Your Brain Activity Can Predict if You Might Commit a Crime.
Credit: Bob Elbert, Iowa State University
threats and identify what motivates employees to violate company policy.
Sound like something out of a sci-fi movie?
Stephen Spielberg's 2002 film, Minority Report, is based on the idea of being able to predict crime. In the movie, based on a short story by Philip K. Dick and adapted into a screenplay by Scott Frank, crime is predicted through the use of three psychic "pre-cogs" who work in unison in "PreCrime", a specialized police department.
Without getting into the story, this is the idea that researchers at Iowa State University explored, using electroencephalograms rather than psychics. The result is much the same, though in this study the focus is on trying to identify prospective employees who may be cybersecurity threats. Repeat, may be.
As this technology develops, we may see it used in hiring situations, with people who are innocent of any crime or security breach being denied employment because of "predictive" brain activity. May we see it in schools? In the military? In the criminal justice system as in the movie? There are some frightening possibilities here.
The questions of civil and employment rights from this are yet to be explored, but consider today's issues of glass ceilings in corporations that block the promotion of women and many minorities. This is a very real problem for millions of working stiffs across our economy based on something they have no control over.
There are questions of the basic fairness of such a practice, and the legality.
Could the use of this and similar technologies create a permanent economic under-class based solely on the possibility that one might do something criminal. No guilt or innocence to be established, no accusers you can confront in court, no recourse. You can imagine the legal challenges to such a screening practice and the lengths that some will go to to use the techniques whether it is legal or not.
This is a subject that offers many story lines against a future in which we all are tested in some point in our lives, with our personal futures defined not by our actions, but by a simple possibility that we may - or may not - do something.
Here's the story:
* * * * *
Brain activity tested to identify cybersecurity threats
The old adage that a chain is only as strong as its weakest link certainly applies to the risk organizations face in defending against cybersecurity threats. Employees pose a danger that can be just as damaging as a hacker.
Iowa State University researchers are working to better understand these internal threats by getting inside the minds of employees who put their company at risk. To do that, they measured brain activity to identify what might motivate an employee to violate company policy and sell or trade sensitive information. The study found that self-control is a significant factor.
|Prediction in Criminology|
by David P. Farrington
Click on image for details
"What we can tell from this current study is that there are differences. The low self-control people and the high self-control people have different brain reactions when they are looking at security scenarios," Hu said. "If employees have low self-control to start with, they might be more tempted to commit a security violation, if the situation presents itself."
The study, a first of its kind, used EEG to measure brain activity and examines how people would react in a series of security scenarios. Researchers found people with high self-control took longer to contemplate high-risk situations. Instead of seeing opportunity, or instant reward, it's possible they thought about how their actions might damage their career or lead to possible criminal charges, Hu said.
For the study, researchers surveyed 350 undergraduate students to identify those with high and low self-control. A total of 40 students -- from both the high and low ends of the spectrum -- were then asked to do further testing in the Neuroscience Research Lab at ISU's College of Business. They were given a series of security scenarios, ranging from minor to major violations, and had to decide how to respond while researchers measured their brain activity. Robert West, a professor of psychology, analyzed the results.
"When people are deliberating these decisions, we see activity in the prefrontal cortex that is related to risky decision making, working memory and evaluation of reward versus punishment," West said. "People with low self-control were faster to make decisions for the major violation scenarios. It really seems like they were not thinking about it as much."
The findings reflect characteristics of self-control in criminology, in which individuals with low self-control act impulsively and make riskier decisions. However, with traditional research methods and techniques, researchers could not determine if the low self-control group was more likely to act based on immediate gain, without considering the long-term loss, as compared to the high self-control group.
It's possible that social desirability bias, or the tendency to act in way that is viewed as desirable, masked the true intentions of participants. With neuroscience methods and techniques, the results are more reliable and provide a better understanding of human decision making in various circumstances, researchers said.
What does this mean for business?
The number of security violations grew to nearly 43 million last year, up from almost 29 million in 2013, according to The Global State of Information Security® Survey 2015. The survey found employees, current and former, were the top-cited offender. Not all employee security breaches were malicious or intentional, but those that were created significant risk to organizations around the world. This highlights the need for organizations to focus internally to protect sensitive information.
Laura Smarandescu, an assistant professor of marketing, has used psychological methods in prior studies to gain a better understanding of an individual's thought process. She says this study could help businesses determine which employees should have access to sensitive information.
"A questionnaire measuring impulsivity for individuals in critical positions may be one of the screening mechanisms businesses could use," Smarandescu said.
Other studies on human behavior recommend implementing comprehensive policies and procedures, training for employees and clear, swift sanctions against security misconduct to deter future violations. However, in regard to low self-control, traditional training may not cut it, Hu said.
"Training is good, but it may not be as effective as believed. If self-control is part of the brain structure, that means once you've developed certain characteristics, it's very difficult to change," Hu said.
- Breakthrough uncovers fingerprints on ATM receipts
- Criminals, genetics and the courts
- fMRI Brain scans: Far better than the polygraph
- Guilt vs. Shame Predict Criminal Re-offense
- Inside the Minds of Murderers
- It's Getting Harder to Hide Murder
- Killing for Money: Does Crime Pay?
- The Last Meal Test of Innocence
- Our broken, unfair prison system. Is there a better way?
- People Can 'Beat' Guilt Detection Tests
- The perfect, 95%+ accurate witness interrogation technique
- Plotting Crime Through the Eyes of Burglars
- Questioning Longstanding Forensic Identification
- Three on Crime: Lone Wolf Terrorism; Solitary Confinement; Mental Illness & Violence
- How Visiting High Crime Neighborhood Effects People
- What Can Investigators Really Tell From Gunshot Residue?
- Where have all the burglars gone?
Story Source: Materials provided by Iowa State University. Hu, Qing, West, Robert, and Smarandescu, Laura. The Role of Self-Control in Information Security Violations: Insights from a Cognitive Neuroscience Perspective. Journal of Management Information Systems, Volume 31 Number 4 Spring 2014 pp. 6-48