Indeed, some analysts think that eventually security is going to evolve into one of the showcase applications for VoIP. "Up till now," says John Moss, CEO of S2 Security, a physical security services provider, "remote security has been confined to monitoring." Security officers sat at desks and watched banks of TV displays. If something interesting appeared on a screen, they had to find someone near the scene, call him, describe the problem and tell him to go check it out. Moss points out that, by far, the largest fraction of these incidents could have been resolved on the spot if the officer looking at the remote location had been able to have a brief conversation with whomever was there. Perhaps a perfectly innocent visitor was wandering around lost, or the card reader was beginning to fail, or an employee had lost his or her access card, or someone was failing to use the access devices properly.

Some high-security companies do, in fact, install intercoms at every surveillance point. But until now, the cost of special (and often proprietary) wiring has made that degree of flexibility and ubiquitousness prohibitively expensive for most users. The low marginal costs of VoIP - any given VoIP signal adds only a few kilobits to network traffic - make such coverage more practical. It gives remote security much of the flexibility of having an officer physically on the scene.

The favourable economics make it possible to leave these intercoms on 24/7, essentially adding audio monitoring to the security toolkit. This is a nice extra: Even pan-tilt-zoomable cameras essentially only look in one direction at any given moment; audio, on the other hand, senses in three dimensions and 360 degrees simultaneously. Up till now, if a person in a protected environment wanted to attract the attention of security, he had two options: One was to find a camera, wave and hope the officer on the other end was looking; the other was to scan the scene for an intercom, run to it and press the call button. In many circumstances, neither of those processes is ideal. Placing intercoms throughout a secured zone allows people to get through to security with a simple shout, wherever they are.

Audio monitoring also allows a more intelligent filtering of video monitor output. Many security incidents come with characteristic noises - a shout, the sound of breaking glass, metal striking metal. An officer watching a bank of dumb monitors won't always be looking at the right screen at the right time. He might be turned around, looking at none of them. A shout will always get his attention. And a quick glance at the screen farthest to the right, where the audio signal needle is, should focus his attention where it needs to be.

Since VoIP connections can be controlled from anywhere, the officer on duty can conduct patrols or investigate situations personally without ever being out of touch. VoIP streams can be copied to any address with no loss of quality, which makes it easy for an officer in location A to ask a colleague in location B for his opinion - even if location B is 1000 kilometres away. (There are downsides to this access - such as being pestered by people who want to know where their car is. Moss also cautions that privacy concerns will inhibit the use of audio surveillance in some cases.)

Finally, while vendors might talk up "convergence" to CIOs (in this case, meaning the confluence of multiple types of data over a single wire), VoIP turns out be more of a "redundancy" technology in actual practice, which automatically makes it more interesting to security heads. There is nothing about the technology that compels an enterprise to toss out all its landlines, and from a security perspective, there are plenty of reasons not to do so. Landlines have their own power sources, work with 000 (VoIP does not - at least, not yet) and are obligatory elements in a huge installed network of fire department and alarm company services, elevators and fax lines. POTS is there when an idiot with a backhoe cuts the LAN fibre; VoIP is there when a cyclone takes out the landline network. Further, once VoIP is in place, it is easy to run a wireless system on top of that (as the Bernalillo Court does). The technology permits a CIO to build a layered communications infrastructure of landlines, wired and wireless (las ers, microwaves) VoIP and mobile phones, which makes communications almost impossible to interrupt or deny - no matter what happens.

Still, it is true enough that the technology is vulnerable to network disorders. (Though, it might be noted that one security problem VoIP doesn't present in acute form is simple theft, since voice uses so few resources. But the concern is not zero; there is traffic in pilfered VoIP phone numbers.) This is a real-time technology that requires very low latencies (latency here refers to the time required to receive a response to a transmission) to be useful. Even a modest denial-of-service attack - one that you would never notice in the course of conventional file requests - can make voice unusable.

Phones are unlike other network apps; people are not interested in entering user names and passwords every time they answer a call, which means finding other ways of negotiating authorization. Finally, again unlike most current network applications, a given VoIP conversation flows across many kinds of systems, including local LAN environments, all the flavours of Internet telephony in the world and POTS. And every time a packet crosses from one system to another, it runs a risk.

All this might add up to a case for giving VoIP a pass, but there are counterarguments. First, many of the security issues raised by VoIP security are not new and can be handled by simple security upgrades familiar from the world of virtual private networks (VPNs) - such as extending the domain of encryption (including the encryption of routing information); imposing per-user authentication; regulating connection attempts with denial-of-service attack monitors; and supporting as many levels of redundancy as possible, down to and including fan, power and feed redundancies. Furthermore, the new issues that do arise will probably have to be addressed whether or not you install VoIP.