The Aberdeen Group claims that Best-in-Class companies using “Trusted Computing” (this is, of course, not considering VoIP):
+ have achieved reductions in the number of security incidents at rate 5x higher than that of the Industry Average.
+ have contained deployment costs of security solutions by a factor of 3x compared to the Industry Average.
+ have achieved reductions in the number of failed audits at a rate of 10x higher than that of the Industry Average.
The results are significant and desirable, plus the whole concept of Trusted Computing … allowing untrusted software into an network or computer while still providing reliable and secure computing and communication seems to be the only way to deal with the onslaught of threats. After all, as soon as a network is hardened against known threats … new threats are born. So, even diligent well conceived security strategies should have an element of untrust. The thinking then goes: embrace the untrust and focus on securing the things that can and must be secured. Seems like a simpler (more honest) way to think about security to me.
How does this play into VoIP. 1) pushing encryption into endpoint hardware to provide privacy for the network. 2) pushing authentication into hardware into the call managers and SBCs to thwart phreaking. 3) pushing data leakage solutions into hardware on the endpoints. Such initiatives will leave the VoIP network more secure and more robust against attack and abuse.
The question comes down to “legitimate functionality” and what is acceptable use under the service agreement with a service provider or under the code of conduct for a government or commercial enterprise. Voice service providers have every right to restrict use of service to the service that they offer and they usually do through the service agreements they offer to consumers. Enterprises also have the same right to protect the assets of the business and focus them on appropriate business activities supporting the goals of the business. So, this is not a case where a person who has legitimately paid for service being denied access to that service.
However, there is no denying that network service providers can behave illegally just as the users of their service can behave illegally. It just does not happen as often.