Eye-movement deception detection studied as part of Pentagon’s vetting modernization

When the Defense Counterintelligence and Security Agency (DCSA) quietly funded research into “ocular-motor deception detection,” few outside the Intelligence Community noticed.

The initiative was buried in FY 2025 DCSA Research, Development, Test, and Evaluation (RDT&E) budget justification documents labeled “Insider Threat,” and offered only that it would “collect and analyze information for insider threat detection and mitigation.”

That modest phrasing masked a far more consequential shift in how the U.S. government intends to decide who can be trusted with national secrets when granting security clearances.

The research, led by DCSA’s National Center for Credibility Assessment (NCCA), began as a scientific test of whether subtle changes in pupil dilation and eye movement could reveal deception as reliably as a polygraph.

Early experiments used a commercial platform called EyeDetect, developed by Utah-based Converus, which analyzes ocular metrics through high-speed infrared cameras. The system produces a “credibility score” by measuring minute eye responses while subjects answer on-screen questions.

Converus did not respond to a request for comment.

Initially, the project seemed like a low-risk exploration of next-generation credibility assessment. But by 2022, the effort had advanced into live operational testing at the Defense Intelligence Agency (DIA), according to Defense Department budget documents.

The program’s justification noted that testing “on personnel undergoing specialized training” yielded mixed results, yet instead of shelving the concept, NCCA commissioned Oak Ridge National Laboratory to build a government-owned decision algorithm, a move that signaled long-term intent to fold the capability into a classified ecosystem rather than abandoning it.

By fiscal 2023, Congress added $3 million to the program for “ocular-motor deception detection capabilities.” That language appeared without a sponsor’s name, but the congressional add ensured continuity and hinted at quiet support within defense appropriations subcommittees.

A DCSA spokesperson confirmed to Biometric Update that “in response to a congressional requirement, [DCSA] has been evaluating commercial systems that use oculomotor sensing for credibility assessment.”

The following year, the program expanded to field evaluation under the University of Maryland’s Applied Research Laboratory for Intelligence and Security (ARLIS), with Texas A&M University’s Bush School conducting real-world trials.

The justification explicitly stated that EyeDetect’s multi-issue comparison test “will be investigated with issues relevant to the Texas-Mexico border and with a population different from those of the ORNL studies.”

While the phrasing invited speculation about how deception detection might intersect with border operations, insiders say the intent was methodological – testing how the technology performs across varied demographics and stress conditions.

It marked a pivotal step. NCCA’s ocular-motor project had progressed from laboratory prototype to field deployment, crossing into territory that defense agencies describe as “operational evaluation.”

By 2025, DCSA’s own budget documents revealed where that progression was heading. The agency moved most of the program’s funding – nearly $8 million – from the Insider Threat research line (Program Element 0305327V) into a new account titled DITMAC System of Systems (Program Element 0302609V).

This system is being developed to operate in a self-hosted cloud environment and includes capabilities for managing new roles and migrating data.

DITMAC was originally created to monitor trusted personnel across the Defense Department. Its “System of Systems” modernization, however, is designed to fuse insider threat data, continuous vetting alerts, and personnel analytics into a single, automated risk detection platform.

Fiscal 2026 DCSA budget documents still describe “ocular-motor deception detection capabilities,” specifying that the NCCA “will collect Eye-Detect data from one or more field locations,” but the justification lists no new funding for the project, an indication that the research has moved into a transition phase.

Meanwhile, the Insider Threat mission was folded into a newly renamed account called the Defense Security Analysis and Threat System (DSATS), formerly DITMAC SoS. DSATS now highlights new priorities such as Behavioral Threat Analysis Capability (BTAC) and “automated data ingest” for “additional data sources.”

In effect, the ocular-motor work continues to exist on paper while its concepts migrate into DCSA’s broader analytic infrastructure.

That migration of funds marked the point where the ocular motor deception detection project ceased to be a standalone R&D effort and became part of a larger enterprise – the infrastructure behind the government’s Trusted Workforce 2.0 initiative.

Trusted Workforce 2.0 is the government-wide initiative launched in 2018 to modernize and reform how the government vets and manages personnel security clearance and suitability.

Under Trusted Workforce 2.0, DCSA has replaced the traditional five- and ten-year reinvestigation model with a continuous vetting framework that uses automated checks of databases and public records – criminal, financial, and, eventually, biometric data sources – to monitor cleared employees and contractors in real time.

At a DCSA media roundtable in 2024, agency leaders described this transformation in strikingly candid terms.

“We’re overhauling the personnel vetting process,” said Dr. Mark Livingston, then DCSA acting deputy director and now DCSA assistant director for personnel security. “We ensure trust in real time through automated record checks and interagency information sharing.”

Livingston characterized Trusted Workforce 2.0 as “transformational,” noting that DCSA’s continuous vetting system now delivers “alert management, real-time threat analysis, and other reporting that helps us provide that trusted workforce.”

Livingston underscored the speed advantage of this automation. “For a secret clearance, we now discover potential derogatory information seven years and one month faster than the old periodic reinvestigation,” he said. “For top secret, it’s two years and seven months faster.”

The goal, he said, is to identify potential issues early – before they escalate into insider threats – while improving “reciprocity” and “transfer of trust” between agencies.

Heather Green, then DCSA’s Principal Deputy Assistant Director for Adjudication and Vetting Services, elaborated on how the system works.

“If an arrest occurs on a Friday, our continuous vetting analyst will see it on the dashboard Monday morning,” she said, explaining that “it triggers an alert aligned with the federal investigative standards, and the analyst initiates the resolution and adjudication process.”

The system’s initial phase, Green explained, uses a criminal data source but will expand to include financial and other datasets.

Crucially, Green also confirmed what had previously been absent from official statements, which is biometric data integration is part of DCSA’s future plans.

“Right now, the data source that we’re using is not biometric based,” Green said, “but it will be in the future, and we’ll have a full scaling plan on when we add a biometric-based data source to this population.”

While DCSA leaders described biometric expansion as inevitable, current federal policy has not yet caught up. Under the Office of the Director of National Intelligence’s governing framework, Security Executive Agent Directive 3 (SEAD 3) and SEAD 4 define what cleared personnel must report and how eligibility for classified access is adjudicated.

Nowhere in either directive is there authorization to use physiological or behavioral data such as eye movement metrics, biometric credibility scores, or algorithmic deception detection results as adjudicative evidence.

SEAD 4’s “Psychological Conditions” guideline covers mental health factors, not physiological measurements. SEAD 3 governs self-reporting requirements. When ODNI has intended to expand data sources such as social media reviews, it has issued a separate directive (SEAD 5). No comparable directive exists for biometric or behavioral data.

That silence means that, as of 2025, any agency seeking to fold ocular motor or other biometric indicators into the national security adjudication process would be operating outside explicit ODNI authority.

To legitimize such use, ODNI would likely need to promulgate a new SEAD or interagency policy memorandum defining what counts as acceptable behavioral evidence, how accuracy and bias are measured, and what privacy safeguards apply.

Until then, DCSA’s planned integration of biometric sources sits in a policy gray zone – technically unregulated, procedurally novel, and potentially precedent-setting for the entire security clearance system.

Asked if DCSA anticipates policy or procedural guidance from ODNI or other oversight bodies regarding the potential adjudicative use of behavioral or physiological data, a DCSA spokesperson referred Biometric Update “to ODNI regarding whether they are considering any potential changes to policy or procedural guidance.”

The acknowledgment that biometric data integration is part of DCSA’s future plans provides the first public link between DCSA’s ongoing operational reforms and the ocular-motor deception detection research now being absorbed into the Defense Security Analysis and Threat System.

It shows that the technology’s maturation – tracked through DIA testing, Oak Ridge algorithm development, and ARLIS field evaluation – is converging with DCSA’s broader strategy to automate trust decisions across the federal workforce.

In this model, EyeDetect and similar physiological tools are not end-user products, but rather they are data generators feeding into a centralized analytics engine. DSATS, in turn, functions as the platform that aggregates behavioral, biometric, and contextual data, what Livingston called “a whole-of-government background investigation reform effort.”

Once integrated, the system will have the ability to detect and correlate risk signals far beyond what human investigators could process manually.

For advocates of modernization, the payoff is efficiency and uniformity. For privacy and civil liberties experts, it raises unsettling questions about surveillance, consent, and the reliability of biometric inferences.

Continuous vetting, in their view, blurs the boundary between workplace oversight and perpetual monitoring.

What is indisputable is that the Defense Department’s personnel trust architecture is being rewired into a real-time risk monitoring ecosystem, one that – by DCSA’s own description – will eventually incorporate biometric and behavioral analytics.

A DCSA spokesperson told Biometric Update that “DCSA uses rigorous, scientific practices to evaluate new technologies and expects to provide results of this research pertaining to oculomotor-based deception detection systems to decision makers to inform future potential use in the protection of national security information, assets, and most importantly, personnel.”

The EyeDetect program may have begun as a lab experiment, but its lineage now runs straight into the heart of the Pentagon’s vetting modernization effort.

As Green said during the roundtable, “We are moving to this new model where we’re identifying information early and often … starting with criminal data sources, then expanding and evolving to include additional ones to further protect national security.”

That is exactly the pattern visible in the budget trail: a phased build-out of new data types, culminating in what DCSA now openly calls “a full end-to-end suite of technology.”

Article Topics

behavioral biometrics  |  biometrics  |  Converus  |  Defense Counterintelligence and Security Agency (DCSA)  |  eye tracking  |  law enforcement  |  lie detection  |  U.S. Government