Face Recognition Threatens to Replace Tickets, ID at Sports Events – and Beyond
Sports stadiums around the country have begun using face recognition to identify ticket holders, threatening to normalize a uniquely powerful surveillance technology that has already been used for abusive purposes. Worse, companies involved are already planning big expansions, raising the specter of a world where our faces become not just our ticket at sports stadiums, but a passport we’re forced to show across society.
There is a big difference between face recognition being used by you, and face recognition being used on you.
Face recognition has been creeping into stadiums for roughly six years. In 2018, a security group used face recognition on fans at a Taylor Swift concert and Madison Square Garden scanning the faces of attendees, supposedly as a security measure. The Garden’s security rationale was undermined a few years later when the technology was used to lawyers who happened to work for a large firm where another lawyer was suing The Garden’s billionaire owner, James Dolan. Dolan, whose companies own many arenas around the country, had previously used his control over them to a Knicks fan who, upset over a losing streak, told Dolan he should sell the team. Face recognition technology not only allowed Donlan to expel the lawyers, but also provided a way for him to ban the disgruntled Knicks fan.
These abuses rightly sparked controversy and focused national attention on the potential misuses of face recognition. But, beyond security and marketing deployments, it’s also worth paying attention to the use of the technology for ordinary access control.
Face recognition has been creeping into stadiums for roughly six years.
In recent years many sports arenas and leagues have embraced face recognition. In 2018 baseball stadiums using face recognition for admittance by partnering with the airport company CLEAR. In August 2024, the NFL announced that it was face recognition to control access to restricted areas in stadiums, such as offices, press boxes, and locker rooms. Meanwhile, a number of NFL teams have begun offering fans the option to use face recognition instead of tickets to enter stadiums. That involves sharing a photo of one’s face with the company Ticketmaster, which is then compared against a photo taken when you enter the stadium. In September, an executive with the company Wicket told a D.C. that the company planned to provide face recognition ticketing services to more than 40 stadiums “across all the major leagues.” Other vendors are providing .
These deployments have drawn — not only from privacy advocates, but also from police officers who work stadiums. In Las Vegas, both the Las Vegas Metropolitan Police Department and the local police union to participating in the NFL’s secure-area face recognition program at Allegiant stadium, and subsequently to participate in it. The police union president the Associated Press that “[Privacy is] what everybody’s concerned about — taking our personal information and sharing it with vendors and teams.”
Some have called stadiums “the future of surveillance.”
Some have called stadiums “the .” Indeed, what is happening in stadiums shows signs of spreading elsewhere. Certainly, the corporate providers have big plans. An official with the Cleveland Browns, which was an early adopter of Wicket’s services and whose owner is a Wicket investor, spoke at the D.C. about how he’d like faces to become a unique identifier across a variety of services. “Ticketmaster runs our ticketing, we have a concessions partner that runs our concessions, we have a merchandising partner,” he said. “I would love to get to the point where a customer’s face or a fan’s face could be their identity to all these different platforms [and where] all this technology is tied to your identity.”
Sports companies may already be eager to see face recognition used as a unique identifier across the sporting world, but there’s little reason to think it will be contained to sports. The Wicket executive said his company has already expanded to offering face recognition as the means of entry to large conferences and that “some of the [sports] venues we’re in are starting to use us for other purposes beyond just sporting events.” He said they’re also starting to talk to venues that only host concerts.
All of this expansion raises the question: where will it end?
All of this expansion raises the question: where will it end? Are we looking at a future where face recognition is used everywhere and we can’t escape it? It’s already being pushed as a replacement for credentials by the Transportation Security Administration (TSA) and Customs and Border Patrol (CBP) in what are the first government face-recognition checkpoints. It is also used in a few housing facilities for access control as well as security. But it’s also being used in the private sector to access various facilities, including some office and . Universal Studios has face-recognition access control at its theme parks in Florida. (“We have done this at our park in Beijing,” a Universal executive boasted to a reporter, seemingly oblivious of the irony.)
What happens if this technology starts appearing everywhere? The identity company , which sells face-recognition access control devices, “Frictionless Access Everywhere!” It and other vendors, which include a number of , mention banks, medical offices, hotels, public transportation, retail stores, schools, and restaurants. CLEAR has expanded its face recognition ID service from airports to Uber, LinkedIn, and tool rental at Home Depot, and the “universal identity platform” for the physical world.
If this happens, it will be in part because companies have embraced the efficiencies, the marketing advantages, and the security advantages that may be gained from switching to face recognition. They’ll claim it will shorten lines, though it’s unclear how much more efficiency, if any, face recognition provides over barcode tickets. If it is faster, what it’s really doing is increasing profits for businesses — after all, short lines and quick entrances are always possible if the venues will just pay enough workers to staff the entrances.
These efforts may also connect with another technology the ϰſ is watching closely: digital ’s licenses. A Los Angeles stadium executive, Christian Lau, said at the D.C. conference that “We’re also rolling out mobile ’s licenses acceptance in California…. We’ll have a whole marketing campaign around it. It’s going to be really cool, and we’ll tie all of our systems together ultimately.”
What's Wrong with Face-Recognition Access Control
All this might be great for billionaires, team owners, and big companies, but none of it would be good for ordinary people. The ϰſ is concerned that:
- You can’t reset your face, which means you can’t reset your relationship with any of the entities that use it, who will never forget your history of transactions. That empowers them and disempowers you. We will lose control of when we’re being identified and checked and when we’re not.
- The face you present to one company is the same face you present to all the others, which makes it easy for them to get together and compare notes on your behavior. When your face is your ID, your ID is plain for all to see. Plans to “tie all our systems together” should be heard as an ominous warning.
- Centralized data stores always raise questions of data security and breaches. Faceprint databases are no exception, and a breach could result in fraud and other harm to the people whose data is being held. For example, stolen faceprints could be used to hijack pay-by-face apps and steal goods and services. This is particularly worrisome because again, while a credit card or account number can be changed after a breach, you are stuck with your face.
- The more companies that have your face, the more they can use that face in other contexts and places for other purposes — such as security uses and blacklists. Not only can’t you reset your face, you can’t likely live your life covering it. As we’ve already seen at Madison Square Garden, it’s a small step from using your face to ticket you to using your face to ban you.
The use of face recognition for watchlists may be one of the most inevitable and consequential side effects of “your face is your ticket.” Watchlists mean false positives and failures to update, producing situations where people are mistaken for others who are wanted or banned. They likely mean abusive private blacklists as companies collude – often through third parties – to share people they wish to exclude. There’s a long history of private and quasi-private watchlists being abused, going back to the labor battles of the early 20th century, when workers and organizers were blacklisted as “troublemakers” and could have trouble getting a job. Watchlists also likely mean a lack of due process over who is targeted. We’ve seen that in most watchlist programs in recent decades, especially those run by the government, even though it, unlike private companies, is bound by at least some checks like the Privacy Act and the Fourth Amendment.
As the stadium executive Lau noted, praising the advent of face recognition, “We can all thank Apple, because FaceID has gotten people so used to unlocking their phones, they don’t think about it.” But Apple designed their unlocking systems such that your facial image never leaves your phone. That means it’s a completely different ballgame than sharing your face with the network of billionaires and monopolists that control the sports world, and the business world beyond sports. There is a big difference between face recognition being used by you, and face recognition being used on you.
The danger is that uncritical mass acceptance of these technologies for some very slight convenience will usher in a world where they become inescapable. If you’re offered the option to use face recognition next time you’re seeking admittance somewhere, you should opt out — this is not a trend that will be good for you. Policymakers and companies should also say no to face recognition technology for access control. It’s just not that hard to use a ticket.