Espionage is occurring in government agencies. Polygraph is one of several tools available that can be used as an internal control to prevent espionage and identify spies. It is my opinion that in a security screening polygraph examination, Robert Hansen would have reacted with greater than 99% certainty. Because, statistically speaking, others taking the test may also react but not be guilty, other internal control measures, such as FBI investigative resources, would need to be coupled with the polygraph results before certifying espionage activity. Evaluating whether or not a security-screening program should be implemented requires an understanding of what the predicted outcomes would be, an evaluation of what has already occurred in existing programs, and the costs involved.
A realistic appraisal of the polygraph requires an understanding of its capabilities and limitations. When making decisions based on polygraph results, one must factor in the confidence levels of the various outcomes. Security polygraph examinations must be objectively conducted and evaluated. The examiners must be able to determine the effectiveness of the initial testing, and know when retesting is warranted. For example, false positives can occur. This is when people react to the question, but in fact are telling the truth. The skill of the examiner is essential in recognizing the possibility of a false positive, and the need to take additional measures, such as retesting. Polygraph is not a perfect science but, in my opinion, it is a very valuable tool to ferret out those who would commit espionage against the United States.
How much confidence can we have in a single security polygraph examination?
Confidence starts with estimates of validity. An estimate of validity can be established from laboratory studies and by projecting the experiences of actual testing. Next, you must estimate the base rate, or the percentage of a population that bears the characteristic we are seeking. Prior studies indicate that the polygraph has an accuracy rate between 90% and 99%. Estimates of the number of spies in any organization vary. My estimate in 1994 was there might be a maximum of 3 spies in a population of 10,000.
Based on the results of scientific studies, when conducting a screening polygraph, you will have high confidence (99.99 %) on decisions to clear people. In other words, the error rate on those who pass the test is very miniscule. These conclusions are labeled no deception indicated (NDI) or no specific reactions (NSPR). On the other hand, when a person registers deceptive (DI) or specific reactions (SPR) on the exam, the confidence level decreases to 2.9%. This occurs because statistically, a rather large percentage of the deceptive reactions will be false positives on the initial test. The benefit of polygraph screening, at this point, is that you will identify a smaller pool of people who “potentially” could be committing espionage. It is then possible to concentrate your security resources by applying other internal control measures, such as investigation, to the smaller group who reacted on the test. Additional polygraph testing and investigation should reduce the number of potential spies even further. Actual testing results should help us identify how many unresolved cases exist and the costs of resolving them.
Traditionally, reexaminations have been part of clearing those who react on their first examination, and are presumed to effectively reduce the number of false positives. The DOD annual report suggests that most of these reactions are cleared through admissions. It is likely a number of security violation type of admissions would be made and would be resolved. It is also likely a number would not, however skilled interviewers might still might uncover the spy. In my opinion even with high validity assumptions, 5 to 10 % of your population will not successfully complete the initial examination. Subsequent reexaminations should resolve a number of cases and reduce these percentages. Substantial resources would have to be expended on any unresolved cases.
Countermeasures
The danger from countermeasures, while real, is overstated. I believe laboratory studies overstate the effectiveness of countermeasures. The psychological dynamics of actual testing, as well as anti-countermeasure methods used in the field, are overlooked when assumptions are made regarding the effectiveness of countermeasures. In order for the anti-countermeasure methods to be effective, they must remain classified.
Polygraph Program Effectiveness
There has been criticism in the past that polygraph-screening programs just routinely pass everyone and that the effort is symbolic only to create a false sense of security. Experts in the field of polygraph have spent considerable time conducting studies and have determined various statistical probabilities based on scientific modalities. Therefore, by analyzing a specific polygraph program’s prior testing results and comparing these results to the statistical probabilities, one could determine if that specific polygraph program is effective or ineffective.
Conclusion
The use of the polygraph as an aid to investigations and not a substitute for it is a well-established policy. To solve an extremely difficult investigative and security problem requires the use of internal controls and the use of all investigative tools. I believe a well-managed polygraph program is part of the solution.