Inman

Arizona Realtors issue cancellation notice to dotloop over security concerns

The Arizona Association of Realtors says it has canceled a licensing agreement with transaction management company dotloop over security concerns associated with the dotloop platform’s access to the trade group’s real estate forms.

Last October, AAR signed a deal with dotloop that would allow the firm to pay a licensing fee to access the association’s library of real estate forms and make them available to AAR members who are also clients in order to review, negotiate, counter and sign deals digitally.

On Tuesday, AAR alerted its more than 38,000 members in a blog post that it had canceled the agreement because, after 11 months of trying to ensure that its forms couldn’t be accessed and used by unauthorized users via dotloop’s platform, “concerns remain about whether or not AAR forms are fully protected from improper use.”

Ron LaMee, AAR’s vice president of information services, told Inman News that AAR and dotloop “are in regular communication and we expect a new agreement soon.”

He declined to provide more details.

When the deal between the association and dotloop was first signed in October, AAR’s CEO Tom Farley told members that the licensing agreement would hold “as long as certain protections to AAR’s intellectual property were provided.”

Dotloop CEO Austin Allison told Inman News that dotloop’s original agreement with AAR is still in effect and the cancellation notice affects only the auto-renewal feature of the contract because AAR has made a request that wasn’t part of the original contract.

“Every renewal that involves a contract change has to be canceled to be amended because of the auto-renew clause,” Allison said.

AAR’s recent request that a “Save As” feature — that allows members to save forms from one transaction or “loop” to another — be disabled in dotloop’s platform is the reason for the association’s notice of cancellation, he said.

Allison, like LaMee, says the two parties are currently working actively on a new deal and he expects the new, amended contract to be signed shortly.

Since signing the initial agreement with AAR in October, Allison says dotloop has been working to develop a form library on its system that meets the trade group’s requirements.

He expects one should be up within a month or two when the latest request is addressed and the amended contract is signed.

A blog post on dotloop’s site, which dotloop Director of Marketing Alex Allison says was posted at 10:30 a.m. Eastern time today, provided details surrounding the issue with AAR.

“AAR has expressed concerns that a user can work from old documents that are in an old transaction folder or ‘copy’ old interactive documents to a new loop,” read a portion of the post. “They have asked that we disable the ability for a user to work from old documents that are in a loop if they are no longer an active AAR member.”

In June, dotloop incited a heated debate about its inability to license the California Association of Realtors’ (CAR) electronic forms, which precluded dotloop clients’ ability to fill out the forms using its software.

CAR — despite not having the ability to license its e-forms to software providers other than its own firm, zipLogix, because of a long-term agreement it granted its for-profit subsidiary — cited security concerns as one of the primary reasons it wouldn’t work with dotloop.

In June, dotloop filed a federal lawsuit against an alleged hacker who, dotloop claims, “unlawfully hacked into dotloop’s computer system and proceeded to unlawfully upload and download forms stored on that system.”

On Aug. 27, dotloop filed for and was granted the power to subpoena CAR, Northwest MLS, Instanet Solutions Inc. and Google for information that it believes those organizations have that would help identify the alleged hacker.

The hacking “appears to be a malicious and coordinated attempt between (those) multiple parties” to “disparage our name and reputation,” Allison told Inman News last week.

A surprise, daylong outage that dotloop’s system suffered in August was not related to a security breach or, as far as Allison knew, hacking activity.

Editor’s note: This story has been updated to include mention of a blog post dotloop says it posted on Wednesday morning that provided details on its issue with AAR.