Madison Square Garden didn’t just install facial recognition cameras. It compiled a dossier on those who dared to criticize the technology. The revelation, stemming from a 45 GB cache of data stolen by hackers and reviewed by 404 Media, shows a Word document titled “Facial Recognition Activists.docx” saved in a SharePoint folder called “Activists.” It contained detailed profiles of Evan Greer (Fight for the Future), Albert Fox Cahn (STOP), and Adam Schwartz (EFF): contact information, social media handles, follower counts, and public quotes opposing the venue’s biometric surveillance.

How the internal tracking worked

The dossier, dated December 23, 2022, wasn’t a one-off exercise. It was accessible to other people inside the company via SharePoint, suggesting an internal sharing logic. For each activist, MSG gathered tweet screenshots — one from Greer was flagged just 16 hours after posting — and documented their statements made to national outlets like NPR and The New York Times. It’s unclear who authored the document or why it was stored, but the speed of recording criticism points to active, systematic monitoring.

The on-premise surveillance knot

MSG’s facial recognition system has been operational since 2018 and runs on local infrastructure: images are captured at entry points and matched against databases managed entirely by in-house security. A WIRED investigation revealed that the security head had loaded photos of 1,200 lawyers into the software, scraped from over 90 law firms’ websites. This entirely on-premise approach sidesteps typical cloud constraints but doesn’t eliminate the risk of misuse. On the contrary, the incident proves that physically controlling the infrastructure doesn’t guarantee ethical data governance; it can actually facilitate abuses like blacklists, without external oversight.

Why data sovereignty isn’t enough

For those evaluating on-premise deployment of LLMs and AI systems, the lesson is clear: owning the hardware and keeping data in-house is necessary but not sufficient. True sovereignty requires transparent policies, independent audits, and hard limits on personal data usage. The MSG case shows what happens when a company uses its computational capacity to punish critics, turning an entertainment venue into a surveillance apparatus. Without accountability mechanisms, even a local deployment can become a tool of commercial repression.

What it means for AI infrastructure designers

The story resonates directly with self-hosted inference architectures. When an organization brings AI on-premise for privacy or latency reasons, it also inherits the duty to prevent abuses. This isn’t an abstract concern: MSG’s actions demonstrate that biometric data — and by extension, behavioral or conversational data collected by an LLM — can be reused against specific individuals. Designing an on-premise system today means planning for granular logging, role-based access, and strict data usage limits, embedding privacy protection from the start rather than tacking it on later.

As EFF’s Adam Schwartz publicly wondered about the next step (‘Will companies use facial recognition to keep out people who picketed or left a negative Yelp review?’), MSG’s dossier acts as a warning. Technology isn’t neutral, and when it runs on proprietary servers without supervision, the line between security and surveillance can wear dangerously thin.