FOIA Documents Expose Details On TSA's $47,000 Coin Flipping App

from the but-with-at-least-as-much-possible-groin-grabbing-as-Tinder! dept

Time for yet another episode of “Your Tax Dollars Faffing About.” According to documents liberated by Kevin Burke, the TSA spent a ridiculous amount of money on an iPad app that randomly generates a left or right arrow.

They sent me two documents. The first is a disclaimer about how they had to black out some of the information. The second is the contract between the TSA and IBM. And there’s the payment:

Later today Pratheek Rebala reached out to mention that this data is available publicly, and there were 8 other payments as part of the same award, totaling $1.4 million; the document I have is one part, totaling $336,000. Furthermore, there were 4 bids for the contract and IBM won the bidding.

Because these are FOIA documents, some information has not been freed. (See: FOIA Exemption: SOP) This makes it difficult to narrow down the amount of the contract that went just to the random number/arrow generator.

Here’s a blurry photo of the app in use, overseen by a TSA agent wearing the regulation genital-fondling gloves.

The TSA — presumably appropriately shamed for spending $1.4 million on an app someone could build for several hundred thousand dollars less/without IBM’s awesome computing power during their spare time — began reaching out to those covering this story with a correction.

Taxpayers: the $1.4 million may have been blown on a left/right arrow app in total, but only ~$50,000 went directly to the development of the TSA’s random number generator.

The total development cost for the randomizer app was $47,400, a TSA spokesperson told Mashable, which was part of the $336,413.59 contract.

No further details were provided. This clarification suggests the TSA only comically overpaid for its “randomizer” rather than tragicomically overpaid for its digital coin flipper.

It’s not that the app doesn’t serve a purpose — although it does so in an overpriced, underwhelming fashion. The TSA had two concerns to address. First, it didn’t want to be viewed as “profiling” when “randomly” selecting people for extra scrutiny, as it had in the past.

You’re OK.
You’re OK.
You’re… brown. Come this way.
You’re OK.
You’re OK.
You’re… an infant. Please follow me.

Second, it had to actually randomize the outcome to deter would-be terrorists from gaming the system and bypassing the Director’s Cut of the TSA’s Security Theater.

So, it handled it as government agencies are supposed to. It made a list of requirements, opened up the floor for bidding, awarded the contract, and (most likely) watched deadlines and budget targets sail past like passengers granted instant Pre-Check approval just because the lines were getting a little long.

Now, it’s probably not quite as ridiculous as it first appears — all of this money devoted to a left/right arrow generator. The app would need to be both tamper-proof and idiot-proof and combining the TSA and IBM on a project is going to generate a lot of overhead costs. The total may also include the purchase of a few hundred iPads, which aren’t exactly easy on the wallet.

But in the end, it’s $50,000 for a random number generator with a lackluster front-end being run by a Wal-Mart greeter but for potential terrorists. And to date, it has yet to direct a would-be terrorist into the waiting arms of secondary screeners.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FOIA Documents Expose Details On TSA's $47,000 Coin Flipping App”

Subscribe: RSS Leave a comment
Ehud Gavron (profile) says:

mas o menos

We’re very proud of the “American tradition” that our free-market economy, supply-and-demand, and market-driven focus allows “greater freedoms.”

Of course ignoring tariffs*, trade-agreements, credit-exchanges, and other regulatory mechanisms that entirely make the above false, we get to the crux of the thing.

We love it when we can get a great deal on a new car because we did our homework. We love it when we find a great special at Macy’s on that crystal photo frame we just didn’t get as a gift at wedding number one. We love it when we can get five limes for a dollar instead of three.

On the flip side we’re proud when we sold our used VW Bug for a few thousands of dollars over the estimated price. We love seeing that Blac Chyna will likely get one million dollars for “starring” in a KUWTK episode. We love it if our worthless script for “Time Tunnel 1980” (starring Barry Van Dyke and Kent McCord) is purchased for a million dollars.

So we love getting something for less than what it’s worth.
We love selling something for more than what it’s worth.

This thing isn’t a failure on IBM’s part. IBM did their shareholders proud by collecting an amazing (“tragicomical”?) amount of money for a one-line app any schoolkid can code in under a minute. That someone put a graphical user interface (GUI) on it that’s a big arrow, and someone else made it “tamper-proof”* is awesome.

What IS the problem is that our government — which is supposed to have accountability and checks and balances — not only happily approved this whole mess, but then tries to explain it’s not as bad as we think it is.

So good on IBM and its shareholders for maintaining a profit margin on every app. Bad on the TSA for this. You can, however, consider that after fondling children, searching baby diapers, making people take out colostomy bags and various other things, having a mother drink her own breast milk, and holding travelers hostage for 15 years… this isn’t even sweet icing on that cake.


* Those blue regulation “genital fondling” gloves mean they can’t hack anything. They don’t trigger a response from capacitative-touch screens.

Whatever (profile) says:

The Price Is Right-ish.

A true randomizer (and not one that can be predicted) is actually a reasonable complex thing to write. The random() functions in most computer languages are not really as random as you wish they were.

46k for a the software that includes the randomizer actually ain’t very expensive at all. Remember, that is the whole APP, and not just the generator.

JoeCool (profile) says:

Re: Re: The Price Is Right-ish.

No, “true” computer randomization is easy. It’s beginner level stuff. If you don’t have the math, there’s a number of pages on the web that describe (complete with code) how to do any number of random number generators that are statistically indistinguishable from “true” randomization. Pick one and add the arrow and you’re done. It’s like 5 minutes work, with 4 of that being reading the web page and deciding which RNG you want to use.

John Fenderson (profile) says:

Re: Re: Re: The Price Is Right-ish.

Ummm, no, it’s not. The best you can do is to pull tricks like measuring time between arbitrary noncomputed events, such as keystrokes. But even those aren’t actually random.

You can, as you say, select RNGs that have very similar statistical characteristics with actual randomness for a finite run, but they are not producing truly random numbers.

But all of that is irrelevant, since what is needed for an app like this isn’t anything close to randomness anyway. Just using the standard library RNG combined with reseeding every so often would be more than adequate.

John Fenderson (profile) says:

Re: Re: Re:3 The Price Is Right-ish.

But that’s not the software generating random numbers (something that is impossible with the sorts of computers we use). It’s just the software reading a number from a device.

If that’s what the TSA was paying for, then one would think that they would have said so. Also, I don’t see any hardware plugged into those tablets.

John85851 (profile) says:

Re: Re: Re: The Price Is Right-ish.

Let’s get into more math…
If the TSA wants a random number generator that’s statistically more accurate than a regular computer’s random number generator, then what is the probability this system will catch a terrorist, based on all the past evidence of catching any terrorist at the TSA line? If the number of terrorists to be caught is statistically 0, then there’s no need for a random number generator with a higher level of precision.

Or Occam’s razor:
What are the chances that a terrorist will take the time to determine that the TSA is using RNG-1 Alpha 3 and that the randomization pattern is 0-1-1-1-0-0 and he’s able to slip into the wrong line? Compare that to a terrorist who just says “f this- I’m in the wrong line so I’ll blow up the airport”?

In other words, this is another $47,000 spent to make it look like the TSA is “doing something”.

Ehud Gavron (profile) says:

Re: Re: Re:2 The Price Is Right-ish.

John85851 wrote:
> In other words, this is another $47,000 spent to make it look like the TSA is “doing something”.

Absolutely. All this talk of math is missing the forest for the trees.

The TSA’s job is to prevent hazardous materials and dangerous people from crossing into the sterile area of a public airport. All the rest of this discussion is about a trivial piece of waving shiny object with an arrow on it which is all just a part of The Security Theater.


Anonymous Coward says:

Re: Re: One line.....

OK. Yeah, if you simply took the pseudorandom number generated, they wouldn’t be truly random. And yeah, if someone sat around long enough, they might be able to figure out the pattern, and make sure to take a position where they’d go into THIS line instead of THAT line. And that’s not acceptable for this type of thing.

But the solution to that is simple. Add the pseudorandom number to the human input you’re getting. If the user presses the “next” button and the milliseconds are even, take the psuedorandom result. If the milliseconds are odd, take the opposite.

For an application like this, that’s more than enough. You can’t get a reliable read on the pseudorandom sequence if the numbers are sometimes flipped. And even if you somehow could, there’s no way you could know to the millisecond when the TSA guy was going to press the button when it was your turn.

This should still take less than a day to make.

Whatever (profile) says:

Re: Re: Re: One line.....

The difference is that if you have someone in screening who is working for you, you might want to go through their line instead of another line so that you could get something truly bad through security (drugs actually would be a good example). The whole point of having more than one line and selecting people at random for each is to make it much harder for people to end up in the correct lane to pull off such a thing.

It also why they rotate the workers around frequently and not on schedule so that it’s harder to know where any employee or group of employees may be at any given them.

In the world of what you guys would call “security theater” the random line selection software is actually something that adds to security in a small but real way.

Brad says:

Price isn't that far off

I work in IT procurement for a non-IT fortune 50 company. We do business with all the major IT firms, IBM included.

For a simple custom web app that is being deployed in a (hopefully) controlled environment, this isn’t a terrible price. My guess would have been around 10-20k from a similarly sized developer. But the government contracting/requirements process by itself probably adds 50-100% to the cost, even before a line of code has been written.

I’m sure Joe developer could do it at home for less, but IBM’s not gouging them and the government isn’t overpaying any more than normal for this.

Peter says:

Re: Price isn't that far off

50 – 100 % is probably underestimating. Most of the requirements process is non-scaling. i.e. the costs remain the same no matter how small or simple the job.

I remember a certain defence company being forced to go through a full requirements, tendering and evaluation process to buy two radios….not two types, count them, two actual radios (one of the requirements being they had to be off the shelf). One of the bidders commented that it would have cost them less to just ignore the bid process and just send the two radios.

Ehud Gavron (profile) says:

"True Random" vs "Pseudo Random"

It’s not really important whether it’s truly random. As Whatever pointed out “A true randomizer (and not one that can be predicted)” is what’s important. For being unpredictable the stock random functions are important enough.

See for a much more thorough discussion.

However, whatever random function they used, it’s still a huge chunk of change…

Machin Shin (profile) says:

The one thing that I keep seeing mentioned is that using the built in random function is not really random. This is indeed very true. The thing is, who is saying they actually wrote anything better? You assuming that almost $50k was used to make a more truly random system.

I for one would not be shocked is that app just uses the built in random number generator everyone is complaining about. I would love to see a study showing how well they did at really making this random.

David says:

Why do they even need an app?

There’s only one reason why they really need an App.

They don’t trust their own staff.

They don’t trust agents to divide people to proper lines to maximize traffic flow.

They don’t trust agents to not divert hot chicks to their buddies.

They don’t trust agents to not divert valuables to their cohorts for pilfering.

They don’t trust agents to not inappropriately scrutinize people (racist, etc).

They don’t trust that they will divert an unsavory person over to the line with a willing cohort avoid detecting things.

The only reason that makes sense why the TSA would spend $50K on an App to direct people randomly between two lines – is they are not able to trust their own agents.

Anonymous Coward says:

Another consideration: humans are a poor judge of randomness, because our brains are designed to find patterns. True randomness may not be exactly what they needed here. It’s the old problem people had with thinking their iPod’s ‘liked’ certain artists over others. It didn’t, the random number generator just happened to pick several tracks from the same artist or album in a run.

A truly random system can have a long run of the same or similar results but on a long enough time scale will still show an even distribution of the possibilities. Imagine what a disaster it would be if the app selected LEFT a thousand times in a row, while the right lane stayed empty. And does the app support checkpoints with more than two lines?

They probably wanted a combination of randomness and even distribution on a short to medium timeframe so all lanes are utilized to capacity but no one can claim that they were profiled. You have to be random, but not too random. This might not have been the world’s most complicated software, but it isn’t trivial either. There’s plenty to criticize the TSA about; I’m not sure this is worth as much bluster as other things they do.

nasch (profile) says:

Re: Re:

Imagine what a disaster it would be if the app selected LEFT a thousand times in a row, while the right lane stayed empty.

If I understand right, this is not to optimize traffic flow. People will mostly even out the length of lines if left to their own devices. This is to decide who should get random additional (useless) screening. So it should choose one direction most of the time, and only divert someone now and then.

Mark Wing (user link) says:

That app probably came with an inch-thick specification document and took two junior developers and a project manager 6 months to build. It was probably a fair price considering all the bureaucracy and hassle of dealing with the government.

But yeah, a normal company with streamlined / sane requirements could’ve had it build for a fraction of the cost.

CynicalChris (profile) says:

New Tech for Old Tech

I remember visting Brazil around 20 years ago. As you got to the front of the customs queue, you pressed a button and were presented with a green or red light.

Green light, you went straight out the door, red light you were searched on your way out.

Probably just as random as this app, but in addition, there may have been someone watching the queue and overriding any random light selection!

Anonymous Coward says:

Missing the point.

Nobody is actually going to believe that it’s random anyway.

The point, is that by putting it on a screen, the perp/vic can’t tell who picked him. Which makes litigation more difficult. And lessens the likely-hood of a direct conflict at the time of selecting said perp/vic.

Yep. It would be one line of code if it worked as described. No it isn’t one line of code.

Spaceman Spiff (profile) says:


“The TSA — presumably appropriately shamed for spending $1.4 million on an app someone could build for several hundred thousand dollars less/without IBM’s awesome computing power during their spare time.”

I am a professional software engineer with 30+ years experience in the field. I could write this program in about 15 minutes! At $200/hour (my consulting rate – may have to increase that), and a 1 day (8 hour) minimum, ok – $1600 bucks. That is almost 3 orders of magnitude (1000x) less than IBM charged!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...