MSG Spent Millions on Facial Recognition to Ban Knicks Fans Who Booed the Owner

When Enterprise Security Becomes a Grudge List

Madison Square Garden deployed a multi-million-dollar facial recognition system across its venues — the Garden, Radio City Music Hall, the Beacon Theatre. The pitch from vendors like anyVision (now Corsight AI) was standard enterprise security: scan crowds in real-time, flag threats, keep people safe.

Instead, according to a lawsuit filed by former VP of Security Donald Ingrasselino, owner James Dolan used it to blacklist over 1,000 personal enemies. The database included Knicks fans who chanted "Sell the team," attorneys from law firms suing MSG entities, and a transgender woman barred solely based on her identity. A B2B surveillance tool built for public safety became a digital bouncer list for a billionaire's critics.

How the System Actually Worked

The setup was sophisticated. Over 100 cameras across MSG properties captured faces at 30 frames per second. The system cross-referenced those faces against a custom database in real-time, with 99%+ match accuracy according to internal documents. When someone on the list arrived, security received an alert.

But Ingrasselino's complaint — detailed in a Wired investigation from April 2026 — alleges that internal documents showed zero focus on criminal threats. The priority was Dolan's foes. Attorney Jennifer Connell, who was suing MSG over its facial recognition practices, got flagged and denied entry. Fans whose only offense was vocal dissatisfaction during games found themselves permanently banned.

Ingrasselino, a 20-year MSG veteran, claims he was fired after objecting to what he called an unethical deployment. His lawsuit is now one of several filed under New York privacy laws, forcing the company to defend not just the technology but how it chose to use it.

The B2B Angle Everyone Missed

This isn't just a story about a petty billionaire. It's a case study in how loosely regulated enterprise surveillance tools actually are.

Facial recognition is a $5 billion-plus market dominated by players like Clearview AI and Corsight. Vendors pitch "customizable security" to enterprise buyers, but there are precious few guardrails on what "customizable" means in practice. Companies buy these systems for one stated purpose — threat detection, access control — then quietly repurpose them for others.

MSG isn't alone. Recent data suggests 70% of enterprise AI deployments now face similar "scope creep" — tools adopted for a specific use case that gradually expand into adjacent, sometimes ethically murky territory. HR departments buy sentiment analysis software for employee engagement surveys, then use it to flag union organizers. Retailers install heat-mapping cameras for foot traffic analysis, then start identifying individual shoppers.

The difference is that MSG's deployment was allegedly personal from the start. Dolan didn't drift into misuse. According to the complaint, he engineered it.

What Vendors Aren't Saying

Surveillance technology firms are now distancing themselves through NDAs and carefully worded statements about "appropriate use." But the uncomfortable truth is that their sales pitch enables exactly this kind of deployment. "Fully customizable database." "Flexible integration with existing security infrastructure." "Proprietary watchlist management."

Those features sound neutral in a product demo. In practice, they mean a buyer can populate the database with whoever they want, for whatever reason they want, with minimal oversight.

EU-style regulations are starting to loom in the U.S. Several states are considering laws that would require regular audits of facial recognition deployments, with mandatory reporting on database composition and match rates. The MSG case will likely accelerate those efforts.

The Takeaway for Enterprise Buyers

If you're buying surveillance technology — or any AI system that makes automated decisions about people — the vendor won't stop you from misusing it. That's the lesson here.

MSG bought enterprise-grade facial recognition from reputable vendors. The system worked exactly as designed. The problem wasn't a technical failure. It was that no one in the procurement process asked: "What happens if someone uses this for the wrong reasons?"

Smart buyers are now adding audit clauses to RFPs. Who gets added to watchlists, and why? What review process exists before someone gets flagged? Who has access to the database, and what documentation do they need to provide?

Those questions feel bureaucratic until you realize that without them, your multi-million-dollar security investment could end up as Exhibit A in someone else's whistleblower lawsuit.

James Dolan wanted to keep his critics out of his buildings. He succeeded, at least for a while. But the real cost — for MSG, for the vendors involved, and for every enterprise buyer now wondering what "appropriate use" actually means — is still being calculated.