Aside from the obvious relationship there is an apparent not-so-obvious distinction that needs to be made. Internet Protocol is NOT the Internet and Voice over Internet Protocol is NOT Voice over the Internet. Voice over the Internet is also referred to as Internet Telephony although even those two applications of voice have their differences as well and should not be used interchangeably.
Knowing the difference is to better understand the real "threats" that face voice over the Internet and VoIP separately and that difference is critical. For an enterprise thinking about deploying VoIP on a corporate Wide Area Network that never touches the public Internet the miseducation and therefore belief that VoIP is insecure may cause them to delay, or avoid deploying a VoIP network. This is a level of fear, uncertainty and doubt that the industry could do without.
Part of the issue is embedded in research and working groups that base their studies and ultimately their findings on this flawed information. One such group is SPEERMINT - Session PEERing for Mulitmedia INTerconnect, which is a working group within the IETF.
From their recent November 2008 Security Threats and Countermeasures posting:
"With VoIP, the need for security is compounded because there is the need to protect both the control plane and the data plane. In a legacy telephone system, security is a more valid assumption. Intercepting conversations requires either physical access to telephone lines or to compromise the Public Switched Telephone Network (PSTN) nodes or the office Private Branch eXchanges (PBXs). Only particularly security-sensitive organizations bother to encrypt voice traffic over traditional telephone lines. In contrast, the risk of sending unencrypted data across the Internet is more significant (e.g. DTMF tones corresponding to the credit card number). An additional security threat to Internet Telephony comes from the fact that the signaling devices may be addressed directly by attackers as they use the same underlying networking technology as the multimedia data; traditional telephone systems have the signaling network separated from the data network. This is an increased security threat since a hacker could attack the signaling network and its servers with increased damage potential (call hijacking, call drop, DoS attacks, etc.). Therefore there is the need of investigating the different security threats, to extract security-related requirements and to highlight the solutions how to protect from such threats."
I know the IETF are a very smart bunch and really mean well, but the issue perpetuates and spreads. Even the New York Times gets it wrong. From December 2008 article on the Mumbai terror attacks:
"Indian security forces surrounding the buildings were able to monitor the terrorists' outgoing calls by intercepting their cellphone signals. But Indian police officials said those directing the attacks, who are believed to be from Lashkar-e-Taiba, a militant group based in Pakistan, were using a Voice over Internet Protocol (VoIP) phone service, which has complicated efforts to determine their whereabouts and identities.
VoIP services, in which conversations are carried over the Internet as opposed to conventional phone lines or cellphone towers, are increasingly popular with people looking to save money on long distance and international calls. Many such services, like Skype and Vonage, allow a user to call another VoIP-enabled device anywhere in the world free of charge, or to call a standard telephone or cellphone at a deeply discounted rate."
Clearly the technology and service are not clear enough. Sadly there are many more articles just like this from the New York Times and other very respected newspapers and other publications. This may not have any impact on most of the world and they could not care less as they do not even know why it would matter, but for many in the VoIP hardware/software business it matters a lot and could mean the difference between getting a sale and not.
There is nothing wrong with VoIP, or Voice over the Internet, but there is something wrong with telling people one is the other when it really is not.