Ooma Dialog

I wrote a blog entry titled Ooma Hysteria a few months back. A point I made in the entry is that ooma calls can potentially be tapped by users. Others commenting in the blog agreed. The company’s Chief Technologist Jeff Peck recently commented on their technology and didn’t share how they can keep calls from being tapped. He did however reinforce the fact that the calls are secure. Here is our dialog.

 
RE: Ooma Hysteria
For many years, people said "you cannot stand an egg on its end" and they had the empirical evidence to support that argument. Then Columbus (allegedly) comes along and does it… These days we know many ways to get an egg to stand on its end, from high viscosity atmospheres, to zero-g orbitals, to vibrating tables.
When people say "it can’t be done" that may simply mean *they* don’t know how to do it.
 
Jeff Peck
Chief Technologist
ooma, Inc.
 
——
 
My Response:

—–

Thank you all for the great comments. To Jeff Peck, I haven’t tried your service and indeed you are right — I haven’t thought of a way to connect calls to the PSTN without allowing phone taps from the customer’s house.
 
To be honest, in addition to making an egg stand on its end, I have trouble making a decent omelette. 😉
 
But seriously, I understand the reason not to share how you keep your calls from being tapped. I certainly would want to keep this information confidential as well.
 
But the reality is that in my history in telecom I have never seen a concept so controversial. Even if you are able to pull off what you say — it is obvious based on numerous blog entries and comments on these blog entries that almost no one in the communications industry believes you.
 
Some of these people — unfortunately for your company, are the very same ones who get quoted in major publications regarding your technology.
 
So if you are looking to have this service go mainstream at some point, you need to tackle this problem.
 
I see two ways to do this:
 
The first is to get a number of high profile telecom people to sign NDAs and share the information with them. They can comment on what you do without giving away the crown jewels. At least they can verify you are correct.
 
The second is to go public with some of what you do and rely on your patents to protect you. I did a quick patent search and don’t see any applications from your company. With the news that Vonage was sued by yet another service provider this past week it likely makes sense to start applying for patents rather quickly to ensure your success does not get sued into oblivion.
 
So Jeff, I wish you luck. Any company who can come up with a brand new way to provide VoIP service in a space rife with top engineers and massive amounts of financial resources deserves to be congratulated. I am looking forward to seeing how your company addresses this situation and continues to grow.
 
Here is that blog post again if anyone wants to join this conversation.

  • Aswath
    October 20, 2007 at 11:59 pm

    I wonder whether their technology can detect the following scenario as well: Ooma is connected to an ATA with an FXO port that is connected to PSTN, with ATA configured to route all calls to PSTN. The Ooma donor taps the call beyond the ATA. In this case, Ooma hub will consider the ATA to be Class 5 switch and it is equivalent to CALEA tapping. Certainly Ooma can not claim that they have a technology to deter CALEA tapping.
    I CLAIM that I have a technology that allows me to travel faster than the speed of light. If you say “it can’t be done” that may simply mean *you* don’t know how to do it.

  • E LAI
    October 21, 2007 at 12:46 am

    Rich, Let’s say that someone has already done it. What happens to a patent filing saying it’s impossible then? This company has shown themselves to be very litigious, so if one had actually already shown the ability to tap a call made by the ooma box to the PSTN at the customer’s house, that person might be reluctant to come forward. Is there someone perhaps outside the US, or that feels otherwise comfortable, that would be willing to demonstrate the capability, hypothetically, if a step-by-step description of the technique were provided anonymously?

  • Rich Tehrani
    October 21, 2007 at 10:10 am

    Aswath – great point. And your CALEA comments are well-made. Regarding traveling at the speed of light – I am sure one day this will be possible. I just can’t stand the thought that Star Trek has been lying to me all these years. 🙂
    And to E LAI – also great point. I wonder too if ooma is just too early in its life for anyone to try tapping it. And if they are successful ooma may not be big enough for them bothering to report it.

  • Eric
    October 22, 2007 at 12:21 am

    Mr. Peng’s comments are the kind that can sometimes be taken as a challenge. Shutting him up once and for all on this subject may be enough motivation. But it’s a good point that perhaps ooma is just too small potatoes and not worth going to the trouble to actually report the results. Maybe, at least not until they put their money where their mouth is and put up an RSA style contest/bounty (along with assurances that they won’t sue the person that demonstrates successful results).

  • Eric
    October 22, 2007 at 12:23 pm

    Aswath, The ATA idea is a way. It has been proposed here: http://oomahacks.blogspot.com/2007/10/ooma-pranks-or-how-to-punk-ashton.html Engineers have proposed many other ways, such as Inductive tap: http://www.unterzuber.com/tap.html
    The problem is, until it has actually been completed, and demonstrated, Mr. Peng can simply continue to say it won’t work. I think that if the company has not made a major point on this, and instead said something like this is a risk users have to do to get free calls, then no one would really care. Do average users really care? It would stop them buying the product? Some people, perhaps, but probably technical users and “privacy nuts” only, who already know that most are at risk and therefore would not buy the product no matter what Mr. Peng says *cannot* be done.

  • Mike P
    October 23, 2007 at 8:47 am

    Any amateur electronics hobbyist can make a circuit to eavesdrop on a telephone line in a way that can not be detected. All it takes is a high impedance circuit made of a couple capacitors and a matching transformer to serve as an input to an amplifier. I made one in the 1960’s (for legal purposes).
    I showed the circuit on a web site until Ooma threatened legal astion if I did not take it down.
    And you certainly don’t need an “ATA”. This can be done on the wire right at the back of the Hub. If someone plugs a Calling Line ID box on this line, the above is essentially what the circuit in the box does to listen to the audio signals that pass the ID from the Central Office.
    I’d love to accept a challenge from Ooma to demonstrate this. Or any Ooma subscriber with a phone line who would like to cooperate.

  • K Unterzuber
    July 29, 2008 at 10:33 am

    OK, so I’m a bit late for this discussion.
    Mike P is correct in that you can build a series or parallel tap for a standard POTS line, but they are normally easy to detect for a knowledgeable person. Any competent TSCM professional will “balance” (measure the respective resistances of the two conductors) the line, measure relative current draw, and use a TDR to find all splices and connections on the cable. These techniques find virtually all series and parallel taps. Whether or not the tap is “high impedance,” it will show up on a TDR trace.

Leave Your Comment

 

Share via
Copy link
Powered by Social Snap