TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tech | This app uses time and location to secure communications Related reading: FPF launches Israel Tech Policy Institute


Vendors are always looking for new ways to solve existing problems. This is not a groundbreaking revelation by any stretch of the imagination, but it is always worth pointing out when something different makes its way in to the market.

One of those new solutions is Hotshot, a messaging app using a time- and location-based encryption engine to help keep communications secure. Hotshot Co-Founder and CEO Aaron Turner discussed the creation of the solution and offered a demonstration of it in action during a phone interview with Privacy Tech. 

The messaging app is the latest venture for Turner in the privacy and security space, having previously helped launch security teams at Microsoft in the late 1990s and U.S. government cybersecurity research programs in the mid-2000s, as well as developing technology to detect credit card skimmers inside of ATMs.

Hotshot is Turner’s foray into messaging apps, and its use of time- and location-based controls to offer entities a different way to manage data access.

“Think of it as a combination lock where you have to get everything lined up in the right place, so you would have user permission, plus time, plus location, and if all of those match up, then it allows you to access the data,” Turner said. “If one of those does not match, then at that point the data is not available.”

An example of Hotstop's geofencing capabilities.

An example of Hotshot's geofencing capabilities.

The quick demo highlighted features within the app. An admin would send an email invite to an end user, and after the app is downloaded, the user would copy a long token into the app to begin working. Turner set me up with the app in a matter of minutes. The longest part of the process was downloading the app itself, but that is a critique on Wi-Fi networks for another day.

Within the app, users can send messages, with each transmission protected by end-to-end encryption. While this is standard for most messaging apps, Hotshot’s differences come from restrictions dictated by an admin.

Turner cited a large European logistics firm that would conduct numerous deliveries over the holidays. Normally, the company would text the delivery driver with recipients’ names and addresses. Those pieces of information are now covered under the GDPR, and if a driver were to cross over to another country, cross-border data liability comes into play, Turner said.

Reducing that risk is why Hotshot gives admins the ability to use geofencing technology to set up groups, then select a location and set up a perimeter. All members in the group would only be able to see and access data when they are within the vicinity of the location chosen. For instance, if one of those drivers was making deliveries in Paris, they could see customers' details when they are in the city. Once they left the city limits, the information would no longer be accessible.

“When I started Hotshot, the vision of having geolocation protections would essentially help reduce the consent required and reduce potential for cross-border data portage, as under GDPR, you can get fined for using data without consent, or moving that data to another jurisdiction without consent,” Turner explained.

Groups can also be set up to prevent users from accessing data past a certain time frame. Another one of Hotshot’s customers had been sued for off-the-clock wage violations, motivating Turner and his team to allow admins to set up periods of time when users will not be able to send any information.

During the demo, Turner created the groups within the app, and I was greeted very quickly with a screen stating I was not allowed to perform any tasks. Everything is done within Hotshot, and no installation is required to get up and running.

Hotshot allows admins to restrict when users can access data.

Hotshot allows admins to restrict when users can access data.

Turner envisions use of Hotshot in any industry. In health care, for example, doctors and nurses can send snapshots of X-rays and other patient information without running afoul of HIPAA.

“We cannot prevent people from doing stupid things like taking screenshots or exporting data out of the app, but we are a really good way to keep honest people honest and to make sure that data is protected end-to-end in a collaboration scenario,” Turner said.

Of course, if a Hotshot user were to depart from their company, the administrator can go into the individual’s profile and remote wipe the data within the app to prevent them from accessing any other information or groups set up by the organization. The app also ensures the administrator adheres to all compliance requirements by retaining the information used by the former employee.

Turner believes he and his team have created a unique solution combining forms of technology never mixed together in one solution and hopes the app can fill a hole in a market where messaging apps hit their marks for security, but not necessarily for compliance.

“Our goal was to develop a system that had all of the security of the latest and greatest secure communications tools," Turner said, "but with the features that businesses need to set policies and restrictions on the use of that data, and who gets to have it long term."


If you want to comment on this post, you need to login.