public Switched Telephone Network (PSTN).

Public Switched Telephone Network (PSTN)

The most recognizable part of the PSTN is the series of telephone poles that line your streets. Those poles carry more than just phone calls, but part of their primary purpose at one time was to connect continents through copper lines.

Analog signals were sent from a caller’s phone, up the nearest telephone pole, out to switching stations and across many more copper lines, and down to the receiver’s phone from the nearest pole to their home or business.

You may hear PSTN referred to as the Plain Old Telephone Service (POTS). Those terms are interchangeable in non-technical discussions.

As it relates to this discussion of encryption, the PSTN and POTS are part of a public network of interconnected cables and computers. It’s separate from the private network that can be established with a hosted phone service like VirtualPBX provides.

Hosted Phone Service and VoIP

Two other interchangeable telephony terms you might hear are hosted phone service and VoIP, which stands for voice-over-IP.

If you use a VoIP service, you make calls through a private network – at least in part. VoIP calls are initiated through the internet, so they don’t immediately require the use of traditional PSTN structures to connect callers and receivers.

VoIP calls are sent, through the internet, from a user’s phone to a central server that the phone service provider controls. That server then decides what to do with the call.

To reach a recipient outside the user’s personal network – like a business’s phone plan of 25 users – it must send the caller’s signal through the PSTN.

However, to reach a recipient inside the personal network, it can keep the call from being relayed through the PSTN. It’s in this case where data encryption can be guaranteed by the service provider.

SRTP Encryption

One last acronym you’ll need to know about is SRTP: Secure Real-time Transport Protocol.

This protocol can be used in a digital phone network to provide authentication between sender and receiver; it can also ensure data encryption of information between those entities.

SRTP capability is part of many, but not all, VoIP devices. The settings of a desk phone, for example, may provide an option for SRTP use.

Benefits of Data Encryption

Although the benefits of using encryption were hinted at earlier in this article, they’re worth revisiting with a bit more detail.

Organizations can help protect their customers by enforcing data encryption in their communications channels. Some businesses, such as healthcare providers, are required by various laws to take measures to obscure client information. Others may voluntarily use data encryption standards to improve their appeal or trustworthiness.

In an increasingly competitive global landscape, some businesses may even wish to encrypt their personal communications to gain peace of mind. A voluntary leap into data obfuscation has become easier in recent years as https use has become the norm on websites, many mobile apps enable encryption by default, and projects like WebRTC have reached the public.

Limitations of Phone Call Encryption

With all this background information in mind, the limitations of phone call encryption can be fully realized.

Hosted voice providers can offer SRTP configuration as part of their phone plans. They can also provide customers with phones that are able to use that data encryption standard.

Customers can, however, only expect to gain encryption between devices on their own networks. As an example: A company with two offices can configure one phone in each location to use encryption. Calls between those devices can then reach each other through a secure channel because their data packets don’t exit the private network.

Yet as unintuitive as it might seem, that same company cannot expect either phone to use encryption when accepting an inbound call from a customer or completing an outbound dial to a partner down the street.

The encryption doesn’t extend past the boundary of the company’s private network. Therefore, it’s important that parties involved in sensitive conversations become aware of the limitations of the system.

For example, a company may want to discuss their phone system’s capabilities and limitations with billing or security service providers. This can help everyone within the company be on the same page as their partners.

Similarly, an organization may also want to define which topics of conversations are considered too sensitive to discuss outside a secure VoIP connection. This helps give employees a framework in which they can conduct internal and external tasks, which should then also be discussed with outside parties.

What’s a Company to Do?

The key takeaway from this information is that voice encryption – while powerful and at times extremely useful – is limited in its scope when used as part of a basic VoIP phone system setup.

This reality shouldn’t deter users from exploring its possibilities. On the contrary, the facts presented here should only serve to inform customers about the limitations of privacy in a system that was initially built on copper wire that didn’t intend to carry encrypted messages. There are ways to protect your data, but there are also several obstacles in the PSTN, in device compatibility, and in phone plan support that are a natural part of the global voice network.