I just read two reviews of the latest SecureLogix product, the Enterprise Telephony Management system, in Network Computing and Secure Enterprise magazines. Hardly anyone seems to pay attention to voice security. I've only read one book on the subject.
As Voice over IP becomes popular, interest in voice security seems to be picking up. The new SecureLogix product can monitor and control traditional POTS voice and also VoIP (SIP and H.323v2). I found this note in one of the reviews alarming:
"The ETM 1090 system can capture digital recordings of any call and record up to eight simultaneous calls off one voice span. The 5.0 production release captures calls only off of a voice T1. SecureLogix is prepping VoIP recording for the next release.
The ETM 1060 caches audio at a rate of 57 MB per hour from up to 32 simultaneous calls, yielding roughly 2,000 hours capacity on the appliance, and it automatically uploads the recorded calls to your target server drive as .wav files.
ETM gives no indication to call participants that they are being recorded; check with your legal department before implementing any recording scheme."
"Check with your legal department" indeed! This is clearly a wiretap if there ever was one. I recommend using such a system to implement voice policies, and tread very carefully when considering call monitoring.