Slashdot Mirror
TSA Paid $1.4 Million For Randomizer App That Chooses Left Or Right (geek.com)
An anonymous reader writes: For those of you who have traveled through U.S. airports in recent years, you may have noticed the Transport Security Administration (TSA) use a Randomizer app to randomly search travelers in the Pre-Check lane. The app randomly chooses whether travelers go left or right in the Pre-Check lane so they can't predict which lane each person is assigned to and can't figure out how to avoid the random checks. Developer Kevin Burke submitted a Freedom of Information Act request asking for details about the app. The documents he received reveals the TSA purchased the Randomizer iPad app for $336,413.59. That's $336,413.59 for an app, which is incredibly simple to make as most programming languages of choice have a randomizing function available to use. What may be even more intriguing is that the contract for the TSA Randomizer app was won by IBM. The total amount paid for the project is actually $1.4 million, but the cost is not broken down in Burke's documents. It's possible IBM supplied all the iPads and training in addition to the app itself.
TSA soon to be appearing in the Panama Papers...
$413 dollars in developer time to create the app and $336,000.59 in corporate overhead and bloat, the additional $1,000,000 is just for Evil
The question is whether it is truly random or not. If they spent $1.4M and got a truly random result, fine. It's absurdly pricey, but it works. If they spend $1.4M and got the rand() function, then terrorists might be able to exploit it to escape random searches.
"as most programming languages of choice have a randomizing function available to use"
You mean has a psudo-random function that is not that hard to predict.
Casino Level Randomization is a little harder.
I know you're being silly on purpose, but would a true randomizing device really be necessary? Human traffic patterns already have such a random element to them that even if one somehow could reliably predict the next number in the software algorithm, there are so many other factors that can't be controlled that it's still essentially random anyway.
I honestly could see it being in the low five-figures to develop such an application, but that money would mostly be applied to figuring out how to design the user-interface of the application such that it best-fits with how the TSA is *supposed* to operate, and in beta-testing to confirm that it does what it's supposed to do and that any untrained TSA agent down to the junior-assistant-trainee who breathes with his mouth open could use it and understand it, but mid-six-figures is pretty ridiculous.
Do not look into laser with remaining eye.
The TSA's employees need training on an app that randomly tells people to go left or right?
ZOMG $1.4M for an app that randomizes a single bit!!! (*)
* Note that it may have actually been $1.4M for hardware, training, and app.
Seriously, how fucking asinine are these clickbait articles getting? If you can decisively say that they charged $300k+ or $1.4M+ for an app that simple, do so. Otherwise you're just full of shit.
He means precisely instances like that. One needs to find a more idiotic view: the app tells TSA person which way to show the finger. If anybody wants an example of fraud, waste and abuse: this is it. We could listen ad nauseum to TSA explanations, saying that app needs to be secure, or that they have to follow the procedures, or they needed many licenses.... blah blah blah
The point is that if airport security would be private that kind of nonsense would not exist by definition. Now it is public money that were spent.
This is not the only software that uses random function. There is another software that randomly selects passengers for additional screening. Here is how Israel does it, does it for free and very effectively: they let the screening agents to pick and choose any passenger that they want or have a hunch. So fare they are very effective in preventing bad dudes in boarding their planes.
This may be the most surprising tidbit in the article.
Honestly having worked with government, it sounds about right probably a 1000 hours of meetings to choose the colours, shape, discuss the randomizing algorithm etc. prob took no time at all to write.
The TSA employees first needed to be trained to understand "left" and "right".
A simple micro-controller, a button, and two LEDs would work just as well for just a few bucks.
A die (singular of "dice") would work just as well, and would handle up to 6 checkpoints.
Amazon has them, 100 for $2.79.
Are you selling it to the federal government? [YES]
Is a random number generator used in the product? [YES]
Is the product intended for a security application? [YES]
Requirement: The Random Number Generator be CAVS certified to SP800-90A and the module within which is operates be FIPS140-2 certified.
That's $100,000 before you've got out of bed, to meet the government procurement requirements.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I read stuff like this and it makes me question having ethics and conscience.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
It's possible IBM supplied all the iPads and training in addition to the app itself.
I know it is fun and easy to criticize the TSA, and I am in favor of replacing them entirely with any of a dozen different possibilities. That said, there is a big difference between developing an app and supplying hardware and doing testing and training. I could build the app but I have no idea what the cost would be to test it sufficiently to meet government standards, then train the staff to use them, then equip the staff with hardware to use it. The cost of the app could literally be $0 and still top $1 million after the testing, training and equipment costs.
Someone else pointed out this is typical clickbait. It's got a shocking headline but then scant details on what actually caused the scenario. If they'd instead said "TSA has IBM develop an app that IBM contributed for free in exchange for exclusive rights to train staff for $10/hr each on how to handle customer service. Additionally, IBM will supply sufficient devices to have a minimum of two for each airport line at 5% profit per device" then the headline wouldn't generate nearly so much interest and the criticisms would be much better founded.
I wouldn't be at all surprised to find out that the bureaucracy that guides the TSA spent far more than is reasonable. I just didn't see enough details in TFA to assume that is actually the case. Does *anyone* have a breakdown on what kind of training, what kind of testing, what kind of devices were purchased?
That was surprising? Have you seen a TSA agent recently?
-=This sig has nothing to do with my comment. Move along now=-
To be fair, can you imagine flipping a coin and flawlessly catching it thousands of times per day?
-=This sig has nothing to do with my comment. Move along now=-
Build a device with a small radioisotope source, detector, poison vial and cat. Calibrate the source to provide a 50% probability of a particle emission for the average passenger rate. Open the box and check the cat. Cat alive: Right lane. Cat dead: Left lane, reset vial, replace the cat and proceed.
Have gnu, will travel.
What happens when ISIS uses one of the well-known DNS holes to redirect http://www.yesnogenerator.com/ to a site that returns the answer that they want? You just let 5 terrorists get through security.
Intron: the portion of DNA which expresses nothing useful.
I know you're being silly on purpose, but would a true randomizing device really be necessary?
I have a $0.01 alternative to this randomizer app.... Flip a fair coin. Designate one side of the penny Heads, and the other side tails....
Also, even if they have 50,000 pre-check lanes, the total cost is still only $500.
I have a system that is:
- Analog
- Does not require electricity
- Durable
- Ambidextrous
- Gender neutral
- Made in the USA
Training video here: http://putlocker.is/watch-goin...
Dear Mr. Sexconker,
We are in receipt of your case of 2000 (two thousand) manually operated analog cupronickel randomization discs. We admire the evident durability and domestic origin of your product, and initial testing proves that the sequence of flips is suitably random. In addition, we are confident that your training video can be developed into a course that our agents will be able to complete in about six months.
Unfortunately, your product does not meet the contracted criterion of gender neutrality. Al of the "heads" depicted are male.
Yours,
Monroe Fnord, Technology Director
Transportation Security Administration
Oops.. the beta version failed to work... here is a revision: rand() % 2;
I recently read "Lauren Ipsum: A Story About Computer Science and Other Improbable Things" to my eight year old. One of the (many) interesting substories involved "fair coins." Lauren's money isn't taken in Userland because her quarters can't be guaranteed as fair. However, someone points out that you can make any coin a fair coin by flipping it twice. If both flips result in the same side, you ignore it and flip two more times. If the two flips have differing sides, you take the first side.
In other words:
Heads-Heads or Tails-Tails = Flip again.
Heads-Tails = Heads
Tails-Heads = Tails
Even if there's a bias towards one side, it will be cancelled out and the flip would be fair.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Seriously, 80%-85% of the bid covers dealing with the US government. Multiple thousand-documents over the course of years, flying back and forth for pointless meetings, and maybe you eventually get paid.
Here are my rates as a developer , for similar software delivered:
Order online, by submitting my order form: $159
Email me and discuss: $500
Meetings to discuss, demo (local businesses): $1,500
Local government bureaucracy: $8,000
Federal government: $400,000
I roll to dodge the Rapiscan line. *1* Rats.
Ok. I roll to dodge to pass the scan without any anomalies. *2* Failed.
Ok, so anomalies are found. I roll to protect against the TSA pat-down. *1* Failed.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Presumably Pre-Check fliers get a saving throw?
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
the actual passenger-facing software was really cheap. what was expensive to develop and install is the cameras and computer detection algorithms to tell if the person is white, black or brown.
Department of Homeland Pork, Transportation Pork Administration
Why is Snark Required?
There are only two cases where exploiting the left/right randomization would matter to terrorists
1) They already have a means of getting contraband through the screening on one side but not the other, in which case your system is already broken, since the terrorists already have a 50% chance of getting through screening, even if your RNG is working the way you want.
2) There's a target on the one side but not the other, but if they want to make sure someone hits the target, they can just send a few terrorists through together in the line. Send four in a row and your odds are nearly 95% that at least one would end up on the side you want. And if they're all together, by the time the first one is discovered, the one you wanted would already be at his destination.
Why? Let's say it's the probability is 0.7 of head, 0.3 of tails. The probability of head-heads is 0.7*0.7. The probability of tails-tails is 0.3*0.3. The probability of heads-tails is 0.7*0.3. The probability of tails-heads is 0.3*0.7. 0.3*0.7 = 0.7*0.3, so the probability of heads-tails is equal to the probability of tails-heads.
This assumes that the coin tosses are independent.
I am TheRaven on Soylent News
> Human traffic patterns already have such a random element to them
You'd think so. It's not. Neither vehicular nor pedestrian traffic is random. There is order to that chaos, it's just not easy to find and the herd is easily spooked.
I lack the time and energy to get into the gritty details but I've gone into this quite a bit in the past. Feel free to scrounge through my posting history if you want. I modeled traffic (vehicular and pedestrian) and I'm pretty sure that it is chaotic but not truly random.
It may appear random, it is not. How to describe it quickly.
Okay, try this... Go to your nearest mall or department store - you might want to go to a few. Watch the people when they enter. If given a choice, they will (almost invariably) opt to go to the right. Stores, those who wish to curate the experience, will actually work to *force* you to go to the right. For example, they'll often have the bakery to the right - and lots of colorful objects. Why? Lots of reasons but because it's not *always* true that people go to the right - but it's true (far) more often than not.
It doesn't seem to matter if the person favors one hand over the other, or is "goofy footed" or not, nor does it seem to have much cultural variation. Chances are REALLY high that you'll go to the right. The odds favor it so heavily that it's the assumed default and they'll literally make changes to a store's layout to force compliance - with some notable exceptions that are too long to detail here but include things like a pharmacy within the same store. They want you on that route because they don't want you to be able to quickly grab your needed/most often purchased items quickly and then leave.
It's a lot of data. It's very chaotic. It's not random - not even remotely. Done well, you won't even notice. It's even true at outdoor events, in large auditoriums, and in sporting arenas. We don't know why this is true but, unless the data has changed in the past eight years, we humans are particularly fond of going to the right. There are a variety of other things to "count on" as a whole but it's not something I'm going to delve into in this post. I lack time and energy. That's one (of many) examples.
There are many patterns and near-universal truths but you have to step back and make observations and have a whole lot of data before some of them become apparent. By a whole lot of data, I mean a whole lot of data. By the end of the 1990s it was to the point where we were using disk arrays that were a full terabyte in size. That might not seem like a lot but, going by estimates with your UUID, look at the time period that was and think about how much a TB really is. (It was also not very cheap back then.)
"So long and thanks for all the fish."
I know you're being silly on purpose, but would a true randomizing device really be necessary?
I have a $0.01 alternative to this randomizer app.... Flip a fair coin. Designate one side of the penny Heads, and the other side tails....
Also, even if they have 50,000 pre-check lanes, the total cost is still only $500.
Sell the pennies to the government for $10 apiece.
"IMO the gaps between the rationals are small enough that it doesn't matter if you can prove this for irrationals"
Excuse me, but your opinion is wrong. Rational numbers are said to be sparse in the real number space. For the argument see "Lebesgue Measure." As for why there are more irrational numbers than rational numbers see "Cantor's diagonal argument".
Your reasoning is however correct. If P(HEADS) = p, P(TAILS) = (1-p). The probability for coin tosses are:
HH = p*p
HT = p(1-p)
TH = (1-p)p
TT = (1-p)(1-p)
Eliminating HH and TT leaves HT and TH at p(1-p) probability. There's no assumption on p being rational or not. However the further you are from p=0.5, the longer it takes to get a "valid" flip.
reason defies logic
Go to your nearest mall or department store - you might want to go to a few. Watch the people when they enter. If given a choice, they will (almost invariably) opt to go to the right.
I wonder if you would get the same result in the UK or Australia.
But that's not the kind of 'random' at issue here. They're talking about the clock time when a person standing in a line triggers a sensor. For any sensor of human-sized objects moving at TSA-line speeds, I would expect sensor variability to be a large part of the "is the current millisecond even or odd" decision.
[Tinfoil] It's not a real randomizer app, it's an advanced layered neural network program (IBM...Watson?) that automates racial profiling so that TSA workers are in the clear, they can say the machine made the decision for someone to go through heightened security, "at random." Teaching the program to pick out the right minorities took a lot of work. [/Tinfoil]
"When information is power, privacy is freedom" - Jah-Wren Ryel