Microsoft Photosynth (http://livelabs.com/photosynth/) and the technologies and products sure to follow it could turn out to be quite the boon for the real estate industry. This free tool allows users to upload pictures and it automatically stitches them together into an environment. This is more than just a 360 degree virtual tour - if done right it can take you from room to room and give you the feel of how a house flows. Also, unlike most virtual tours, it doesn't make me dizzy!
Yahoo's new Fire Eagle (http://fireeagle.yahoo.net/) is an interesting tool for creating geo-aware applications. It's a framework for sending an application updates about where you are based on GPS, from your phone or from a web site, doing so automatically or manually, and for applications to retrieve and use that information. Generally, people are thinking about geo-targeted content, ads, and social networking. I can imagine a Realtor giving a consumer or client access to their user generated mapping content via a geo-aware application on the client's cell phone.
Aug. 1, 2008 - Coming to CMLS in Minneapolis this fall?
I'll be moderating and speaking at the event - more details as we get closer to the event date.
The converence is located in Minneapolis, near where I live, so I've prepared a little something to help folks navigate the area. Here is a map of the CMLS conference area, including my reviews of restaurants and cultural sites.
Inman news reported today that ex-NAR president Bill Chee, who delivered the "Lions Over the Hill" speech in 1993, now says that his fears of Microsoft and other threats to real estate industry at the time turned out to be unwarranted. In hindsight that may be true - but one should consider that Bill's own words and influence may have had at least some effect on how the industry responded to threats at the time and the resulting outcome.
Bill Chee is a very, very smart man, and I remember very clearly something he said to me when we were on a panel together for the Wisconsin Association of Realtors conference in 2002 - I even wrote it down at the time. He said, "I was wrong about Microsoft being the lion coming over the hill ... the lion really coming over the hill is the consumer."
I believe that our industry still has a lot of work to do to meet that next challenge. I've been doing a lot of thinking about that .... stay tuned.
"Which MLS system is the best?" Clients perpetually ask me that question, and it also regularly comes up on email lists and in web-based discussions.
To some extent, the question is a bit silly – akin to asking someone, "What’s the best place to eat in town?" Of course no two people agree on what restaurant is the best – they have different cuisine preferences, tastes, service requirements and budgets. One person will have a good experience at a restaurant and recommend it, while another will go to the same restaurant - maybe on an 'off' night - and have a bad experience and subsequently warn people away. We’ve got to recognize that answering the MLS question is similarly difficult.
Most vendors have both very happy customers and unhappy ones, as well as a number that are between those extremes. When one asks the "Which MLS system is the best?" question on a email group or web site, you will likely get answers from both extremes – and it’s just not that helpful. Every year Clareity Consulting performs a survey of MLS Customer Satisfaction (e.g. http://www.callclareity.com/7thAnnualMLSCustomerSatisfactionSurvey.pdf) to try to provide a more comprehensive answer to how each MLS vendor is doing – but while you have to take reference checking and customer satisfaction into account in such a system selection decision, the experience of others is not necessarily the best or only predictor of your own experience.
What differentiates the MLS options, really? At a high level, system and service. After all, MLS vendors are Application Service Providers (ASP) – they provide both system and service, and need to be evaluated on both. Service may seem easy to evaluate, but it can be difficult to measure. If the vendor is providing support to staff or MLS subscribers, what call center metrics can they share with you? How much service will they provide in customizing the system to your specific needs and how will they respond to ongoing enhancement requests? The “company fit” and relationship that your MLS will have the vendor can sometimes be difficult to gauge in advance. As for the system, sometimes things we take for granted, such as speed, reliability/accuracy, and uptime may not be a given, at least not these days. Each system also has a unique feature set for the web-based system as well as for PC-based software, PDA, or voice interface – we have to answer the question, “What would your subscribers be giving up if they were moved to a new system and what would they gain?” The MLS staff also has to consider how much functionality there is in the system to help them provide a high level of service to subscribers – this may includes features like listing compliance workflows, easy to use robust RETS / data feed setup, and features providing staff with direct control over many aspects of the system. There are other considerations these days as well – for example if your market is considering a data share, how much experience does the vendor have implementing them and what is their track record? Finally, though the vendors are generally very cost competitive, sometimes cost enters the equation. I always advise clients to choose the system they really want over a system they don’t want nearly as much but with which they could save some money. I don’t think any MLS ever regretted selecting a great system that they could afford, but I know of plenty that regretted going with the lesser preferred system to save money.
Changing systems is hard for MLS staff and subscribers alike, and it isn’t something to do lightly. I typically perform an extensive member survey as part of the selection process, and more than once in the past year clients have seen such high levels of satisfaction with their current system that they’ve decided there was no way a new system would provide enough benefit to justify moving to it. Of course, you have to find a good balance of listening and leading – if all MLS executives did was listen to subscribers, we may still be using books! Also, thoroughly evaluating the benefits of moving to a new MLS system involves rigorous work, and building a robust Request for Proposal (RFP) and evaluating the proposals obtained from qualified vendors as part of an MLS Selection Process is one of the more complex services my company provides.
Which MLS system is the best? Honestly, there’s no one answer that’s true for every potential customer. Only with rigorous evaluation of your system and service needs and comparing those needs to the capabilities, system, and services provided by each vendor can I even begin to know which vendors may be good to include in an RFP – let alone have some sense of the answer the final question: “Which MLS system might be best for your MLS?” When I’m involved in a selection process, my goal is to make sure that all of the appropriate information needed to support the decision has been gathered and presented clearly so that the MLS leadership (board of directors, committee, task force, etc.) can easily answer the question for themselves.
Jul. 21, 2008 - Alert for Web Programmers and Managers: SQL Injection
This is for my readers who are, or who manage, web application programmers. I sent this update to my security assessment clients about a month ago but the urgency has continued to increase as attack rates are rising ...
I've been seeing a lot more injection attacks on industry sites - some automated, some manual. If you have web applications and haven't been testing for SQL and XSS injections - get on that PRONTO!
Even if you think your input validation is under control be careful - attackers are getting a LOT sneakier:
* Using HTML entities instead of the characters, encodings like UTF-8, long UTF-8, UTF-7, Unicode, US-ASCII and even HEX. Watch out for 'declare' and 'cast' in inputs ... not your friend.
* Not using special characters - leaving off the single quotes, using 'fromCharCode' to create them, or even use a grave accents as a replacement.
* Messing up regular expressions looking for SCRIPT by embedding tabs, spaces, carriage returns - or encoded versions of the same!
* Sending you naughty content not just through traditional inputs and URL strings, but through cookie manipulation.
* Leveraging your platform - such as SSI (if installed), renaming JS files to image extensions for upload, even using your application platform to create the script.
* Going beyond JavaScript and using VBscript.
* Injecting into image tags - including dynsrc and lowsrc attributes, in BODY onloads, in CSS calls, in titles, meta tags, iframes, TD backgrounds, DIV styles, BASE tags, OBJECT tags, XML, Flash actionscript and more!
I think my "favorite" workaround for XSS validation is where the validator gets rid of script tags in inputs but doesn't search recursively, so the hacker inputs [SCR[SCRIPT]IPT]" it gets rid of the middle "[SCRIPT]", leaving.... [SCRIPT]!
And they're using every combination of the above that you can think of!!!
Many of my MLS, association, and brokerage clients have computers in their offices that they allow visitors to use or which are used by employees for limited purposes. Windows Vista Home and Ultimate editions have easy to use controls that you can use to increase the manageability and security of those computers as well as lower the amount of maintenance they need as a result of user activities.
I'm referring to the "Parental Controls" features, which can be accessed through the main Windows menu, selecting Control Panel, and then Parental Controls. Assuming that you only allow your visitors and employees to access computers using a non-Administrative account - an Administrator account would let them change these settings at will - you can use Parental Controls to enforce useful policies for a specific user's login account. These policies include restricting web use to specific sites or types of web sites, putting time limits on when the computer can be used, and allowing or blocking specific programs.
The Web Filter allows you to limit use to specific web sites that you specify. This is a very powerful feature because if you only intend a computer to be used to access the MLS system, your organization's web site, or other specific sites, you can restrict the user to those "white-listed" sites only. If you do that, the chance of them visiting inappropriate sites or downloading malware is greatly reduced. You can also specify specifically that the user can not download any files to the computer. Not letting users save unwanted files decreases how often staff must 'clean' the computers, providing a management cost savings. Vista also comes with a web filter that attempts to block sites based on different types of content (e.g. pornography, hate speech, etc.), however I'm not confident that these filters are foolproof. But if you have a policy regarding harassment or other Internet misuse the least you can do is to enable this type of filtering, perfect or not.
Time limits are useful if you have users that you only expect to use the computer during a specific time of day and/or when the computer use can be supervised. It's easy to set specific days and hours when the computer can or cannot be used.
The Parental Controls that allow you to "Allow and block specific programs" (Application Restrictions) are also very easy to use. If you limit computer use to only those applications that are needed it increases the computer security by making it somewhat harder for users to install and use unapproved software and for malware to be accidentally executed by the user. Not letting users clog up computers with unwanted programs also decreases how often staff has the 'clean' the computers - additional management cost savings.
There are a number of additional features in the Parental Controls as well, including usage reporting and game-blocking features. Just remember, no one tool will be a silver bullet when it comes to security - but if you have deployed Windows Vista Home or Ultimate editions in your business you may find Parental Controls a useful tool to increase the manageability and security of your computers.
Jul. 9, 2008 - New software provides Java API for RETS server access
Check this out! RETS IQ RETS Library™ is a Java API that allows simple access to RETS servers. The API is designed to allow developers to connect to RETS servers and execute searches, photo downloads, metadata requests and updates without having to deal with the nuts and bolts of the RETS protocol.
Jul. 8, 2008 - Telecommuting and the 21st Century Gas Crisis
With ever-higher gas prices putting the squeeze on employee wallets, some Clareity Consulting clients are exploring creative ways to help employees, including having some of them telecommute at least part time. According to a popular telecommuting website1, 40% of the U.S. workforce have jobs that could be performed at home, potentially saving 625 million barrels of oil annually – that's over 80% of our annual Persian Gulf oil imports! Telecommuting also has a positive environmental impact.
However, there are some telecommuting issues to consider and manage. Some employees can't work productively at home while others work too much and burn out. Sometimes employees who can't work remotely resent those who can, and telecommuting can have a negative impact on employees working as an effective team. Managers used to a high level of hands-on organization, communication, and productivity measurement may be frustrated unless compensating mechanisms are implemented. There may be additional IT and management costs for facilitating remote work, and there are also possible liability and workers compensation issues that must be evaluated by human resources staff2.
Finally, consider that one of the most disastrous information security breaches in U.S. history – involving the personal information of 26.5 million veterans, occurred because an employee took sensitive data home and didn't take steps to properly protect it3. Ask yourself, "Does my organization have appropriate information security policies and practices to address the risks of telecommuting?" The following questions need to be answered via a strong information security policy:
What information can be taken from the office to a home office or to other locations?
Are the computers being used at home properly secured? What are processes for ensuring:
Operating System security hardening
Platform and software security
Anti-virus / Anti-malware practices
Is only authorized, licensed software installed on telecommuters' computers?
If the employees work with sensitive or confidential information:
How is sensitive information securely transferred between work environments, both electronically and physically?
Can employees provide physically secure home environments? Do they have a media safe? Is there a process for proper disposal of both physical and electronic sensitive data at telecommuters' location?
How is sensitive information encrypted ‘at rest'?
Are employee computers on a separate firewall segment from the remote network, and is network traffic strictly controlled?
If wireless access is used, are routers securely configured and use constrained to WPA encryption?
If allowing additional remote network access, consider your VPN:
Is the VPN ready for increased load?
Is the VPN property encrypted?
Are individual accounts set up with appropriate privileges?
Does the VPN require a strong password be entered at every connection – or even use two-factor authentication?
Do the accounts time out after a short period of inactivity?
Is split tunneling disallowed?
Are banners displayed regarding monitoring?
Is there auditing of remote access?
Do users know not to engage in risky computer activity while connected via your VPN?
Does the policy cover what to do if there is an information security incident involving company data in the remote work location?
Are there appropriate and secure methods of backup and disaster recovery for remote locations?
Are telecommuters regularly trained on security requirements for remote locations?
Is there a process for monitoring and enforcing policy security compliance over time?
Have managers and telecommuters signed off on all of those policies and procedures reflecting the questions above?
Telecommuting is a very exciting opportunity that allows employees to save on ever-more-expensive gas costs and to protect our environment. It's not the right thing to do for every organization, and it won't be possible for every job to be done remotely. Some Clareity Consulting clients are considering alternatives such as allowing some employees to work four days a week and ten hours each day and organizing carpools. However, if management takes the aforementioned steps to ensure employees are properly managed and to protect the organization against legal and information security risks, telecommuting can be a worthwhile endeavor that merits consideration.
About the author: Matt Cohen is Clareity Consulting's Chief Technologist. Matt has spoken at many conferences, workshops and leadership retreats internationally, and is a well-regarded real estate industry expert on real estate software, product and project management, risk management and information security.
Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses. Clareity has successfully executed a vast array of projects, including:
Request for Proposals (RFP) for MLS, public records, and transaction management systems
Regionalization and data share facilitation
Strategic planning
Contract negotiation
Executive Recruiting and Placement
Information security and business continuity assessments
Project planning and management
Software and system design and review
Mergers, acquisitions and strategic alliances
Market research including surveys and focus groups
Email is one of the most dangerous activities any of us does online. The way most companies implement email, it’s trivial for email account access to be compromised and for sensitive information (human resources, budgets, etc.) to get into the wrong hands. SPAM reduces our organizational efficiency and malicious software often enters networks through email. What can be done to lower these risks?
First, find out - by looking at your email settings or talking to your network staff or ISP - if you are using an unencrypted protocol (POP or IMAP) to get your email. If so, then someone – an employee or other fellow network user using a ‘sniffer’ tool - can capture your login information and intercept the emails. If your email provider can’t provide you a secure protocol, you must take other steps to encrypt the emails. If you are using a public network, you can encrypt all your network traffic – including your emails – by using a Virtual Private Network (VPN). If your company has a firewall that includes VPN capability and you connect to it before checking your email, then the traffic can’t be ‘sniffed’ as easily.
Note that my blog is hosted by Internet Crusade, and their email solutions are fully capable of secure protocols such as SSL encryption for POP mail – according to Mike Barnett you just have to ask for it and they can hook you up!
You can also encrypt your email and attachments in other ways. While this doesn’t stop people from ‘sniffing’ an insecure email protocol, it can stop people from reading email and opening attachments that are sent to them by accident. Encrypting the whole email is not easy for the non-techie, depends on the platform being used for sending and receiving email, and gets most complex when the sender and receiver are on different platforms. Helping the reader navigate this maze is not something that can be done in a short article. In terms of encrypting files and email attachments on Windows computers, I’m fond of free-to-inexpensive products from http://www.kryptel.com/.
The next tool in your security arsenal is to use company policy to educate employees on safer email behaviors. The policy can include instructions not to use email to distribute offensive materials, not to send or forward SPAM, how to try to recognize phishing, pre-texting, or other social engineering involving email, not to send confidential information via email and when to use encryption, and not to open attachments from un-trusted sources – or even from trusted sources without phone verification. The policy should also set the expectation that email may be monitored for policy compliance, and that there should be no expectation of privacy. The policy may also set email security standards for technical staff to implement, such as whether email servers pass on executable attachments at all.
None of the above steps address SPAM and the tremendous threat of malicious software that can be attached to email. At a time when spammers are becoming ever more sophisticated at evading anti-spam tools and there are free tools are available for hackers to create malicious software that cannot be detected by most anti-virus and anti-malware tools, making the right technology choices is more important than ever. As part of the ongoing support provided after an Information Security Assessment, Clareity Consulting has guided many clients through the maze of technical options that might work best for their individual needs, and strongly encourages its clients to take reasonable steps to secure their email, as it is one of the largest threats to organizational information security.
I'm very excited about some of the new security improvements in the new Firefox 3 browser release.
One improvement is some built-in protection against Cross-Site Scripting (XSS) attacks, though it's important to note that the vulnerabilities extant on many of our industry sites are still not caught by the Firefox filter. Firefox add-ons that I have mentioned in the past on this blog, including NoScript and NoRef are still of value, and the Firefox improvements don't mean vendors don't need to follow secure coding practices consistently and that users don't need to be very careful about the sites they visit.
Another improvement is seen just to the right of the address bar (now called the "Awesome Bar" in Firefox). That area now shows the site's icon (or a blank page if the site has no icon) with a color background that makes it easier for users to see the security status of the page. As you can see below, colors include gray, blue, green (and red) and if you click on the icon you can get more information about the site.
Grey is normal - no SSL encryption on the connection or other identifying information about the site.
Blue means you are viewing the site through an SSL certificate and all content (even images) are being transmitted to and from the site encrypted.
Green means there's not only an SSL certificate, but also an "Extended Validation Certificate" (a.k.a. EV Cert) that means the site owner (not just the site) has been validated in some way by a "certifying authority". These certificates are spendy (about $500 / year), and some people complain that they are an unnecessary expense. That will certainly be an ongoing argument!
There's also a RED color - this means a site is known to cause compromise - I'm not going to a site of that nature to collect an image - sorry!
The 'More Information' button lets you see if you have visited the site before today, if there is a cookie (and lets you see the cookie contents), if you have saved passwords for the site in the browser (tsk!), if the connection is encrypted, and also lets you see information about the site owner.
Internet Explorer 7 and Opera 9.5 both also have support for the EV Cert, but I think that Firefox's implementation is the most 'in your face' and in that way, the best.
Some believe (and others don't) that the color approach (including EV Cert) is still vulnerable to homograph and picture-in-picture attacks (sorry about the tech-vocab...) - but I still think this approach is a worthwhile endeavor toward reducing phishing attacks and I applaud Mozilla Firefox for improving its interface to be helpful in this way.
More than half of REALTORS® use Personal Digital Assistants (PDAs) – devices that create a significant information security risk. Real estate professionals use PDAs to store sensitive data, including email, contacts, documents, spreadsheets, passwords, bank account information, and MLS data. More than a quarter of PDAs are lost, according to a 2003 survey conducted by Pointsec Mobile Technologies, and that’s just one part of the problem. PDAs and memory cards are stolen or infected by viruses; wireless transmissions are intercepted, and many professionals don't enable passwords on their devices, allowing anyone who finds or steals their PDA to see their data. Besides keeping as little information as possible on your PDA, there are many steps you can take to secure it:
The most basic step is to reduce the risk of losing the PDA. Keep it locked up in a briefcase, desk drawer, or lockable case when not in use - do not leave the PDA unattended in plain sight.
Require a hard-to-guess password to access the device and its applications - if you don't already require a password on startup, there's nothing to stop someone from accessing your information. Whatever you do, don't configure your PDA applications to memorize your application and web site passwords.
Most people are not aware that viruses can affect their PDA. There are many anti-virus tools for PDAs, and you can download free antivirus software for some PDA models from Trend Micro (http://www.trendmicro.com/download/product.asp?productid=2).
Using a wireless connection poses a substantial risk that your information can be intercepted. If you must use an unencrypted wireless connection, the web sites and email providers you use should provide an SSL encryption option to reduce your risk. If your office or service provider offers a Virtual Private Network (VPN), that will provide an even greater degree of protection.
Many security products for PDAs exist to encrypt the information on the device - they put a password on your data, which you must enter to access the information. Examples include:
To encrypt your data on a Blackberry with a password already set, just click Options > Security and set Content Protection to "Enabled".
There's no such thing as perfect security. If you run a program from an untrusted source on your PDA, none of the steps mentioned above will be a cure-all. But, if you've taken the basic steps to secure your PDA and have your email address on the back, you don't have to worry as much about the information on a lost PDA – and you may even get lucky and have it returned to you.
Introduction. Technology is an important tool for today’s real estate professional to provide value to the consumer. When the professional’s tools are better than the consumer’s, he or she looks competent, but when the consumer's tools are better than the professional’s, the consumer may wonder why the professional is getting the commission. This is why associations and MLSs are taking a leadership role to ensure that real estate professionals have the right tools -- which requires that association and MLS executives sign more technology contracts than ever. Besides membership management, lockbox, and MLS contracts, many executives are negotiating contracts for transaction management systems, public records data and applications, document management systems, customer support applications, web applications, wireless applications, web hosting, and more. Of course, brokers and agents are also signing their own contracts for technology as well.
When customers negotiate technology contracts infrequently, the contracts may be short-sighted, incomplete, or inflexible. Such contracts can lead to impasses between the parties, and in turn to rapid vendor turnover and frequent system changes. This is expensive for the organization and unsettling for members. Clareity Consulting negotiates dozens of technology contracts every year and prefers to see contracts that provide a foundation for a long-term relationship. Although no article full of tips can replace a practiced eye, Clareity Consulting’s finely-honed contract language recommendations, and the use of a seasoned technology contract attorney, can save time and prevent error. This article will provide, at minimum, a baseline for contract review.
Define the Product. A strong contract must include a complete product definition by reference, with the documentation included as an addendum. The contract must define every function and interface, so that if the product does not meet expectations, both sides can reference the documentation to see whether the agreed-on performance was delivered. If a Request for Proposal (RFP) process resulted in a detailed description of deliverables, the contract also should reference and include the response to the RFP. The contract should include all definitions of initial customization and integration, or at least define a process by which the contract can be amended to include them as they are discovered. The customer should take the time to document all verbal promises, including delivery dates for specific functionality. If the product is highly dependent on vendor-supplied data, define data update periods and standards for data accuracy. If the contract includes upgrades, it should not lock the organization into a specific version. The product will change over time, and a process to update the product description, along with descriptions of any customizations made for the organization over time, must be written into the contract.
Define the Service. Products rarely are sold without services; the contract should include complete descriptions of all included services, as well as detailed descriptions of initial and ongoing training for both staff and members. Training descriptions should specify whether training is lecture-style or hands-on, class size, and responsibilities for facilities and training materials. The contract should describe support services in detail, including the days and hours of support for staff and members, exceptions for holidays, processes for emergency staff support, and metrics (such as average hold times, voicemail thresholds, and email and voicemail response speed). Especially if support is a shared responsibility, it may be important to include access to a common support system or knowledge base. The contract should establish processes for bug fixes, including severity classifications and processes for different classes of bugs, reporting, and metrics (such as time to resolution). If the contract properly defines services, service expectations, and reporting methods, the parties should never disagree regarding the service level received.
Plan Implementation and Deployment. To minimize risk, the contract should specify a schedule for implementation and deployment/delivery, including visible milestones, procedures for missed milestones, and project management communication. The contract should always define a testing and acceptance period before delivery, training, and cutover. It also must specify documentation and help files which have been customized to the installation for delivery – definitely before the software is fully in use and ideally before training. If the software is customized for the organization, it probably will not identify all customizations required by the members before they are using the software en masse. Therefore, it is ideal to specify a grace period for changes identified post-deployment, during which time modifications are completed as part of the original price.
Define the Product/Service Future. The contract must answer many questions to set appropriate expectations for how the product and service will change over time. Which enhancements will be provided for free? How often will enhancements be provided? Must the organization accept new features developed by the vendor and provide them to members? What is the hourly programming rate for custom programming? How are customer requests included as enhancements rather than costly custom programming? What are the processes for enhancement specification, cost estimation, acceptance, and deployment? Does the cost include a certain number of hours per year of custom programming? If the contract adequately answers these questions, it will leave less chance for conflict about the product and service levels.
Set Protections. Most contracts define “uptime” only in terms of availability, but to be meaningful, uptime must be defined in terms of three criteria together: availability, performance, and functionality. What is the use of reaching the MLS server if the search function is broken? If users can search but the search runs painfully slow, the system is basically unusable and shouldn’t be considered “up.” It is important for the contract to link these criteria into a unified definition of uptime. Many contracts specify 99% uptime, which is inadequate for a typical web application! Uptime percentage often is reckoned in terms of “five nines”: these refer to unplanned downtime per year:
Uptime Percentage
Unplanned Downtime per Year
99%
99.5%
99.9%
99.95%
99.99%
99.999%
(2 nines)
(3 nines)
(4 nines)
(5 nines)
87 hours, 36 minutes
43 hours, 48 minutes
8 hours, 44 minutes
4 hours, 23 minutes
53 minutes
5 minutes
It’s important to decide what kind of uptime your organization requires and make sure that the contract specifies uptime, how it is monitored and validated, and what happens if uptime guarantees are not met. Your vendor may require that planned or scheduled downtime not be counted in the uptime calculation. This is reasonable, and if so, the contract should specify when scheduled downtime can take place, for how long a period, and what notice to the organization is required. This will help establish fair and realistic staff and member expectations.
A sound technology contract should also include protections such as:
reasonable definitions of and limitations on performance in the case of civil or natural disaster (“Force Majeure”)
Representations and warranties
reasonable security precautions by the vendor
intellectual property definitions and mutual confidentiality agreements that cover all content the organization and its members enter or cause to be entered into the system
terms of contract assignment for both parties
definitions of which provisions survive contract termination (such as confidentiality)
assurances that the vendor cannot market other products to the organization’s members directly without written permission of the customer
terms for the escrow of source code
setup documentation.
Terms and Extensions. Clareity generally recommends that technology contracts be a maximum of three years unless the vendor relationship is exceptional and the customer has utmost confidence that the vendor will be in a market-leading position for the life of the contract. The contract should specify the term of and process for extensions. Because technology costs vary over time, it is not always clear whether it makes more sense to negotiate extension pricing in advance or to specify good-faith negotiations in the future. Organizations can waste tremendous amounts of volunteer and vendor staff time when they must reiterate the RFP process just to obtain a competitive price for an extension, so it is often best to have the terms and pricing for extensions well defined.
Dispute Resolution. The contract must specify a meaningful method of dispute resolution. It must define mechanisms for notification of non-performance and an issue resolution process. It should include a definition of default events, penalties and remedies, and a period within which defects and non-compliance can be cured. The contract should define mediation and/or arbitration mechanism to deal with more serious disagreements, and for the most serious issues, the contract should specify legal interpretation, legal cost-bearing, governing law, and jurisdiction. Monetary holdbacks or termination for cause should be the last resort in dispute resolution.
Getting Your Data Out. It is important to define the mechanisms and costs for obtaining constant access to your updated data for use in integrations, regular access to an organization-owned backup for risk mitigation or disaster recovery, and/or a way to extract and convert your data near the end of your contract. Ideally, the contract should specify the data in question to include any information or documents that the organization or its members enter or cause to be entered into the system. For an MLS system, this might include not only listing data but photos, virtual tours, video files, contact data, documents, and even calendar and preferences, such as saved search criteria, listing carts, and prospect searches. In this example, does your MLS contract also specify what information – other than listings – will be imported from the old system? As technologies continue to expand their scope, one must eliminate unreasonable limitations on the scope of the data one can contractually convert to or retrieve from the system for use in other systems. It is particularly difficult for a contract to define the format in which data can be retrieved from the system. A delimited file or RETS standard can be used for listing data – but we currently lack an ”industry standard” format for other MLS data or data/documents in transaction or document management systems, contacts, calendars, and similar areas. This means that even if one can contractually extract the data, there’s no good way to ensure that it will be in a format usable by another vendor. Currently the most one can do is to specify existing standards and write the contract to apply other industry standards as they emerge. Finally, if the client requires real-time read-only database or RETS connectivity, the contract should specify it.
Pricing. Clareity always advises clients to start by selecting the system desired, then consider price. Too often, real estate organizations reject their preferred technology because it is more expensive – but then are dissatisfied with the selected technology and end up spending more money and member good-will converting to a better technology. Negotiate a fair price, remembering that you get what you pay for. If your technology partner isn’t making a decent profit, chances are your organization will get inadequate service, the vendor will lack the money to perform adequate R&D, and may even go out of business. The contract should try to anticipate any “extras” that may be needed and specify all costs explicitly. Ideally, the contract’s pricing should be variable to protect both parties. For example, it is no longer unusual for contracts to tie pricing to Consumer Price Index adjustments. Also, if the technology’s pricing would vary based on the number of users, the contract should include a grid showing the price differences if your membership size changes.
Conclusions. Aim for a win-win contract that protects both parties. Watch out for contract language that does not adequately define product or service, account for change, or identify dispute resolution methods. Inflexible contracts often lead to dissatisfaction that is difficult to resolve through renegotiation and to relationship failures that hurt both parties. The goal of this article is to help you understand risks in your current contracts and identify some areas where you can improve your new contracts -- but no simple set of tips can replace a business consultant’s practiced eye, the time savings created by using finely-honed contract language, and the use of a seasoned technology contract attorney. I negotiate enough real estate technology contracts to be able to say with assurance that the devil is in the details, and a single word can make all the difference between a bad and a good contract.
Author
Matt Cohen, Chief Technologist, Clareity Consulting
It can be a daunting task for consumers to slog through daily MLS prospecting search results and even consumer-oriented web sites to find the listings they are interested in. With increasing property inventories, consumers will need to expend even more effort to find the properties that appeal to them in search results that will likely grow even larger. We can do better for them.
We need to ask ourselves, "When paging through search results, why do consumers click on this property or that one?" Usually, they've already set their search criteria and are only looking at properties in their desired geography, price range and (using residential as the primary example hereafter) the right number of bedrooms, bathrooms, required square footage, etc. Of course they desire a bargain, and are looking for properties that are the best balance of price and their other required criteria. But consumers are also highly visual, so they look at thumbnails and click on homes that match the style, exterior, and colors that appeal to them. That's obvious, right? Well, why are we making consumers page through dozens or even hundreds of properties every day to hunt out the bargains and to find the properties that appeal to them in other ways? We should stop continually sorting on a single arbitrary criteria, most typically price, and start presenting first and foremost the homes that meet the consumers' desires.
How can this be done? Other industries have already shown us the way. Once you look at a few items for sale on Amazon.com, they start showing you other items you might like to buy. Once you rent and/or rate some movies on Netflix.com, they suggest other movies you might wish to put in your queue. My favorite example might be Pandora internet radio, which lets you set some initial criteria for music you want to hear, then fine tunes your playlist as you rate the songs you hear or move to skip the rest of the song they are playing.
We can use similar methods. We can see what properties users click into to see details. With some application changes, we could probably collect information on and analyze how long they stayed on each detail page. We could collect information on what properties they email to others or request more information on. This can be a subtle task, termed "establishing intent from gesture", but we don't need to be subtle. We could also, similar to the Netflix and Pandora approaches, have them actively rate properties as part of their search or even in a separate "getting to know you" activity. The rating can be as easy as "thumbs up, thumbs down", could be a more sophisticated five-star rating, and we could even ask what aspect of the property was the primary basis of their rating or have them rate different aspects of each property. The more information we have, the more accurately the system should be able to order the properties shown to consumer to meet their desires. On sites where the consumer is identified via custom link tied to their identity or login, we can track more information over time, but even on anonymous usage sites we can collect some information. At any rate, if the consumer always clicks on two-story houses, on colonial houses, on houses with brick exteriors - we have the information (especially in the MLS system) to sort on and show them similar houses first.
Can this method ever be perfect? Of course not - especially since there are various qualitative aspects of property selection that we don't currently track data for at the current time, and therefore we can't use it in any type of automated process. When consumers are looking at photos and making those split-second judgments, they may look at landscaping, general conditions/curb appeal, and even house color (the trickiest of any criteria to use). Of course, if we start collecting sophisticated ratings (not just 'thumbs up/thumbs down') we can start increasing the amount of data we have an properties and use that information as well. For example, if 43% of 150 consumers rating a specific property poorly did so specifically because of property condition / landscaping, we know that consumers looking for homes in good condition and with good landscaping will probably not like that property. Yes, we have to answer the question of "What happens if the homeowner subsequently improves the condition" ... then there should be a new photo and statistics need to be re-set. But what if agents keep uploading new photos on properties to try to "game" the system? And so on. This isn't simple, by any means, and again, it won't be perfect - but our MLS prospecting results and public site search results could be a lot better than they are right now, and we owe it to ourselves and the consumer to try to improve the property search experience.
I should note that experimenting with this approach could even benefit the real estate professionals, providing them with business intelligence on properties they have listed or even giving them more insight into the buyers they represent. It may provide support to tell the seller that it's time to fix up the front yard or make other property improvements. And we've all heard the phrase, "Buyers are liars," that they can tell you that they must have one thing in a home, then go for something completely different. We could start collecting the type of information needed to more fully understand their needs and provide them with better service.
May. 27, 2008 - Information Security Quiz for Non-Techies
I received yet another call from a company that had suffered an information security breach and now needs help to assess and address issues. I hate when companies wait until this point to start dealing with security. Everyone is stressed out and demoralized. Worst of all, in this case right after the breach they immediately fired the CTO - the person I would normally be working cooperatively with and providing a hands-on education on information security practices. IMHO, since the executive didn't have a comprehensive information security policy lifecycle in place to address the type of issue that cause the breach, he should have been fired himself, as he was to blame!
This is a quick five-question quiz for brokers and executives (not for techies) that can be used to gauge whether your business is taking key steps to protect itself from information security breaches.
Does your business perform initial background checks on staff?
[ ] Yes[ ] No
Without employee screening – initially and ongoing – you could be putting private consumer information at risk and exposing your company to privacy liability issues resulting from identity theft or other misuse of your client’s private information.
Are office visitors ever left unattended in employee areas where computers are left logged in or sensitive information is on desktops or in unlocked filing cabinets?
[ ] Yes[ ] No
Physical security is often a far bigger risk for information security than computer settings. Whether it’s a backup tape, a piece of paper from the listing or closing process that has sensitive consumer information on it, or information on an employee, physical security is your first line of defense in information security.
Do you have security policies covering everything from how to handle sensitive information to how to securely install and configure computers? Are new employees trained on these policies initially and are veteran employees “refreshed” at least annually?
[ ] Yes[ ] No
Policies and procedure are the bedrock of an information security program. Without a thorough set of policies educating employees on how to help your business stay secure, and without ongoing education, monitoring and enforcement of policies, it’s likely that best practices in information security are not practiced in your business.
Does your IT person run a number of security tools on your web applications, network and all of your servers, workstations and laptops at least once per quarter (ideally each month) and give you an executive-level status update on the security of your applications, network and computers?
[ ] Yes[ ] No
Your IT person should have some formal education in information security, have a complete security tool-set, use it regularly, and keep the broker/owner/CEO apprised of risks, so that you can take management responsibility for information security and allocate resources to address emerging risks.
Have you had a security assessment performed by an independent third party in the past two years, reviewed the results with them, and understood your risks and created a project plan to address those risks?
[ ] Yes[ ] No
Information security is a specialized field – it takes an outside, independent expert to reliably assess the risk so that you can take steps to improve your business’s security practices.
If you answered any of these questions with a ‘No’, then you may want to think about taking a more active role to manage your company’s information security exposure. A security breach can cost six or seven figures to recover from and can also cause significant damage your organization's brand and reputation.
May. 24, 2008 - Limiting Internet Use to Protect Your Company
The most innocent employee activities can have the worst security consequences for employers, and uncontrolled Internet use is a perfect example of this. Employees visit sites where they download content violating HR policies, share 'entertainment' sites and videos that distract other employees from work, and even download malicious software that can cause network compromise. Instant messaging (IM) has many of the same issues. What can be done?
The first step is to enact a firmer Web and IM use policy. At its most stringent, the policy can ban IM use and restrict Web use to mission critical web-sites – but that can create a less than pleasant work environment. A less strict IM policy may be to allow IM use only between employees, restricting employees to an 'internal-only' IM identity, not allowing them to IM with outsiders, and not allowing advanced IM features such as file sharing, audio or video. A less strict Web use policy might only allow traffic to specific, approved, non-work-related web sites. Even if management goes further and does not significantly restrict Web use, it's still important to have policies. While not an exhaustive list, a policy might include statements such as the following:
Employees must only use approved software to access the Internet, and software configurations must not be changed by employees without manager approval, including installation of browser plug-ins and Active-X controls.
Any personal use must not interfere with normal business activities, must not involve solicitation, must not be associated with any for-profit outside business activity, and must not potentially embarrass the company.
The Internet, including the Web should not be used for the transmission of any offensive, obscene, defamatory or illegal materials.
Employees must not download executable files from the Internet unless that download is required for performance of their job, and in that case programs should only be downloaded from trusted sources, with extreme caution.
Sensitive information about employees, customers, or other company-confidential information should never be published to the Internet.
There should be no expectation of privacy when using the company network and that traffic might be logged and reviewed to ensure policy compliance.
Policies are good, but do little to protect your company on their own. It is important that employees are regularly educated and re-educated on all of your company policies. Your company can be further protected by putting technical solutions in place that reflect the policy and enable monitoring and enforcement, or even take steps to proactively either only allow the limited uses you define or allow a broader range of use but stop prohibited uses. Clareity has guided many clients through the maze of technical options.
Clareity strongly encourages its clients to make considered choices about employee Internet use, implement policies that balance risk and benefit, and take steps needed to monitor and enforce such policies, including implementation of appropriate technologies to protect their company from security and other risks inherent in Internet use.
May. 21, 2008 - Single Sign-On (SSO) Legal Compliance
Some organizations have implemented Single Sign-On (SSO) without properly understanding the legal risks, providing the education to manage those risks, or putting in place the appropriate legal processes and documents. Such processes and documents should be in place and accepted by all of the SSO participants BEFORE utilizing SSO technologies.
My "sister company", Clareity Security, has added a number of important Single Sign-On (SSO) resources to its web site, especially for MLS operators, brokerages, and real estate software and settlement service providers implementing SSO. The most recent addition is a Single Sign-On Legal Compliance paper, prepared in consultation with noted attorney John H. Rees. Clareity Security is releasing this document to encourage real estate organizations implementing SSO to take the appropriate legal and business steps prior to implementation. Note that that document and the sample contract language are provided only as a resource, and are not intended to substitute for and do not constitute legal advice.
The site also includes a video introduction to SSO and links to the SSO toolkit that software providers can use to implement SSO securely.
While at the NAR midyear meetings I had some great conversations with attendees about my recent "Future of MLS Features" article, and I was prompted for some of the additional "incremental change" ideas that I had referenced in that article. I provided a few ideas to those industry colleagues that asked, and here's one of those ideas: how prospecting should be improved.
Prospecting, for those who don't deal with it all the time, is the capability for an MLS user to add a contact (usually a consumer, known as "the prospect") and perform one or more searches based on the prospect's property search criteria, the results of which would be sent to the prospect on a regular basis so that they can interact with the real estate professional and let them know what properties are of interest. In some systems, an HTML email with the property information is sent to the consumer, in other systems just a link to a search results web page is sent to the consumer. Different MLS systems provide differing prospecting workflows, as well as a great number of options and additional functions around this core, but basically they all do the same thing.
The assumption made when this feature was created was that real estate professionals would use it to work with consumers with whom they had an established relationship in order to show the consumers properties more efficiently than they had in the past by driving them around or meeting to show them properties in the book, MLS, etc.. Unfortunately, some users started using the feature to send repeated unsolicited emails to people they have no relationship with. I've heard that some brokers have people that do nothing but set up such problematic prospecting searches - and such users are sending out thousands of emails a day that should not ever be sent out. The result of these activities is that MLS systems run slower with the extra load and MLS providers' email servers are heavily taxed and put on SPAM blacklists, which in turn results in legitimate users' prospecting emails to clients being rejected. The scale of this problem is large, and MLS providers spend significant resources trying to maintain their "white list" status.
How can we solve this problem by making changes to how prospecting works? The answer is two-fold.
The first part is to stop automatically sending out unsolicited emails day after day. This can be accomplished by having the first email sent from an MLS system user to a prospect be more of a generic introductory email, the purpose of which is to encourage the prospect to either opt-in or opt-out. If the prospect does not opt-in, then the system does not perform the regular prospect searches and send them additional emails. The MLS user could be allowed to manually re-send the invitation email, to address issues with emails that have gone awry. Various additional features would need to be put in place to prevent "gaming" of this system (e.g. prevent the user from sending to one email address [that they control] to accept the initial invitation, then change the email address to the prospect's and send without additional opt-in confirmation) - but I am confident MLS providers could be smart in their implementation. But still, this step alone is insufficient to address the whole of the problem...
The second part is to track, on a user-by-user basis, the percentage of prospecting invitations that are never responded to (possibly because people are afraid to click on any link in a SPAM message), those accepted, and those opted-out of. MLS staff should be able to access a report showing the percentages and numbers of each within a time period, sorted by those users with the highest percentage of opt-outs and non-response, with the ability to see the statistical break out and drill down to review all prospecting activity. Those users with exceptionally high percentages of opt-outs and non-response must not have an established relationship with those to whom they are sending prospecting invitations. If the MLS put rules in place regarding prospecting use, this type of reporting capability would allow MLS staff to put appropriate practices in place to provide the monitoring needed for rule compliance.
During the NAR meetings I had the opportunity and privilege to help staff the RETS booth, and one booth visitor in particular piqued my interest. The visitor was a developer for one of the major broker back-office applications and expressed that he had integrated with a number of MLSs and was getting more comfortable with RETS, but he was still perhaps a bit fuzzy on RETS as one of those "MLS things".
It really brought home for me how MLS-centric a lot of the RETS effort has been, since RETS really should be providing a tremendous efficiency benefit to brokers and agents beyond the area of the MLS system, moving data efficiently and error-free from forms packages to broker systems and between all of the various broker and agent systems where real estate professionals are performing duplicate data entry.
When I expressed those thoughts, I think it was a real "Ah hah!" moment for that developer. I hope that he and other non-MLS developers continue to become more actively engaged in the RETS effort, and that RETS brings efficiencies to all of the systems in use by real estate professionals - not just MLS.
The message I think we need to get out there?
RETS is not just an "MLS Thing"
RETS is a "Broker Software Thing"
RETS is an "Agent Software Thing"
The purpose of this paper is to generate discussion on possible MLS system future features by providing a big picture view of the changing relationship of real estate professionals with each other and with consumers, the changing relationship of local and regional MLSs with each other, and to illustrate, at least at a high level, how these changes may be either enabled or reflected technically in the MLS system of the future.
This paper is not focused on detailed description of what features are popular already today, for example:
Mapping bird's eye or street-level views
Big pictures in slideshows and flyers
Total MLS staff control over fields, reports and business rules
Public records data intermingled with MLS data in reports and improved statistics
This paper also does not focus on the usual incremental changes to current MLS features, but rather explores the future of MLS systems and their role further ahead.
Clareity always advises our clients during their MLS system selection process focus on the core features ('the steak') and not be overly sold on other features ('the sizzle'). Too often, a largely volunteer based Task Force can be swayed by a single 'sizzle' feature, and forget that most importantly the system must perform core functions such as listing input and search as efficiently and accurately as possible, and that the system must have high availability and fast performance. With some of the more popular MLS vendors currently having significant issues in these core areas, I want to make sure that this paper is not seen as a call to take your eyes off the system core. That said, the definition of core functionality has expanded somewhat in recent years and will continue to expand and change – and we can't ignore that either.
By consulting for many MLS vendors over the last decade, Clareity has strongly contributed in the development of the product vision for today's modern MLS system. Clareity was a strong proponent of features such as integrated contact management and CRM, functionality for assistants and teams, and coordinating all of the leading real estate software vendors on Single Sign-On (SSO) technology and information security improvements. Not every feature we've thought up or recommended has been adopted though. Some ideas, such as good uses for automated valuation models (AVMs), Clareity has advocated for many years, but it took Zillow and Zestimates® to serve the MLS and brokers a wake-up call. AVM's are just now starting to be integrated properly, in just a few MLS systems, using high quality AVM tools from companies like First American and Cyberhomes.com.
What follows in this paper are some of the cool features from my MLS product development notebook. Hopefully some of these features will show up in your MLS system of the future. If you like one or more of these features, ask your vendor for them (or build it yourself, home growers!).
Mapping: Not Just About Showing Property Location
Mapping has currently been used in MLS systems to show the location of properties, and occasionally through data layers and other interactivity, to show information about the property and its surrounding areas. However, mapping has a lot more promise than it has been used for currently.
Mapping can be a great tool for communicating agent knowledge about neighborhoods and communities. In some systems there is currently a way to turn on specific categories of "points of interest" (POI), but does it really help a gourmet seeking a home in a high-end community to show them every McDonalds and Burger King in a two mile radius? Not at all – rather, if the agent shows the consumer that map, it demonstrates that the agent doesn't understand their client. It definitely doesn't show the client that the agent is the neighborhood expert and can help interpret the plethora of information available. So, one key feature for turning maps into a useful tool to build a bridge between agents and consumers is allowing the agent to customize the map, edit the content shown to the consumer, and add user generated mapping content.
Illustrated below, an agent is showing the listings desired by the consumer alongside some specific restaurant and shopping options. You can see that in the Bistro detail shown, customized text and additional information has been entered by the agent, showing the client that they know the neighborhood, and have been to this restaurant before.
For example, if the prospective buyer had a child that studied karate, the agent could have added the nearby dojo to the map, along with the commentary "I think Suzy will really like the karate instructor at this dojo." Or, if the buyers had children in elementary school, the agents could add rich, relevant and even personalized content about the local schools as well.
The key to successful user generated mapping content is for it to be very easy to add the content. It must be easy for agents to add new custom points of interest, pre-fill basic information from existing data sources, and create content libraries that they can leverage to create custom maps for consumers with a minimum of entry or re-entry. Getting these workflows right is critical to feature adoption.
Another area of mapping that could be greatly enhanced is to use mapping layers to show demographics. In many surveys Clareity has performed, agents seem very skittish about this – especially when it comes to showing crime maps. Some agents have legitimate reasons for skittishness – fear of being accused of steering or other violation of fair housing laws are valid concerns – but it's up to real estate professionals to provide the consumer the information they want and need to make a buying decision. If consumers want it and the real estate practitioner won't provide it, they'll get it elsewhere and the value perception of the REALTOR® will continue to decrease. As former NAR president Billy Chee said to me back in 2002, "The consumer is the lion coming over the hill."
Mapping also has great power to display complex information in a way that's very easy for people to interpret. One of my favorite visualizations is the 'weather map' or 'heat map'. Consumers can readily obtain heat maps from Trulia, Zillow, CyberHomes, and others, but not from their agents. Why is this? While some MLS systems already have heat maps to show days on market or price per square foot, it's easy to imagine other heat maps with even more useful information. The example below shows what areas are 'hot' or 'cold' for investors by showing appreciation over time. Such maps could also show vacancy and absorption or even percentage differences between initial asking price and final asking price or sale price, or even show shading representing the percentage of properties in foreclosure.
I've shown 'heat' two ways on the map above – with colored icons and with color shading. It's probably only necessary to use one method or the other. Icons will certainly be technically easier to implement than shading, though at a wider zoom level area shading may make more sense.
Bridging the Gap between Internet and Installed Software
Why make the consumer open up a web browser and go to a web site to see their latest prospect matches? Why even expect they would check their email? Why not 'push' the results right to their computer desktop and get the information right in front of them when they start up their PC? This is both convenience to the consumer and value-add to the agent.
The illustration below shows two Widgets that I created back in 2005 – one designed for the consumer showing the results of a prospect search, the other for the real estate professional, showing listing activity in their market area, along with what emails, inquiries, and tasks would await them when they logged into the MLS.
Toolkits by companies such as Google and Yahoo!, as well as widget capabilities built into Windows and Mac OS, make widget creation fairly easy. Coldwell Banker added a very simple widget to their web site last year, but I'm imagining much more sophisticated widgets, especially for professionals. Recently, I've begun to see capabilities developed to allow even more bridging between the Internet and the desktop – where the widget can store some data locally and provide some functionality even if the user has gone offline. As this technology evolves, I expect that the opportunities opened up by its use will continue to grow.
Integration of Broker System Features
At some point I expect, or at least hope, that MLSs will have much deeper integration with broker back-office systems and/or build in more broker features. There would be significant broker data management and workflow advantages to building features into the MLS such as:
Lead Generation / Management tools
Marketing tools
Competitive analysis for Recruit/Retention
Content syndication tools (listing distribution to other web)
Productivity / profitability measurement tool
To dig a bit deeper in one of these areas, an agent productivity / profitability measurement tool may include such elements as:
Income and Expense Tracking
List/sell/total production graph and chart
Drilldown by month / week / day / date range
Drilldown by enterprise / office / team / agent / listings
Productivity modeler (Actual / What If)
The "what if" modeler may allow for adjustable components such as commission splits, selling office commissions, desk cost coverage %, closed to list ratio, average marketing time, transactions to list ratio, and more. The system would then be able to show total $, GCI, agent $, company $, market $, desk $, net $, and $ change (from previous and base scenarios).
These types of features have been in various different broker tools – but really depend on the MLS for the data to properly implement them. Again, either the key will be deeper integrations with existing products or building these types of tools right into the MLS.
Features to Better Support Agents
Most MLS features are focused on the agent, but there's still more that can be added to the MLS for them, including:
Listing presentation or other marketing pieces as robust as the CMA w/ MLS sales statistics and showing data integrated
Buyer's agent presentation
Easy mail merge marketing pieces w/ tax data
A chart/report showing housing value increase or decrease within specific search criteria - to detect price trends within a specific neighborhood - and the ability to set alerts if sale price conditions start to occur for a specific search.
As MLSs continue to regionalize and engage in data shares, creating a better system for agents to find each other and provide referrals will be increasingly important. I believe that more advanced roster search functionality will be important if an agent in one area needs to be able to find the agent in another area to best serve their client. Being able to see who is the expert in the types of properties desired by the client and who is most experienced and 'best' at facilitating buying or selling those properties via statistical analysis is key. Potentially there would even be qualitative agent ratings, open to other real estate professionals or even the consumer. Like eBay ratings, there would be a way to address disputes. There are already a number of web sites providing mechanisms for agent ratings – why wouldn't "organized real estate" want this mechanism to be someplace where we could manage the rules around it and have it integrated with other agent information and statistics? Consumers will have access to several agent rating services – this is inevitable – because everything is being ranked on the Internet.
Integration of Appraiser Data
Will appraisers ever be brought into the fold? Every few years this comes up and new appraiser platforms such as Zaio are developed – though usually they have not succeeded in the long term. Why separate appraisal systems from the MLS system - is there not synergy? Shouldn't data standards such as RETS be worked on together with appraisers? How will they be incented to participate in a common data platform, so that everyone benefits?
RETS Implementations
Continued improvements in the ease of setting up listing syndicationand even accepting listing input from broker systems will be possible as RETS continues to evolve. I think these are core MLS functions, and will change the role of the MLS system as diagrammed below. A lot more detail on this subject is available in a separate paper, available from http://www.callclareity.com/MLSsyndication.cfm
MLSs will also need to work to address the security of listing data either being syndicated or even exported directly from the MLS. Because of that latter element of the problem, use of secondary products will always leave a significant issue unattended – unless the solution is 'baked into' the MLS. None of the MLS systems on the market today have established effective controls for solving this issue, though Clareity Consulting attempted to get the ball rolling by sharing plans for such as a system with all the major MLS vendors back in 2004, in a document titled, "Protecting Against Illegitimate Use of Data by Legitimate Users: Processes of Data Licensing, Delivery, and Use Monitoring".
The core of the system, diagrammed below, is to include a process for data use licensing, request and delivery, and verification – all built right into the administrative user's view of the MLS. MLSs could get a handle on where the data should be via the licensing process, data and images would be individually watermarked (yes, I know that data watermarking is a tall order), and methods of efficient compliance management put in place.
I've got to admit that I'm not sure the perceived cost/benefit model will ever make it likely that such a system would be built – but I'd like to see this issue addressed. Once weaknesses in MLS user authentication and protections against hackers are put in place, this area is the largest security challenge for any MLS.
Social Networking
Real estate is, by its nature, a social business - so another area where both standards and deeper integrations may come into play is in social networking. Various major social networking sites have explored development of a common programming interface (API) for social applications across multiple applications - for example the OpenSocial standard (http://code.google.com/apis/opensocial/). If MLS functionality expands its capabilities toward social networking, it certainly would be interesting to see how the MLS could interact with other applications through such interfaces, opening up whole new possibilities of how real estate professionals interact with their colleagues and clients.
The Original NAR "Future of MLS PAG" Vision
Originally, the NAR "Future of MLS PAG" vision was to have a central back end data repository, allowing for front-end interface of choice, provided at the local brokerage, MLS or association, vendor, and franchise levels, along with a baseline front end available through the NAR. Diagrammed below, this wasn't a bad idea, though the MLS PAG has since evolved its vision toward something that has seemingly little to do with MLS.
I still think the original vision made a lot of sense, especially at the natural market region level, then being linked together into larger areas. Of course, most MLS systems are not currently architected to use separate back-end databases, but I expect this will change in the future.
Lastly, to facilitate the regional data share process, or even to make it possible for brokerages/agents to have their own custom data shares beyond a single region, MLSs will need to make it easier to automate creation of data mash-ups from different MLSs as much as possible. I imagine a data mapping expert system that facilitates inclusion of multiple data sources, automatically mapping data to a common set and "wizarding" corrections and additional mappings. Of course, the system would still need to reflect the data mapping into reports, statistics, and other parts of the system.
Conclusion
Clareity Consulting is constantly researching new ideas for MLSs. Our expert consultants are regularly engaged in the product management and development process with leading MLS vendors and home grown systems. Through end-user surveys, interaction with MLS executives and staff (80+ of top 100 MLSs have been clients of Clareity), our annual Workshop and attendance at MLS system sales demos, Clareity is constantly taking the pulse of the industry, in terms of what features are desired in an MLS system. But Clareity goes beyond this research, and is always looking ahead.
One of my favorite product-development related quotes is from Henry Ford, great automotive pioneer, who said, "If I had asked people what they wanted they would have said faster horses." There's a lesson in that quote for MLSs that say, "We're member driven," and for MLS vendors too focused on the mantra, "We're customer driven." It's important to listen, but it's also important to innovate and lead.
Those who wish to keep the functionality of the MLS more limited may insist that the role of the MLS should be constrained to only those functions needed for the facilitation of cooperation and compensation between brokers. That is, of course, the core of the MLS, but it should also be recognized that the MLS is the core business platform for agents as well, and that the MLS may need to continue to expand to support their needs in a multitude of ways.
What has been described above may be of interest, perhaps may inspire, but it's up to you. We in this industry often passively ask ourselves and our peers, "What is the Future of MLS?" I think we need to take a more active, thoughtful role. To reference a quote attributed to Allan Kay of Apple Computer, "The best way to predict the future is to invent it!" MLS vendors and regional MLS operators can create the future of MLS, both supporting and driving the way local and regional MLSs interact with each other and the rest of the industry, and enabling REALTORS® to interact with consumers in new ways, preserving and enhancing their value as well as the ongoing value of the MLS system itself.
About the Author
Matt Cohen is Clareity Consulting's Chief Technologist. With a dozen years experience in real estate technology, Matt has spoken at many conferences, workshops and leadership retreats internationally and is a well-regarded real estate industry expert on software design, product management, project management, data center reliability, scalability, and information and network security.
About Clareity
Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses. Clareity Consulting provides clients an independent and unique perspective. Clareity has successfully executed a vast array of projects, including:
Request for Proposals (RFP) for MLS, public records, broker systems, and Transaction Management Systems (TMS)
Regionalization and data share facilitation
Contract negotiation
Information security and business continuity audits
Executive Recruiting and Placement
Project planning and management
Strategic planning
Software and system design and review
Software scalability testing
Mergers, acquisitions and strategic alliances
Market research including surveys and focus groups
Matt Cohen is Clareity Consulting's Chief Technologist. Matt consults to MLSs, Associations, brokerages, and many real estate industry software companies and has spoken at conferences, workshops and leadership retreats around the country on a wide variety of MLS-related topics. Matt is a well-regarded real estate industry expert on industry trends, software design, product management, project management, and information security. Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses.
About the author: Matt Cohen is Clareity Consulting's Chief Technologist. Matt has spoken at many conferences, workshops and leadership retreats internationally, and is a well-regarded real estate industry expert on real estate software, product and project management, risk management and information security.
RSS Blog Feed