By Dan Murphy
New York State says it wants to make online sports betting safer. But a new proposal to require facial recognition for every single wager risks doing something else entirely: putting millions of New Yorkers most sensitive data at risk while also further normalizing biometric surveillance in our everyday lives.
The past few years have seen a measured increase in the use of facial recognition software. We have become accustomed to having our faces scanned at the airport but now many New Yorkers’ faces are being scanned when they go to the grocery store, sports events, or even as they enter their own homes. And now, New York State is considering not just adding, but requiring, facial recognition to be used in another aspect of life where it is not needed – mobile sports betting.
The New York State Gaming Commission recently announced a new slate of draft regulations that they argue would bring increased consumer protections to the legal online sports betting industry. Among those draft regulations is a requirement that every user submit biometric facial scans, not only when signing up, but every time they place a bet. This, despite the fact that these apps already utilize strict age and identity verification processes when users sign up. While regulators may view biometric scans as an added layer of security, in reality this would be an unnecessary expansion of data collection that puts New Yorkers’ privacy at significant risk.
Biometric data is vastly different from other personal information, like usernames or passwords. If a password is compromised it can be changed. If a credit card is stolen it can be canceled. But a facial scan is permanent, and it cannot be altered or replaced if it falls into the wrong hands.
Requiring millions of New Yorkers, who enjoy gambling legally as entertainment, to hand over this data creates a centralized repository of highly sensitive information that effectively becomes a target for hackers and malicious actors. Data breaches have affected even the most sophisticated organizations, from multinational corporations to financial institutions to government agencies. To assume that a newly constructed system, one that neither operators nor the state currently have the infrastructure to manage, will be immune from such potential attacks is unrealistic. The consequences of a breach involving biometric data would be far more severe and enduring than traditional data leaks.
That’s why any private business that does choose to use biometric identification software is legally required to notify New Yorkers about this technology, so that if they are not comfortable handing this information over to a private company they can choose to take their business elsewhere.
Individuals even have the option to opt out of biometric scans when going through TSA checks at the airport. But under these draft regulations, the only way New Yorkers would be able to bet legally online would be to submit their face scans to these apps. There is no alternative option or opt-out system. This would certainly drive more users to illegal, unregulated websites and apps, or federally regulated prediction market platforms like Kalshi and Polymarket, where they would not need to scan their faces to bet. Such a migration out of New York’s regulated market will cost the state tax dollars, given these alternative options contribute nothing to New York, operating outside of its regulations.
On top of this, we cannot forget that facial recognition has been proven to experience issues recognizing the faces of people of color. This means that implementing this technology could potentially result in users being locked out of these apps due to their race or physical appearance. That, even if unintended, would be an absolutely unacceptable consequence.
New York has long been a state that values civil liberties. Mandating biometric surveillance for everyday digital transactions runs counter to that principle. It also raises some fundamental questions around data ownership and storage, as well government access across multiple agencies.
In short, there are no answers to these questions and that is precisely why we must not allow New York State to introduce biometric surveillance into yet another aspect of our lives. The risk is too great and the reward is too small to force New Yorkers to submit their most sensitive information to engage in a practice that is legal, secure, and already well-regulated.
