Madison Square Garden Turned a $100M Security System Into a Personal Enemies List

When Security Tech Becomes a Grudge Keeper

Madison Square Garden spent over $100 million on facial recognition technology to enhance venue security. Instead, according to a federal lawsuit filed by former VP Donald Ingrasselino, owner James Dolan turned it into a personal blacklist system—banning lawyers whose firms sued MSG entities, Knicks fans who chanted for him to sell the team, and at least one transgender woman explicitly because of her identity.

The lawsuit, exposed in a Wired investigation this April, reveals how enterprise surveillance infrastructure—marketed by vendors like anyVision (now Oosto) for "frictionless guest experiences" and threat detection—can be weaponized when executives have unchecked access. Dolan reportedly maintained a custom watchlist of over 1,000 faces, uploaded via mobile app by staff, with bans enforced automatically at venue entrances based on 99%+ match rates. No due process. No appeal. Just a denied entry based on being on the wrong side of a billionaire.

The God-Mode Problem

Ingrasselino, a 20-year security veteran who helped implement the system, claims he was demoted after raising ethical concerns. In deposition testimony, he stated bluntly: "It wasn't about safety; it was Dolan's grudge list." According to the suit, MSG added over 1,500 people manually to the system in 2025 alone—far exceeding the scale of known security threats at any major venue.

This stands in sharp contrast to how these systems are sold. Oosto's marketing materials emphasize "ethical AI" and anonymized threat scanning—detecting prohibited items or known criminals without storing personal data long-term. The pitch to enterprise buyers focuses on efficiency gains: reducing security staffing costs by 30-50% while improving response times. What the whitepapers don't address is what happens when someone with administrator access decides the system serves a different purpose.

The technical architecture makes abuse straightforward. MSG's deployment integrated facial recognition with CRM-like databases, flagging individuals in real-time as they approached entry points. Staff could upload photos from any incident—a heated exchange with an usher, a lawsuit filing, a critical tweet—and the system would do the rest. The lawsuit details at least one attorney barred simply because her firm represented plaintiffs in an unrelated MSG case. She learned about the ban only when denied entry to a concert she'd purchased tickets for months earlier.

The B2B Blind Spot

The global facial recognition market hit $7 billion in 2025 and is projected to reach $18 billion by 2030. Vendors like Clearview AI, NEC, and dozens of smaller firms pitch these systems to Fortune 500 clients for HR screening, retail loss prevention, and facilities management. The sales process emphasizes ROI—faster processing, fewer security incidents, lower insurance premiums. What it rarely addresses is governance: who gets access, what counts as a legitimate use case, and how to prevent mission creep.

MSG's case spotlights the gap. The system was approved for security purposes—identifying individuals with prior violent incidents or active restraining orders. But with no external oversight and weak internal controls, Dolan allegedly expanded the criteria to include "people who annoy me." The lawsuit claims this extended to fans recorded on video chanting "Sell the team!" during games, turning protected speech into a bannable offense.

Industry fallout is already visible. Live Nation reportedly paused similar pilot programs at its venues pending legal review. A Forrester survey from Q1 2026 found that 65% of enterprise buyers now demand comprehensive audit logs before signing facial recognition contracts—up from 31% a year earlier. The MSG scandal has become a cautionary tale in procurement meetings: this is what happens when you buy powerful tools without governance frameworks.

What Comes Next

Ingrasselino's lawsuit seeks damages for retaliation and wrongful demotion. But the broader implications extend far beyond one aggrieved executive. If a major venue operator can repurpose security tech for personal vendettas, what prevents HR departments from flagging "disloyal" employees? Or sales teams from blacklisting tough negotiators? The technical capability exists in thousands of enterprise deployments right now.

Regulatory responses are gaining momentum. New York City's stalled biometrics bill—which would require explicit consent and regular audits for facial recognition in commercial settings—is back in committee with renewed support. Similar proposals are advancing in Chicago and San Francisco. In the EU, where GDPR fines for misuse can exceed €20 million, MSG's European venues face scrutiny from data protection authorities.

Some vendors are pivoting to federated learning models—decentralized matching systems that compare faces against encrypted templates without maintaining central databases. The tradeoff is slightly lower accuracy for significantly reduced abuse potential. Early adopters report 3-5% more false negatives, but virtually zero risk of someone building a personal enemies list.

The MSG case proves that enterprise technology's greatest vulnerability isn't hackers or system failures. It's the humans with administrator privileges who decide what the system is really for. And no vendor whitepaper has figured out how to patch that.