The company I work for specifies that we shall not talk company confidential business on any form of wireless (cell, 3G/4G/cordless phone) nor VoIP.
If your Security department actually believes that wireline phones aren't transported via VoIP, they're completely clueless.
I guess I'll just quietly chuckle to myself about how many phone calls I listened into as a *vendor* to a telco, just trying to troubleshoot noise, echo, and other problems. Over decades.
I had to work at it. Had to get weird access to hear them, because I was a vendor (they all have my SSN and I'm sure if any money touched a bank account that certain agencies couldn't account for, there'd be warrants processed with a rubber stamp to find out where it came from), but the (not so well paid and ripe for bribes) telco techs inside the companies had remote taps straight to their desks. Traditional or VoIP, didn't matter.
Logs on those test gear networks weren't kept for very long. They were running on old junk that didn't have storage space for them.
Every telco system sale to carriers I witnessed in the last few years had requirements in the RFQ for instant tapping for CALEA also. Essentially, "This gear needs to have easy to access tap points because the government is driving us crazy with warrants."
Anything you send or say on any public U.S. Telco network? Assume it's tapped. Period.
The real question is whether or not anyone has time to actually listen. And whom. It's a crap-ton of data.
Oh. Forgot. The point.
Virtually every wireline call is converted to VoIP in the core network these days. Verizon's wireline core has been VoIP for almost a decade. AT&T uses it for new circuits and expansion while still squeezing the lemon on older circuits and gear. Etc.
If you exit the U.S. on the call via a global non-U.S. Carrier with a fake business presence offshore to avoid taxation (Global Crossing, as an example, lots of others) you're converted to VoIP at the egress point in most cases.
They're under even more "scrutiny" due to being "foreign owned". So, NSA directly taps whatever they want on their fiber under the "terrorism" guise. Seriously.
Every PSTN interconnect not only can, but *must* have the ability to listen or even capture calls. The hope is that they don't *retain* them.
All it takes is disk space and lots of it.
Ever do any of those meetings on conference bridges? My former employer was the last maker of high-density conference gear for the carrier market sizes that utilized a TDM (T3) interconnect. The product went completely end-of-life last year. There weren't any competitors left. Our parent company closed it down because their focus for the future was video.
In that size/density for audioconferencing you can *only* purchase IP-based "media servers" now.
None of the products on the market included high-encryption end to end. Only people who had that was the Feds, via external boxes they controlled.
It was easier that way. We had equipment with the equivalent of a "STU phone" built into it in the 80s. The encryption technology was so quickly changing that the government agency that bought that special system decommissioned it only a couple of years after they bought it.
The only good news for ya might have been that all this telco gear was three or more layers of authentication deep. Unfortunately everyone used RSA keyfobs, and those were recently compromised.
RSA is still playing dumb on that one. Probably afraid they'd lose their company completely if they had any real competition.
Plus, social engineering works far better than hacking RSA's stuff.
Remember telcos don't pay their techs all that well anymore from previous mention? Yeah. The right tech for the right price, someone would have a copy of any phone call they wanted. The tech would eventually get caught, but it'd take a long time.
The Bell System and any "security" it brought, is loooooong gone.
You'd be highly advised to conduct any super-secret-squirrel meetings over a path where you control the encryption end to end, and the easiest way to do that, ironically... Is over VoIP. Not wireline.
Heavy crypto, an Asterisk box, a few VoIP phones labeled "secure" and some physical controls on the network from the phone to the VPN tunnel...
Cheap. Effective. Works.
Telco is completely sold out to the government as far as call tapping goes. This creates bunches of places where their internal networks can be "tapped".
When you engineer that into a syst built for maximum profit, it's not a high-priority to make any of the tapping points very secure. There's never going to be any motive to make those tap points "difficult" to access to an insider, except for companies or governments paying a lot extra for dedicated circuits end-to-end.
Cheap bandwidth is almost ubiquitously insecure bandwidth. Phone calls are down to being virtually free. The math won't support a secured network at those prices.
Rupert Murdock's "press" people only had to guess a voice mail password to have inappropriate access for years...
