Patching is too important to be neglected
Patching is too important to be neglected

Polygraphs and speech analysis are not the solution – you need a range of techniques to trap corporate liars.

In the enjoyable 1992 spy/hacker film, Sneakers, there's a dramatic scene where Robert Redford's character talks to a senior National Security Agency (NSA) spook, with the phone connected to a gadget to gauge the honesty of the NSA's replies. Redford's final question is, “Can you guarantee my safety?” When NSA answers, “Yes”, the voice analysis display goes haywire, indicating dishonesty.

As long as people have been talking, there's been a hunt for the perfect method of detecting dishonesty. Whereas in the past more unpleasant physical methods used to be popular, these days there are moves towards a more scientific methodology.

The most famous “lie detector” is probably the polygraph. This involves connecting a range of probes to the subject to graph a number of different physical responses. The examiner then submits the subject to a range of questions and notes the graph responses to each.

The idea is to ask questions that you know the subject will answer either honestly or dishonestly, using the replies as baselines to compare with your specific questions.

There are a number of problems with this approach, most notably the assumption that people will always lie when asked certain control questions. As a result, polygraph usage is now limited mainly to the unusual bedfellows of the US government and daytime chat shows trying to establish the romantic fidelity of their “guests”. Visit www.antipolygraph.org for a thorough analysis of the weaknesses of the polygraph.

More recently, the trend towards checking honesty by analysing speech has grown in popularity. This has instant commercial appeal, as it can be easily implemented without tedious controlled questioning and connection of medical sensors. You just have a box with an “honesty scale” on it hooked up to the phone. Unfortunately, this too faces serious questions about its reliability and scientific basis.

The idea is that by monitoring a voice over a phone line you can detect subtle variations that indicate stress, and therefore dishonesty. This is attractive to insurers, security screeners and others who rely on honest vocal answers.

However, the performance reality of such gadgets falls far short of the Hollywood dream. There are numerous documented methods for fooling the polygraph. Voice-stress analysis is unlikely to fare much better, as it's even harder to tell if the subject is trying to fool the sensor (I could easily lower my vocal stress by stroking my cat).

There is a wide range of literature on the ineffective nature of such voice-analysis techniques, but that hasn't stopped organisations (such as the UK Department for Work and Pensions) spending a lot of money on them. So it is hardly surprising to find professionals making moves to highlight the limitations.

Recently, exactly such a step was taken by speech scientists Anders Eriksson and Francisco Lacerda in their paper ‘Charlatanry in forensic speech science' (International Journal of Speech, Language and the Law, Vol 14, No 2, 2007). Despite the provocative title, the paper is a calm and balanced review of the dubious scientific basis and testing practice of some leading products. Such critical analysis should be welcomed by honest vendors, and is the norm in the security business and the scientific community.

Unfortunately, the paper was hastily withdrawn, due to threats of libel action from one of the companies named. Ironically, this has probably had the opposite effect to that desired, as the paper has now undoubtedly found a much wider audience (you can Google or Bing the title if you want to read it for yourself).

The detection of dishonesty is an important security measure but one that has so far resisted the efforts of technology. The best protection against dishonest employees comes from a range of different technological and human screening techniques and, most importantly, aftercare.

The option of having a black box tell you if someone is lying is unlikely to be reality for a long time to come.