A Huge Thank You to All Backers!
This is the first step toward a better world, and we look forward to continuing the dialogs and creating more momentum throughout this project and beyond. You can find us at our website www.jackpair.com.
For those who missed the campaign and wanna support us & place orders, you can also find the latest info at www.jackpair.com
Again, THANK YOU!
What is JackPair?
JackPair is an affordable tool that enables average citizens to protect themselves against wiretapping. It’s a pair of encryption devices you put in between your phone and headset, which are connected through standard 3.5mm audio jacks. You can secure your phone line by simply pushing the JackPair button, and your voice will be encrypted. There’s no password to remember, no software to install, no service to subscribe to, and it works with any phone through a standard audio jack.
JackPair in the News
From Bruce Schneier:
"JackPair is a clever device encrypts your voice between your headset and the audio jack. The crypto looks competent, and the design looks well-thought-out. I'd use it."
TechCrunch - "The concept is pretty simple: one box plugs into your phone, whether that’s a smartphone, landline telephone or VoIP client on a PC, via the standard 3.5mm headphone jack ..."
Ars Technica - "JackPair is part of a wider movement that has struggled against a darker facet of the Internet—the ease with which it can be monitored."
eWeek - "The hardware approach of cryptography still has a lot of appeal in establishing secure communications."
TechnologyTell - "How it works is simple."
TechFaster - "Whether you’re in any of the professions above or you’re just concerned about your privacy, JackPair is definitely worth considering."
Many viewers have expressed that the current look of JackPair can be improved. So we have worked with professional design firms and come up with a few new designs proposals here:
You can vote and comment here on Facebook, leave your feedback in the KS comment section, or contact me for your remarks. We'll pick a winning proposal based on your feedback here and use it as the final industrial design for JackPair.
Affordable Tool For Everyone
The existing secure phones on the market today cost anywhere from over six hundred to a few thousand dollars. It's out of reach for most people, and the worst part is that, you have to give up the phones you're using everyday, and switch to whatever secure phone models dictated by the vendors. With JackPair, we're enabling every citizen to protect our own privacy by making it under a hundred bucks, and you get to keep using your favorite phones while talking through JackPair's Secure Line.
Using JackPair, you can easily protect your privacy by just pushing the JackPair button. During a phone call, if both sides have JackPair installed, either side can simply push the JackPair button to pair up the two JackPair devices. This triggers JackPair to encrypt your voice conversation using a One-Time-Secret -Key (OTSK) that is created on the fly. The same OTSK is automatically-created and self-destroyed at both ends without leaving the JackPair box. This means you don’t have to remember any password, and no one can break into your conversation without this One-Time-Secret-Key.
No Trace Left Behind
At any time during your phone call, when you push the JackPair button, a new One-Time-Secret-Key (OTSK) is generated to encrypt your voice conversation. This OTSK is created locally in each of the JackPair devices at both ends of the phone call without being exposed over the network(*), and it is destroyed immediately after the phone call is finished, without being stored anywhere outside the JackPair device. The OTSK is short-lived and self-managed; it never leaves the JackPair box. So there is no chance for the OTSK to be compromised by anybody, whether intentionally or accidentally. This simple security design leaves no trace behind; it not only protects your voice, but also saves us, as the device maker, from the trouble of being harassed by the government or exploited by hackers.
Besides key exchange protocols, the encryption algorithm in JackPair is based on Salsa20 stream cipher, which is selected by eSTREAM, the ENCRYPT Stream Cipher Project organized by the European Union, as part of its final software portfolio since 2008. Stream Cipher like Salsa20 is a natural fit with OTSK, which is used as the seed for PRNG (Pseudo Randon Number Generator) to create key streams with similar property of One-Time Pad. JackPair uses open source encryption software and will stay open sourced.
(*): The One-Time-Secret-Key in JackPair is generated using Diffie-Hellman-Merkle key exchange protocol, which is a well-known, fundamental protocol in the security industry since 1976; it allows creation of shared secret without exchanging it over the network (see illustration below).
Direct With No Middleman
JackPair is designed with end-to-end security in mind: there’s no relay server or service provider involved in either the voice encryption or the One-Time-Secret-Key (OTSK) creation, and the OTSK is never disclosed anywhere, not even to the other party on the phone call. In order to make sure both sides use the same OTSK for voice encryption and there’s no middleman bridging the call, the Pairing Code(*) is designed as a simple way for both parties to authenticate each other through their own voices over the same phone phone. After your JackPair device has paired up with the other party’s (ie, when the LED light turns from red to green), The first thing you should do is to read the Pairing Code on your screen to the other party over the phone, and verify that the Pairing Code is the same on both ends. The fact that the other party recognizes your voice and acknowledges with the same Pairing Code means these two JackPair devices are directly connecting with each other, with no middleman bridging the call through any other JackPair devices.
(*): Pairing Code is the abbreviated hash digest number of One-Time-Secret-Key (OTSK).
Work With Any Phone
JackPair is a standard audio adapter that can be plugged into any phone with a headset and microphone. At any time during a phone call, both parties can plug in the JackPair device to continue their conversation in secure mode over the same call. JackPair is connected with phones through its 3.5 mm audio jack, which is the universal standard as the audio interface for all kinds of devices, including all tablets, laptops, personal computers, and most mobile phones & Voice-Over-IP devices. For plain old telephone sets, JackPair also includes a RJ9-to-3.5mm converter for handset-free operation(*). Unlike other security devices on the market that are hard to use and work only with specific phones or carriers, JackPair is compatible with all of your favorite phones today. With JackPair, you don’t have to make the trade-off between personal security and life style.
(*): optional accessories included in Full Pack only.
In addition to the 3.5mm audio jack, we also have Bluetooth in our pipeline for the second-generation JackPair. This will make it even easier for you to protect your voice while keep using your favorite phones & gadgets, and it will also prevent Bluetooth headsets from being eavesdropped, since your voice is encrypted by JackPair before it’s transmitted through Bluetooth headsets. Stay tuned for more update on Bluetooth.
Open Source Security
Why JackPair? I Have Nothing to Hide
The right to privacy is not just about “secrecy” or “having something to hide”. With modern surveillance technologies, the Government’s massive data collection and mining programs are problematic even if people have nothing to hide. The large-scale harvest of small bits of seemingly innocuous data allows weaving of a much more telling big picture of individuals, but it often failed to reflect the whole story. The problem lies in not only information “gathering”, but also information “processing”, and here’s some examples you should worry about:
- Distortion & Misinterpretation: What if the government mistakenly determines that, based on your pattern of activities, you’re likely to engage in a criminal act? What if the government thinks your financial transactions look odd—even if you've done nothing wrong—and freezes your accounts?
- Leaking & Secondary Use: What if the government or carrier operator leaks your information to third-parties or the public? What if the government doesn't protect your information with adequate security, and an identity thief obtains it and uses it to defraud you? How long will personal data be stored? And what can it be used for in the future? A lot of times we do not even know about the leakage of our records until long after the damage is done.
- Exclusion of Access: Most data gathered by the government is kept secret for national security reasons, and people are barred from accessing and correcting errors in that data. What if the government denies you the right to fly without giving you any reason?
An argument could be that the government does not intend to hurt average citizens. In many cases that is true, but the government can, and has, also harmed people inadvertently, due to errors, carelessness, or policy changes. These massive surveillance programs are no longer about what information people want to hide; they make the individuals powerless and vulnerable in front of the bureaucracy, and create a power imbalance between People and Government. To change the dynamics, JackPair is the affordable tool that enables average citizens to protect themselves against wiretapping and harassment from Big Brother.
The Story Behind JackPair
JackPair is inspired in large part by Edward Snowden. The first Snowden leak led to the revelation that the NSA collects records of every U.S. phone call under a call log metadata program. It shows that the data collection is no longer about targeted acquisition of information to avert threats. Such a massive scale of surveillance programs has undermined the fundamental American values of freedom and privacy. America is sliding into a state of universal surveillance. This also reminds me of the police state where I grew up, Taiwan. Before the democratic reform, the government could spy on you without reasons and arrest you based on words you have said. Even today, there are still WaterGate-like scandals happening and the politicians get away without any accountability.
With all these breaking news unrolled in front of us, I started to ask myself, what can we do to stop the abusive wiretapping and protect the democracy & freedom we all believe in as Americans? If we can’t stop the abuse of power from its root, then what’s the next best thing we can do to protect ordinary citizens from being harassed by the abusive power?
As a network security engineer, I've been involved in both sides of the security arm races; on the defense side, I've built computer firewalls and virtual private networks for millions of uses, and on the offensive side, I’ve designed peer-to-peer protocols and network traversal programs that penetrate those firewalls and VPNs. I know how complex the security technologies can be, and how hard it is for average citizens to make use of the security technologies to defend themselves. Existing solutions available on the market are either too difficult to use, way too expensive, or just not secure at all. So we rolled up our sleeves and built one that’s simple, affordable, and compatible with any phone you already have.
This is how JackPair was born.
The Team At Work
AWIT is consists of a small engineering team with high-caliber professionals in the field of distributed networking, embedded systems, peer-to-peer, mobile game, security, and online/web technologies. From the very beginning of this JackPair project, we had the debate of whether it should be a pure software, mobile app solution, or a standalone hardware product.
After surveying the current software solutions on the market, it became clear to us that it’s just too easy to break these mobile apps, and both ends of the conversation must use smart phones for it to work. A hardware product built from scratch is the only way to have the security clearance. The current secure phones on the market costs anywhere from over six hundred to a few thousand dollars, which are out of reach for most people. The challenge is how to build a hardware solution that is affordable, easy-to-use, and compatible with most people’s existing phones at hand.
With the requirements in mind, we set out to find appropriated evaluation boards for our design. I had started off with TI’s LaunchPad board, then Dark Shenada, AWIT’s guru in embedded system, had taken over and switched to ST Micro’s Discovery Boards. We had some initial success there, but it don't meet our requirements for audio channels, and we think we can do better in terms of reducing the component complexity & cost. With help from our friends of professional consultants for schematics and gerber-file PCB layout, we began to put together our own circuit design with minimal components.
With software & hardware prototypes in place, we have started to talk with our friends and partners in the field of contract manufactures, as well as housing and industrial designs. AWIT has long-term EMS partners locally right here in Silicon Valley, California, so JackPair will be manufactured and assembled in the United States, although some of the parts like accessory cables might be sourced through non-domestic channels.
We're stretching as far as we can into this project, and the next step is to go into mass production. It costs quite a bit for the tooling & material sourcing in volumes, and we definitely need the Kickstarter community’s help now to fund the project and spread the words. So it’s time to debut JackPair here at Kickstarter.com.
After a successful Kickstarter campaign, our next step will be to start the custom tooling & PCB manufacturing process, as well as the testing & certifications required for encryption electronics. Here’s our road map:
- July/August: meet our sponsors at Kickstarter, finalize industrial design and negotiate manufacturing agreements.
- September: finalize the mechanical design and place orders for tooling; procurement of electronic parts and materials.
- October: pilot productions, tooling build-out, quality verification and certificate qualification.
- November: batch manufacturing of PCB, SMT, and housing.
- December: assembly and shipment.
How You Can Help
The cost of tooling, electronic materials, PCB layout, testing and certification approval are quite expensive, and more importantly, in order to make JackPair affordable tool for everyone, we need volume manufacturing with economies of scale to bring down the price of each JackPair device. Many of our friends have jumped in to help with prototyping of JackPair, and your sponsorship is vital for bringing JackPair to the next step of mass production and making it affordable for ordinary citizens to defend their own right to privacy. So please pledge your support to make JackPair the tool for everyone.
Risiken und Herausforderungen
We are a seasoned team with vast experiences in embedded system design and implementation. Although we have existing relationships with the suppliers & manufactures we intend to partner with, they are external to us and may introduce delay during the process. We are confident in our choice of vendors, but also looking for backup suppliers, in case any road block may arise.
The U.S. Government places restrictions on the export of encryption devices like JackPair. Since the encryption software in JackPair is open sourced, we think JackPair is qualified as a self-classified encryption item and can be exported without complex encryption registrations. However, the U.S. exports controls are complex and we are not lawyers. There might be the risk of US government limiting our ability to make JackPair available to citizens worldwide, or even being used within the U.S. In that case, the only alternative would be to have non-U.S. citizens develop the JackPair encryption software from scratch again. This has been referred as the U..S. “export jobs, not crypto” policy.
Shipping JackPair to International users pose another challenge; some countries have made private communications illegal, and there might be risks of confiscation for JackPair shipment. We don’t know the government’s reaction to JackPair yet, and will keep an eye on it. The community can help us in figuring this out collectively, and being creative for workarounds.Näheres zur Rechenschaftspflicht auf Kickstarter
- (37 Tage)