Staff Writer, CNET News.com
If you're sick of spam, imagine wading through dozens of prerecorded porn and Viagra messages on your voice mail.
Some computer security and privacy experts are warning that such a day may not be far off for customers of new Internet phone services, which of a voice call with the conveniences—and inconveniences—of e-mail.
That could be unwelcome news for those who believe telemarketing is already so bad it can't possibly get any worse.
"The fear with VoIP spam is you will have an Internet address for your phone number, which means you can use the same tools you use for e-mail to generate traffic, said Tom Kershaw, a vice president at security specialist . "That raises automation to scary degrees."
So-called voice over Internet Protocol (VoIP) services have begun winning converts thanks to cheap rates and a slew of features that traditional phone companies can't match. But consumers who adopt the technology could pay a steep price if "VoIP spam" takes hold.
There are now only about 600,000 commercial Net phone subscribers, a market too small for the attention of big telemarketers. But the . Technology research firm IDC predicts VoIP revenue will grow from $3.3 billion in 2003 to $15.1 billion by 2007.
Once the numbers begin to add up, it's all but inevitable that new marketing techniques will spring up to take advantage of VoIP's strengths.
Like e-mail, VoIP calls find their way by locating an IP (Internet Protocol) address, a unique set of numbers assigned to each device connected to the Web. By contrast, calls made over the traditional phone network are routed by instructions taken from a . Using VoIP, telemarketers can send messages to thousands of addresses at a time, rather than tying up a single phone line to make one call.
The biggest likely impact of VoIP spam will be on voice mail boxes. They'll dutifully record every message they receive, while a human answering the phone will likely hang up within a few seconds. That could have a tremendous effect on VoIP providers that offer free voice mail; they would have to expand their storage capabilities to handle the additional spam messages.
Consider software from Frederick, Mass.-based , which seeks out the IP addresses assigned to phones, then sends each a 30-second recording. Its pace—1,000 synthetic calls every five seconds—is a quantum leap from the automated "Demon Box" dialers that telemarketers use now.
Qovia Chief Technology Officer Choon Shim said the company didn't create its VoIP spam generator to send "30-second calls about Viagra to millions of phones." Rather, it was to serve as a wake-up call of what could be a devastating problem for the growing Net phone industry, Shim said.
Aside from the pride of proving a concept, there are some benefits to generating so many messages. There has been interest from government agencies, Shim said, which have begun exploring how to use the VoIP spam generator to replace emergency broadcasts over television and radio. Information technology managers at companies wrestling with a large number of mobile workers could use VoIP spam to better manage the devices.
"We are not about selling tools to telemarketers," Shim said. "But these things are very easy to write, as we've shown in our labs. We can't stop other people from creating their own tools."
A trickle for now
So far, there have only been isolated cases of spam to homes, and only one known example of a corporate VoIP network spammed so heavily it was paralyzed, according to a handful of carriers surveyed this week.
"There are just so few customers in relation to what's available over landlines, that there's really no reason for telemarketers to even begin to think about it," said Gary Morgenstern, a spokesman for VoIP dealer AT&T.
Still, the issue appears to be gaining attention in some influential circles. The nation's two largest long-distance companies, AT&T and MCI, say the VoIP spam issue is on their agenda. And about six weeks ago, the United States Telephone Association (USTA) identified VoIP spam as one of the next major headaches, from a regulatory and day-to-day operations perspective.
"This threatens to be a big problem in the future," a USTA representative said.
Notably, telemarketers that use VoIP to target Net phone customers may not be required to comply with the Federal Trade Commission's recently created , computer security and privacy experts said, citing uncertainty over its status.
"VoIP spam fits very nicely into yet another void in existing regulation," said Ray Everett-Church, a principal with privacy consultants