At 10:25 PM 4/10/96 -0400, hallam(_at_)w3(_dot_)org wrote:
Oh come off it, the polygraph test works more or less on the placebo
effect. The evidence for this being a certain Mr Ames.
If you want to have any success at all I suggest you consider scopamine
or bulbopropein.
Phill
I believe this means you find the polygraph requirement as distasteful
as US govt-authorised use of scopomine.
I too find the scopamine notion distasteful; which is why I asked for
comments on polygraph, which is non-invasive, auditable, and can
be tailored for specific threats. How much use is it? Its just
another countermeasure, founded mainly on bluff (placebo effect?), IMHO.
Someone said
to me: the Microsoft/Digital (and MCI) relationship just exists
to keep Intel honest. How actually valid be this propostion, is 100% irrelevant;
its a deterrent for critical trust functions. Deterrent has proven
a highly useful, not ever guaranteed, countermeasure for citical processes
over the last 50 years.
However, back to reality; its a simple fact that established practice
consitutes
part of the common law, in common law countries. Tort decisions exploit common
law viciously. Polygraph is a (US) fact in those commercial industries
which serve critical trusted entities such as banks. I have
been unable to find any technical argument which would counter a tort
argument that due (equivalent technical) care had indeed been practised by
an issuing
authority of a CA, according to conventional commercial practice, should
polygraph be
exluded by operating policy. I can believe that its use is defensibly
restricted to the domain of operations for which currently those practices
exist.
I would expect any company acting as a CA which asked employees to
undertake audit-based polygraph to have the same objection and turnoff
rate as all other commercial institutions which have the need to establish
such internal-threat countermeasures, and demonstratively operate due care
in this area.
The higer the assumed trustedness of the CA, and the trusted third legal entity
(person or other legal persona such as MIT) operating the CA, the
higher the scrutiny, probably.