Madison Square Garden compiled a list of activists against facial recognition

Privacy
Security
Regulation
Surveillance
New York City

The article says Madison Square Garden compiled a list of activists who pushed back on its use of facial recognition, and that the document surfaced in a large hacked data dump from MSG. That lands on top of years of reporting that MSG has used facial recognition to identify and deny entry to lawyers tied to firms suing the company, critics, and other people ownership did not want in the building. People did not get hung up on whether one more dossier is shocking. The bigger point was that facial recognition turns a venue's ordinary right to remove someone into something much broader and more dangerous. A bouncer with a short list is one thing. A stadium that can match every face against a growing blacklist at near zero marginal cost is another. That scale changes behavior. It makes petty or retaliatory bans easy to enforce, easy to expand, and hard for the public to see until someone is turned away at the door.

If you run any customer-facing operation, treat facial recognition as a power multiplier that changes the policy problem, not just the implementation. The practical questions are who can be flagged, how people are told, how they appeal, and what happens when the underlying watchlist leaks.

June 23, 2026
404media.co
Discuss on HN

Discussion mood

Overwhelmingly negative. People saw the dossier as exactly the kind of petty, retaliatory use facial recognition invites, and the data breach made it worse by proving MSG could not be trusted to hold sensitive watchlists securely. The main divide was over remedy, not diagnosis: some wanted outright limits on facial recognition, while others accepted exclusion rights but wanted rules on notice, scope, and appeals.

Key insights

Scale turns trespass into automated retaliation

Facial recognition does not just make an existing exclusion policy faster. It removes the labor and attention costs that used to keep bans narrow, which lets a large venue enforce grudges and edge-case blacklists at stadium scale. That is why analogies to a bouncer with photos miss the point. The technology creates a qualitatively different enforcement power.

Do not evaluate biometric systems as a simple staffing optimization. Model what new categories of enforcement become cheap enough to use routinely once the system is in place.

Attribution:

kay_o #1
squibonpig #1
petsfed #1

The missing piece is due process

The core failure was not just that people were excluded. It was that bans could be silent, discovered only after buying a ticket and arriving, with no clear explanation or appeal route. That pushes the real policy question toward transparency and recourse. A venue open to the public may still need published rules, advance notice, and a way to challenge watchlist decisions.

If your business uses any blacklist tied to identity, build notice and appeals before rollout. Otherwise the customer experience will look arbitrary even when the underlying rule is defensible.

Attribution:

larkost #1
monksy #1
josefritzishere #1

The breach made the privacy case concrete

What changed this from a creepy policy story into a sharper warning was the hacked 45GB data cache. Once a biometric-linked watchlist exists, bad storage and broad sharing become part of the risk, not a side issue. Several comments drew a line between a simple exclusion list and the much richer dossiers companies tend to accumulate around it.

Treat watchlists as high-risk data systems, not operational notes. Minimize fields, lock down access, and assume any collection you justify for security will later be reused for something else.

Attribution:

afavour #1
wongarsu #1 #2
hn_acc1 #1

Banning law firms can chill legitimate lawsuits

A sharper legal framing emerged around retaliation. If a major venue bans employees and even families of firms that take cases against it, that can deter lawyers from representing clients in the first place. Commenters compared it to a private-sector pressure tactic in the mold of a SLAPP, and pointed to New York City's old rule against theaters banning critics as proof that public-facing venues sometimes do get special limits.

Watch for policies that seem narrow but change market behavior around the business. If your access controls can punish counterparties, critics, or their advisors, expect lawmakers to treat that as interference rather than ordinary discretion.

Attribution:

rayiner #1 #2
FireBeyond #1
freejazz #1

Against the grain

The problem is retaliation, not the camera

A minority view held that private businesses should generally be free to refuse entry to individuals for almost any non-protected reason, and that facial recognition is only one enforcement method among many. From that angle, the cleanest rule is not a broad biometric ban. It is a narrow ban on retaliatory exclusions, such as punishing law firms for suing the venue.

If you are writing policy, separate the tool from the abuse case. Narrow conduct rules may survive where sweeping technology bans do not.

Attribution:

xp84 #1 #2 #3

Some exclusions are ordinary venue security

Not every ban on a venue list is evidence of overreach. Lifetime bans for people who attacked staff, fought security, or threw objects onto the court are easy to defend. The trouble here is that MSG appears to have stretched the same machinery from obvious safety cases into critics and loosely connected lawyers, which contaminates otherwise legitimate uses.

Keep safety-driven exclusion categories operationally and legally separate from reputation or litigation-related categories. Mixing them under one system makes the defensible part harder to defend.

Attribution:

JackFr #1
smnrchrds #1
freejazz #1

In plain english

biometric ↩

A measurement or pattern from a person's body, such as a face or fingerprint, used to identify them.

dossier ↩

A compiled file of information about a person or group, often collected from multiple sources.

facial recognition ↩

Technology that analyzes a person's face in an image or video and compares it to stored images to identify or verify who they are.

SLAPP ↩

Strategic lawsuit against public participation, a legal tactic used to intimidate critics or opponents by making defense costly or risky.

watchlist ↩

A list of people flagged for extra scrutiny or special action, such as denying entry or triggering an alert.

Reference links

Reporting on MSG surveillance and the breach

404 Media archived copy of the dossier story
Archive of the main article for readers who want the full reporting without link rot risk
Wired report on Madison Square Garden's surveillance machine
Earlier reporting that adds background on the venue's broader surveillance practices
Archive of the Wired story
Paywall-free archive of the Wired background piece
404 Media report on the MSG data breach
Background on the hacked data cache that exposed the activist dossier
Archive of the 404 Media breach story
Archive of the breach report

Policy and legal context

Reinvent Albany on repealing MSG's property tax exemption
Cited in arguments that public subsidies should come with stricter accountability for venue practices
Yahoo Sports on James Dolan's extreme measures
Used as supporting background on ownership behavior around surveillance and exclusion
Futurism on MSG facial recognition cameras
Additional background on prior criticism of MSG's facial recognition use

Audio and other references

Pablo Torre podcast on James Dolan and MSG surveillance
Recommended for additional reporting and context on how the surveillance system operated
ShinyHunters onion site
Mentioned as the site where the hacking group posted leaked data