Telephony is inherently insecure - carriers (Mobile Network Operators) maintain call data records of phone call and SMS traffic on their networks. This enables authorities to monitor the phone numbers accessing a Freedom Fone Service and to scrutinise the contents of SMS messages.
Greater risk to caller privacy is more likely to be found inside your own organisation since sensitive information about your callers is recorded by Freedom Fone, for example:
- Phone numbers are displayed for Incoming SMS and Voice messages received via the Leave-a-Message function
- Callers' content choices and activity is revealed in system data and Call Data Records
- Phone books can be used to associate a personal profile for callers' numbers
- Export buttons allow pretty much all of the data to be exported from Freedom Fone in one form or another.
To help you limit which of your staff can view and export sensitive data, there is a basic Role Based Access Control in the Freedom Fone's user interface. All users of the system must enter a username and password in a login screen.
For some organisations, there are very real concerns that their Freedom Fone server might be seized by hostile agents with the skills to bypass basic security, potentially compromising their callers. In recognition of this possibility, Freedom Fone's logging architecture has been reorganised to allow sensitive data to be stored in an encrypted drive and/or on removable media. For more information about using this service contact us - refer to the chapter Support
For environments where security is a concern the sweeper is a useful feature which allows you to replace sensitive data that is visible with dummy data. Such information includes caller phone numbers, names, email addresses, Skype id's and organisational names. The security feature will remove these from all user interfaces and log files.
The sweeper functions should be used with care as it is irreversible and will render many of the usage reports meaningless. For advanced users, the Backend Sweeper can be configured to periodically purge sensitive information from Freedom Fone.
The Frontend GUI Sweeper is a panic button that is used to replace all caller identity information with arbitrary values. It is only accessible for Admin system users through the main menu (User Management > Frontend Sweeper). It is important to note that once you have run the Frontend sweeper it is not possible for you to view or reverse the process. It is advised that you have a system in place to regularly backup your data.
Running the Frontend sweeper
Navigate to User Management > Frontend Sweeper
When you select the Frontend Sweeper button you are brought to the screen shown below.
Click on the Start Sweeper button and all personally identifiable information associated with the records in the Call Detail Records, Monitoring, Reporting, Statistics and Phone book details will be replaced. The screen shot below shows how the callers' numbers associated with the call data records are replaced with 555666.
The screen shot below shows how the contact details in your Phone books are anonymized by the sweeper, replacing name, surname and email with John Doe as the caller.
The Backend GUI Sweeper is a service that runs behind the scenes to remove caller records and logs from the system at regular intervals. It is accessible to anyone with root access to the machine, and is automatically run by means of a cronjob. The Backend GUI Sweeper is not enabled by default (cron/crontab). The Backend Sweeper will periodically, depending on settings, purge sensitive information from Freedom Fone.
The Backend sweeper is configured in the file config/gui_config_sweeper.php
The following parameters can be configured:
- Enable/disable Frontend sweepers
Values: 0 or 1
Comment: Enable GUI sweepers by setting value to 1.
Disable GUI sweepers by setting value to 0.
- Sweeper mode
Values: low or high
Comment: "low" mode will only sweep phone numbers, while "high" mode will also sweep callers names, surnames, email, Skype and organisational names.
- Fallback data
The fallback values (after sweeping) of callers numbers, names etc. can be configured under SWEEP_SETTINGS. The default value for caller's name is for example "John Doe".
The Core Sweeper handles the following operations (none of them is enabled by default as a cronjob):
- Sweeps audio meta data of MP3 and WAV files
- Extra log information
The script sweeper/sweeper.sh allows a user to re-configure the system to disable syslog, mail, webserver and telephony logs. The script replaces the configuration file of iwatch, apache2, freeswitch to disable logging.
- Delete all logs
All logs are stored under /opt/freedomfone/log. The script sweeper/sweeper.sh will prompt to delete all logs. Alternatively a cron job can be created to delete the logs periodically.
The function delete_logs() in the script shows how to stop and start the services.