A popular polygraph device used to administer lie detector tests during background checks and criminal investigations contains a flaw in its automation feature that calls the system’s fundamental integrity into question, a recent report by the news service McClatchy found. Although Lafayette Instrument Co. had acknowledged the error in its LX4000 machine to individual customers who had raised concerns, the manufacturer has only recently publicly addressed the glitch, meaning that tens of thousands of people have been polygraphed – often with employment offers or criminal charges at stake – on potentially faulty devices.
Understanding the error
The LX4000 polygraph device determines a test-taker’s veracity by measuring sweat levels. It sends raw data to a computer, which can then be processed manually or automatically. In Manual mode, the data measures the exact sweat gland secretions and reads out exactly as transmitted, which can create unexpected breaks in the data. Automatic mode smooths over these breaks through interpolation, with the goal of making the results easier to read.
The two methods could produce scoring differences, which Lafayette described in a customer notice as minor but other researchers noted could be substantial enough to shift the outcome of the entire test. Federal polygrapher David Reisinger told McClatchy that he first observed the error in 2005, while working at the Defense Intelligence Agency. In the test, sweat measurements are added up for a final point total that determines whether or not someone is lying. Reisinger noted discrepancies of up to 16 points between the two modes.
“It was so significant I noticed the problem immediately,” he told McClatchy. “It jumped right off the screen at me.”
Reisinger reported the error to Lafayette, which promised to follow up and issue a fix. In an email to DIA, the company said that it had “devoted [its] entire engineering efforts” to fixing the issue, McClatchy reported. According to the company, an updated software version released in 2007 altered the mathematical formula used to monitor trend lines. A second software update in 2010 further revised the formula. However, according to McClatchy, the company made no effort to inform other customers of the error or help them implement patches.
As a result, many test readings in the past several years may have been skewed. Lafayette has claimed that such misreadings are rare, McClatchy reported. According to Gary Berntson, a psychology professor at Ohio State University who studies sweat measurements and has worked as a consultant for Lafayette, this assessment is likely correct. However, the consequences of the occasional error could be significant.
“The crux here is proper disclosure,” he told McClatchy. “The manufacturer needs to alert the user of potential biases, however subtle or rare.”
Assessing the scope of the problem
Polygraph tests are widely used in a variety of contexts, especially to perform background checks at many federal agencies. Although many organizations are discreet about their use of the technology, more than 70,000 people are polygraphed for federal jobs alone, McClatchy reported. Although polygraph test results are not admissible as evidence in court, many felons are required to undergo testing to comply with probation or mandated psychological treatment. Advocates of polygraph testing say that accuracy hovers around 85 to 95 percent, but there are no independent testing standards that machines must undergo. As a result, the software errors in the LX4000 contribute to the overall uncertainty surrounding the devices.
“It’s bad enough that polygraphs are used at all, given all we know about their lack of reliability, especially for security screening,” wrote IEEE’s Robert Charette in a separate piece dissecting the findings. “But for Lafayette to ratchet up the level of risk by keeping information about a known flaw under wraps shows a total disregard for its responsibility to anything but its quarterly earnings. Even more irresponsible were the government agencies that knew about the flaw but continued to use the LX4000 in automatic mode anyway.”
With issues such as employment and criminal records on the line, ensuring accuracy in devices is essential. As organizations seek to establish legitimacy for sensitive devices such as polygraphs, tools such as code review and static analysis software can be useful for meeting quality standards. By employing tools to monitor and improve code, companies can avoid flaws rather than trying to downplay them or having to suffer the consequences of not addressing them.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.