The Gray Market: Why Art Galleries Have Become a Ripe Target for Hackers (and Other Insights)
This week, our columnist argues that galleries—and their clients—can no longer be cavalier about cybersecurity.
This week, our columnist argues that galleries—and their clients—can no longer be cavalier about cybersecurity.
Every Monday morning, artnet News brings you The Gray Market. The column decodes important stories from the previous week—and offers unparalleled insight into the inner workings of the art industry in the process.
This week, three industry-specific legal matters worth reviewing…
DO HACKERS DREAM OF ELECTRIC INVOICES?: On Halloween, The Art Newspaper broke the story of a “cyber crime wave” crashing on gallerists and dealers around the world. Central to the saga is what’s known as a “man-in-the-middle” scheme, in which hackers infiltrate a gallery’s email servers to either send “corrected” invoices with different bank details to clients ready to consummate legitimate deals, or else e-masquerade as staff members to trick gallery management into paying phony invoices linked to criminal-controlled accounts.
The culprits generally continue to monitor the email correspondence after the funds change hands, specifically to hijack the conversation between the two sides so that each party can “assure” the other that their questions about absent payment or still-unconfirmed receipt of funds are baseless. Meanwhile, “the hackers move the money to avoid detection and then disappear,” leaving the confused victims to wonder WTF happened.
Fraudsters have already targeted the likes of London gallerists Laura Bartlett, Simon Lee, and Thomas Dane, as well as power player Hauser & Wirth, among others. Some managed to sniff out the chicanery or reclaim the lost funds. Others weren’t so lucky. Losses reportedly reached the hundreds of thousands of dollars in certain instances, and Bartlett told TAN that being victimized by the scam contributed mightily to her recent closure.
The big question, though, is what galleries will do now that the scam has gone public. The TAN piece ends with five simple cybersecurity recommendations for members of the art industry, such as encrypting all digital invoices and confirming bank details with senders or recipients via phone/text/chat prior to payment.
But while these suggestions are undeniably useful for safeguarding against this particular fraud, the reality is that smart criminals make a living (and sometimes even a killing) by thinking a step ahead of regulators and potential targets. By the time one scheme becomes common knowledge, many criminals have already pivoted to another.
Think about it: Stop carrying cash, and thieves start stealing credit cards. Begin testing Olympic athletes’ urine for performance-enhancers, and their home country might devise an elaborate scheme to shuttle in hundreds of bottles of clean piss during competition. Lock all your doors at night, and as my dad’s favorite Saturday Night Live sketch teaches, a predator might impersonate a deliveryman to convince you to let them right in through the front door.
The point is that gallerists can no longer sit on their hands when it comes to cybersecurity. Even if they follow every measure to protect themselves against a man-in-the middle attack, there are dozens of other types of breaches that can compromise their systems just as thoroughly—and plenty more being hatched by hackers as we speak.
In some sense, it’s only slightly less dangerous for gallerists to upgrade their cybersecurity for this particular scheme—and this particular scheme only—than to stay completely inactive. In an industry where many business owners still bristle at implementing new technology, then, this is one area where the best chance of safety is never-ending technological improvement. And that’s a larger, scarier reality that the art trade needs to wake up to quickly, for the sake of buyers and sellers alike. [The Art Newspaper]
EXPERT IGNORANCE: On Wednesday, my colleague Julia Halperin reported on a new Antiques Coalition study that concluded roughly “80 percent of the 100,000 antiquities available online at any given moment have no recorded provenance—which means they are probably looted or fake.” If collectors were to meet their prices, these dubious artifacts could command up to $10 million in the aggregate, according to the study, which was first reported in the Wall Street Journal.
While this illicit abundance owes in large part to thievery of cultural sites by ISIS and other jihadists, certain contours of the new digital frontier play a pivotal role too. For example, criminals now use online marketplaces like Amazon and eBay to list contraband for perusal by a potentially wide audience of inexperienced buyers, as well as leveraging social media/messaging platforms like Facebook, WhatsApp, and Snapchat to offer objects to collectors on a private, one-to-one basis. If complaints arise, it’s generally not difficult for a scammer to delete his account, cover his tracks in binary code, and reappear with a new handle elsewhere.
These tactics and others spurred Halperin to conclude that, “Ironically, dealers of fake or stolen art seem to have adapted to the digital revolution more quickly than many legitimate art galleries.”
Now, we should be careful not to interpret this statement too broadly. As Halperin knows well—which I would say even if she didn’t edit me at artnet and thereby perpetually wield the power to plunge me into rewrite hell—there’s a chasm between the requirements and trappings of success as a lone con artist versus a legit gallery. Most notably, the latter still depends in no small part on the prestige, longevity, and social capital created through maintaining real estate, whereas the former is free to scam and move as often as necessary.
Believing otherwise would be a little like believing that people living that #VanLife have adapted to current economic conditions more quickly than we suckers still paying rent for a stable home. It’s not necessarily that one side has figured it out while the other stays trapped in the Dark Ages. It’s just that the two sides have different priorities, expectations, and in some cases, resources.
On a more micro level, though, Halperin is absolutely right: Many gallerists COULD learn a thing or two about how to operate more leanly and creatively from these Snapchat-smokescreening antiquities thugs, not least because of the importance of discretion and secrecy to the gallery economy.
Too many of us in the art industry—myself included—are susceptible to what’s sometimes known as the Expert Paradox: the more we think we know, the less we try to learn or re-evaluate about our area of expertise. To some extent, the cyber-crime debacle in the previous story plays on the same dynamic. Many dealers have become successful without prioritizing data security, so how much motivation have they had to spend time and money on what was until this past week a threat that only seemed to exist in the abstract?
I’m not suggesting that gallerists should follow the FBI’s lead in hiring former con men—like precocious “Catch Me If You Can” subject Frank Abagnale Jr.—as consultants to help them uncover, cease, and prevent fraud, especially since they could probably get 80 percent of the same insights by hiring (and actually listening to) pretty much any Millennial. (There’s probably more crossover than most people think between smart protocol for discreetly offering high-value artworks and smart protocol for sending nudes—but that’s another column entirely.)
However, as I’ve written at length, adapting to the digital age is vastly more complex for gallerists and dealers than just opening up an Etsy store or holding court about social media with your college-age nephew at Shake Shack one night. The WSJ study illustrates that real value awaits those flexible enough to do the hard work of evolving. For those too stubborn to do so, though? As we heard so many times during the George W. Bush years, the terrorists have already won [artnet News]
EXPAND + CONTRACT: Finally this week, Isaac Kaplan covered the latest in a small, little-publicized lineage of contracts generated by artists to influence aspects of their works’ resale—this one created by interdisciplinary artist Alex Strada. Strada’s contract holds not only that “any collector must sell the [acquired] artwork after 10 years,” but that “all accrued value [from resale] must be reinvested in new work by an emerging female artist.”
The agreement is particularly timely in light of the recent attention on gender imbalance in the arts. But it isn’t about timeliness alone. Strada writes that her contract doubles as a way of “infusing [her] feminist beliefs into the legal fabric and trajectory of [her] projects.” The contractual provisions therefore take on a conceptual dimension—part of the reason that Strada mandates the agreement itself “must be exhibited with the work in a format or medium that is mutually agreed upon by [herself] and the collector,” with the possible display options being all but limitless.
Contractually intermingling the conceptual and the practical is not a new idea. Strada’s project was partly motivated by the 1971 contract co-created by gallerist/artist Seth Siegelaub and New York attorney Robert Projansky. Among other provisions, the freely available Siegelaub-Projansky contract mandates that the artist be paid a 15 percent royalty on any resale of their work.
While it has yet to be challenged in court—and might not survive if it were—the agreement is arguably more important as a sorting mechanism for collectors than as a legal protection for artists. Kaplan credits Hans Haacke, the most prominent artist to integrate the Siegelaub contract into his practice, with that idea. And Strada agrees that the same dynamic likely applies to her contract: If you’re willing to sign it, you probably have no desire to ever contest it, because you’re as enticed to acquire by the ideas as the artwork.
With the cyber-fraud epidemic now front of mind for many in the industry, though, the timing of Strada’s agreement serves up a rich slice of irony. Exposure to a “man-in-the-middle” scam hinges on the casual, arguably retrograde infrastructure of most gallery transactions, even at the highest level. As an anonymous American dealer told The Art Newspaper, “You can’t buy a $1 million condo without three weeks of paperwork and 100 checks and balances, but art dealers and their clients will wire $1 million after a single conversation.”
Strada’s works and those of any “emerging female artist” will undoubtedly sell for miles south of seven figures. Yet the Strada agreement, like the Siegelaub-Projansky contract and a few others after it, ensures that these transactions will be subjected to a significantly more rigorous process than the average sale by a mega-gallery. With added rigor and review comes at least some degree of added security.
So in my eyes, it doesn’t matter that these artist-generated contracts exist largely as conceptual devices. They still highlight how much more thoughtful, professional, and trustworthy the primary art market could be—and perhaps how much its participants would benefit if the paperwork were a little more worthy of the prices paid. [Artsy]
That’s all for this edition. Til next time, remember: Attitudes about laws often change once you’ve actually lost something between their cracks.