Poly want a hacker?

Recently I've been updating my chapter on employment policies for improving security in the Computer Security Handbook, 5th Edition, edited by Seymour Bosworth, myself and Eric Whyne (due out Autumn 2008), and I decided to include some information about the use of polygraphs as a tool for screening applicants and employees.

In the next few columns, I’ll be sharing some of the information I’ve collected and analyzed.

According to the frequently asked questions (FAQ) pages sponsored by the American Polygraph Association (motto: “Dedicated to Truth”), a polygraph is a device which records a number of physiological markers such as respiration, heart rate, blood pressure and galvanic skin response (sweating). Used by trained professionals, the device displays a chart of subject responses to questioning by law enforcement agents, attorneys involved in both civil and criminal legal procedures, and employers (subject to legal restrictions).

The most comprehensive report about the use and abuse of polygraph testing I found was published in 2003, when the Committee to Review the Scientific Evidence on the Polygraph, a group organized by the National Research Council of the United States National Academy of Sciences, published a scholarly report entitled The Polygraph and Lie Detection.  In addition to purchasing the 416-page hardback book for $44.96, readers can also download it as a PDF for $38.50, buy both paper and PDF for $58.50 or read the text online for free as HTML or as GIF images of the original pages. In the rest of this article, I’ll refer to the report as the “NAS Report.”

Appendix E of the NAS Report (“Historical Notes on the Modern Polygraph”) mentions the view reported by the Indiana Polygraph Institute that “John Larson invented the polygraph in 1921 while a medical student at the University of California and a police officer of the Berkeley Police Department.” 

A competing claim is that William Moulton Marston independently created a prototype of today’s polygraph during his graduate studies at Harvard University from 1915 to 1921: "He began working on his blood pressure approach to deception in 1915 as a graduate student under the direction of Hugo Munsterberg in the Harvard Psychological Laboratory. According to Marston’s son, it was his mother Elizabeth, Marston’s wife, who suggested to him that 'When she got mad or excited, her blood pressure seemed to climb.'"

By the way, after a successful and controversial career championing his invention as a reliable discriminator of truth and falsity, he also created a feminist icon:

“In 1940, when he was serving as an educational consultant for Detective Comics, Inc. (now known as DC Comics), Marston asked why there was not a female hero. Max Gaines, then head of DC Comics, was intrigued by the concept and told Marston that he could create a female comic book hero - a ‘Wonder Woman’ - which he did, using a pen name that combined his middle name with Gaines’s: Charles Moulton.” An interesting detail is that Wonder Woman’s magic lasso forced “all who [were] encircled in it [to] tell the truth.” 

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.