Risk appetite at Critical Infrastructure depends on the the level of threat and anticipated outcome of a security compromise. The outcome was catastrophic from terrorist boarding airplanes in Boston  and crashing them into the World Trade Center, the Pentagon and a field in Pennsylvania.
There was a lot of political noise post-911. What to do about terrorists boarding aircraft using fraudulently obtained identification cards?
The Congressional Reaction
The political response, in lieu of seemingly impossible logistics of a National ID Card, was to tweak the security requirements for State issuing of driver’s licences and identification cards with REAL ID. A post implementing review of REAL ID was undertaken by the U.S. General Accounting Office. The first audit results were published under title, Counterfeit Identification Raises Homeland Security Concerns . Another study published in 2009 reviewed the progress of individual states in complying with the REAL ID regulations.
The outcome is not all that promising for security. Desk audits found a general inability to detect deception with counterfeit and forged documents presented to security and immigration at airports and at Departments of Motor Vehicles (DMV) across the U.S. State compliance with REAL ID is not consistently applied across each State.
The reality, when someone presents a Certificate of Birth, of which there are 7,000 plus issuers in the US, at a DMV service outlet as proof of status, it is a genesis document for a variety of other means of identification. With a birth registration system designed for the conditions of 1907, no provisions were made to include a biometrics directly linked to the birth record. It remains the same to this day. Secondly, out-of-state deaths are not correlated with in-state births.
So, what is left?
Outside increasing the effort to commit personation and identity fraud, and which is beyond the reach of those depending on these documents, what is left is to increase certainty of catching predators in the act. They are at their most vulnerable while presenting fraudulently acquired, forged, and loaned/stolen genuine documents at the point-of-service to complete their ruse.
Ability to identify red flag indicators of deception is a learned and honed skill. People higher on the emotional intelligence scale have a better chance of success in maintaining focus over longer periods of time, and better equipped to pick up on the emotions of others.
Back to Affective Realism
The previous post, “Affective Realism“, poured the footings for deception risk mitigation. This metaphor high-lights the most fundamental building block of deception management.
This post posits nonverbal behaviour as a component of assessing the reliability of statements and declarations made at the point-of-service in the deception management game. Assessing nonverbal behaviour can be complicated and fraught with variability. It refers to communication distinct from speech. It is taken generally to include facial and eye expressions, hand and arm gestures, postures, positions, use of space between individuals and objects, and various movements of the body, legs and feet.
Nonverbal behaviour communication can be generated deliberately, the behaviours can be culturally nuanced, and they can be triggered my emotions from below levels of conscious awareness.
The complexity here is that the emotionally triggered nonverbal behaviour can be for something totally unrelated to a request or question posed.
Context is Everything
Nonverbal behaviour must be interpreted contextually: “Depending on or relating to the circumstances that form the setting, in this case, for a security screening event.” And as learned in the last post, nonverbal behaviour is interpreted through the prism of emotions, as well as beliefs and biases. One can see that is not a precise, nor absolute science. It is fraught with variability.
This does not mean throwing nonverbal behaviour out. It for certain means assessing with humility. When something appears to be aberrant, or out-of-sequence, it is mistake to jump to a conclusion that there is deception. It is something to potentially action with followup questions at the point-of-service or, optionally, to escalate for more in-depth review.
Meta studies of the research resulted in no single nonverbal or verbal clue as a reliable indicator of deception. The probability of detection increases when clusters of indicators are present (DePaulo ‘et al’, 2003; Masip, ‘et al’ 2005; Vrij 2006; Sporer & Schwandt, 2006,2007).
A future post scans verbal behaviour.