<aside> 🎯 **In short:

• Users are expected to use and administer the system in good faith in a way that doesn’t violate the rights of others.
• However, technical limitations in the product as well as limitations of the way the product was deployed make it impossible to guarantee privacy.
• Users may elect to receive endpoint devices that have local hardware microphone and speaker interlocks/cut-outs.**

</aside>

The use of the UC system is designed to enable users to learn about how the system works and to enable zero-cost communication between users.

Users are expected to use the system and it’s administrative tools in a way that does not violate the rights - including privacy - of other users.

Despite this, limitations in the product design and the deployment of the system make it impossible to guarantee privacy.

Background and key definitions

The unified communications (UC) system and related support network have many components and each have their own privacy and security risks.

The IP endpoints assigned to users contain one or more microphone, speaker, and/or camera. Users should be aware of how each of these components work

Key definitions:

• Unified Communications/UC All traffic relating to voice and video for collaboration and calls.
• Target traffic All UC traffic and related supporting infrastructure traffic is considered target traffic.
• Non-Target traffic All traffic unrelated to UC, such as general internet traffic.
• VPN appliance A box (usually a Cisco Meraki MX) that enable target traffic to cross physical location with minimal thought or interference by the end user.

Privacy risks related to using the UC system:

Risk of remote listening/eavesdropping device enablement

Problem: IP endpoints can be configured to automatically answer calls without ringing or showing anything on the display, enabling clandestine eavesdropping. Additionally, software such as PhoneView can enable remote microphone streaming, further enabling evesdropping.

Aggravating factors: All users of the CUCM software have the same level of administrative access.

Solution: Users can request specially made endpoint devices that have a local microphone/speaker cutout that prevents speech from being transmitted even if calls are remotely initiated because the only way to enable the microphone and speaker is to physically press a button on the endpoint device. The CIS Secure DTD-8851-01-NS is deployed for this use case and is TSG Approved for government applications with similar risks.

Risk of wiretapping of voice traffic