Polygraph False Negative Rate:
Why the Science Doesn't Support Security Screening

The polygraph was invented in 1939. Its operating principle has not materially changed since: it measures peripheral physiological signals — respiratory rate, skin conductance, blood pressure — as proxies for anxiety during questioning. The implicit assumption is that deception produces measurable physiological arousal. Eighty-seven years of scientific investigation have found this assumption to be, at best, partially supported and, at worst, dangerously unreliable for the specific application of security screening.

The 2003 NAS Review: What It Actually Found

The most authoritative assessment of polygraph validity is the 2003 National Academy of Sciences report, The Polygraph and Lie Detection, commissioned by the US Department of Energy following the Wen Ho Lee espionage case. The committee's findings are unambiguous.

The NAS concluded that polygraph tests can detect deception at rates above chance under laboratory conditions — but that this accuracy is "insufficient to justify reliance on them for security screening." The committee identified three specific problems that undermine polygraph's utility for defence applications.

First, the physiological responses polygraph measures are not specific to deception. Anxiety, embarrassment, surprise, and genuine anger all produce similar cardiovascular and galvanic responses to those produced by deception. A truthful person who is anxious about being tested — perfectly rational in a security screening context — is more likely to produce a false positive than a deceptive person who is calm and prepared.

Second, polygraph is highly susceptible to countermeasures. Biting the tongue during control questions, performing mental arithmetic, or applying deliberate muscular tension to the feet can suppress the physiological differential that examiners use to assess deception. These countermeasures are not difficult to learn and have been documented in the literature since the 1980s.

Third, and most consequentially for security applications: false negative rates are unacceptably high. A false negative in security screening means a deceptive subject passes and retains their clearance or access. The NAS found false negative rates in controlled studies reaching 47% — meaning that nearly half of deceptive subjects could expect to pass polygraph screening.

The Countermeasure Problem

The vulnerability of polygraph to deliberate countermeasures is not theoretical. The CIA operative Aldrich Ames passed polygraph examinations in 1986 and 1991 while actively spying for the Soviet Union — a case that directly led to the NAS review. Robert Hanssen, the FBI agent who spied for Russia for 22 years, reportedly boasted that he could have passed polygraph throughout. Both cases involved sophisticated actors who had studied or been briefed on countermeasure techniques.

More recent research has found that even brief countermeasure training — less than 30 minutes — significantly improves the probability of passing polygraph while deceptive. The physiological channels polygraph monitors are too easily manipulated by motivated individuals for the test to serve as a reliable primary screening mechanism against determined adversaries.

Why Courts and Procurement Bodies Have Moved On

The scientific community's position on polygraph is clear. The legal community has moved in the same direction: polygraph results are inadmissible in most UK courts and in many US federal jurisdictions, specifically because the underlying science does not meet the standards required for evidential reliability.

UK Ministry of Defence and intelligence community procurement frameworks have increasingly recognised this reality. The shift is not toward abandonment of credibility assessment — the operational need for assessing personnel truthfulness and psychological fitness has not diminished — but toward frameworks that can withstand scientific and legal scrutiny.

What FACS-Grounded Assessment Addresses Differently

EchoDepth's credibility assessment capability is grounded in the Facial Action Coding System rather than peripheral physiological signals. The distinction is important for several reasons.

Facial Action Units — the involuntary muscle activations that FACS defines and catalogues — are significantly harder to control than peripheral physiological signals. Suppressing a galvanic skin response is relatively straightforward with practice. Suppressing the involuntary partial activation of AU1+AU4 (inner brow raise combined with brow lowerer) during genuine distress is neurologically much more demanding. Micro-expressions — partial AU activations lasting 1/25 to 1/5 of a second — are largely beyond conscious control.

EchoDepth analyses 44 FACS-compliant Action Units per frame, producing timestamped per-question output that identifies stress, suppression, and deception-correlated AU patterns. Unlike polygraph output — which is an examiner's subjective interpretation of a paper trace — EchoDepth output is a structured, reproducible digital record with confidence weightings that can be reviewed, challenged, and audited.

EchoDepth does not claim to detect lies. It surfaces involuntary physiological markers correlated with deception attempts, stress, and suppression. This distinction is scientifically honest and legally important. The output is evidence-based, not conclusive.

The Deployment Difference

Beyond the scientific arguments, FACS-based assessment has practical operational advantages over polygraph. It requires no physical sensors — no respiratory belt, no galvanic skin sensor, no blood pressure cuff attached to the subject. It uses a standard RGB camera that may already exist in the interview room or facility. It produces no examiner dependency — results are not subject to inter-rater variation or examiner bias. And it deploys fully on-premise in SCIF-compatible, air-gapped environments with no cloud dependency.

For UK defence and intelligence procurement, this combination — peer-reviewed scientific grounding, camera-only non-contact operation, structured auditable output, SCIF-compatible deployment — addresses the specific gaps the NAS review identified in polygraph.