The Deterrence Lockbox
David Foster, Ph.D., CEO & President, Caveon
The Fundamentals of Deterrence
A psychologist and psychometrician, David has spent 37 years in the measurement industry. During the past decade, amid rising concerns about fairness in testing, David has focused on changing the design of items and tests to eliminate the debilitating consequences of cheating and testwiseness. In 2003, David co-founded the industry’s first test security company, Caveon. Under David’s guidance, Caveon has created new security tools, analyses, and services to protect its clients’ exams. He has served on numerous boards and committees, including ATP, ANSI, and ITC. David also founded the Performance Testing Council in order to raise awareness of the principles required for quality skill measurement. He has authored numerous articles for industry publications and journals and has presented extensively at industry conferences.
This issue of The Lockbox is dedicated to the security concept of deterrence, a relatively misunderstood and under-utilized way to handle a surprisingly large variety of test security threats. This particular article is intended to provide a foundation for understanding deterrence and its effects. To begin with, let me illustrate the power of deterrence in a non-testing context: From the mid-1940s through the 1980s, the United States and its allies were pitted against the Soviet Union and its allies in the Cold War. During that 45-year period, the two sides continuously grew their stockpiles of nuclear weapons, each with improved range and capability for destruction. Amazingly, conflict was ultimately avoided because of the phenomenon of deterrence. Either side—or, I should more accurately state, people on either side—could have begun a war, but were discouraged from doing so by the fear of mutual annihilation. They were daunted by the outlook of living in a world following such massive destruction. In short, it could be deduced that the entire Cold War was based on people from both sides being unwilling to kick off a real war! It’s not unreasonable to consider that if deterrence as a principle worked to discourage global thermonuclear war, it could certainly prove useful in our relatively smallish domain of high-stakes testing.

What is Deterrence?

Deterrence is a set of actions taken by a testing program—in educational, psychological or workplace testing—with the single goal of inhibiting and discouraging individuals from committing test fraud, either through cheating on exams or stealing test content. Deterrent methods aim to produce a psychological effect that presses would-be-cheaters to re-think and abandon unethical tendencies. The cartoon below illustrates what is perhaps an extreme form of deterrence: The hypnotist is able to “suggest” a course of action, rendering the volunteer powerless to resist.
Coherent principles of deterrence are hard to come by. When using Google to search the term “deterrence”, the results are dominated by examples of the deterrence of war, as well as examples of deterring criminals, deterring children who might misbehave, and even deterring dogs who like to wander beyond the boundaries of the yard. Except to describe deterrence as a “motivational force”, or as a product of the fear of punishment, there is little in the way of psychological theory or principles to guide us. Lacking that, this article and Lockbox edition will attempt to provide some guidelines—suggestions, really—of what we in the testing community can do to effectively deter cheaters and thieves. Before we explore what these actions are, it’s important to take some time to show how deterrence fits into the overall scheme of the security-based protections available to testing programs.

A Brief Primer on Protection—How Deterrence Fits

The key to a successful security plan for a testing program is understanding how to protect its assets from its threats. Most programs don’t think in terms of protecting assets, but that is the best way to describe the purpose of test security. I would argue with conviction that the most important asset for any program is its test scores, which, when trusted completely, can be used for many valuable and important decisions in society. A secondary asset may be the exams that are taken to produce the scores. It is important to make sure that those exams are not stolen or shared for the benefit of cheaters, as this would negatively affect the assessment program’s most important asset.

Protecting those assets requires three classes of behaviors, each one attempting to counter the effectiveness of known test security threats. (To view a comprehensive list of these threats, click here.) The three legs of the “protection” stool are:
You might also like...
More Reads
Investigate the theory of deterrence, understand the differences between specific and general strategies, and learn how to incorporate the components of severity, certainty, and celerity into your deterrence program.
What happens when the women of the assessment industry gather together for drinks and hors d'oeuvres? Relationships are strengthened, a cause is established, and others' lives are uplifted. Find out how you can get involved at next year's pre-ATP Women in Testing Reception.
"Deterrent methods can be effective for threats that are difficult, and sometimes even impossible to prevent or detect."
Join our mailing list
Copyright© 2019 Caveon, LLC.
All rights reserved. Privacy Policy | Terms of Use
Interested in learning more about how to secure your testing program? Want to contribute to this magazine? Contact us.

Deterrent Actions a Program can Take

This section can be considered a form of brainstorming on my part. The statements on the list are likely not exhaustive of all that can be done to deter fraudsters. And I’m sure they overlap in many ways. My goal in presenting this list is to show the richness and diversity of potential deterrence methods. I have also tried to provide an example or two. I would invite thoughtful readers to add to this list by sending me their ideas directly. Without further ado (and in no particular order):
      • Post your test security rules everywhere, including on walls or websites, and provide the reasons for them. In a non-testing example, in the winter of 2002, the U.S. Olympic Committee was able to significantly reduce the improper sale of unlicensed souvenirs by simply informing vendors in and around Park City, Utah that sales were against the law. It is possible that many test takers are unaware of the rules, and if informed, would follow them.
      • Communicate to the fraudsters directly. Let fraudulent individuals know you are aware of them and how they intend to cheat or steal your tests, and that you have put in place very effective measures to stop them. Let them know you are not at all shy about punishing them should they try.
      • Address the honest test-takers directly. Let honest individuals know how proud you are of them, and that you will be taking every possible step to protect them as they strive to complete a course, grade level, certification, or a license to practice. Let them know that you understand how valuable those goals are to them and that you are 100% committed to the fairness of the process for each of them. Let them know you will be seeking out and dealing harshly with any attempts to cheat or commit other types of fraud.
      • Describe yourself. Describe your commitment to protecting your tests and your candidates/students with emotion and strength. Make the fraudsters see the formidable opponent they are up against. Describe your stakeholder support and mention your security resources in as much detail as you are comfortable with. Emphasize that no infraction is too small, and that you will follow up with investigations and legal actions.
      • Describe the punishments or sanctions you intend to use. Provide vivid examples of the punishments that await cheaters/thieves and how you have used these punishments these in the past. Even after all these years, I find it heartening that GMAC still has control over the website, which was confiscated by legal judgment. If you go to the website, GMAC provides some great deterrence messages. Other sanctions for Scoretop included fines and the confiscation of its hard drives containing customer information.
      • Explain the very low likelihood of fraudsters being successful. Describe what you have done to prevent cheating. Mention your protective test designs, how the liberal use of larger item pools and randomization makes your test questions quite unpredictable. You can describe better training for proctors, almost foolproof new authentication steps, the extensive use of cameras, and web monitoring and data forensics, to name just a few. Altogether, these elements of your security plan present an intimidating picture. From the cheater’s point of view, the lower hanging fruit of less secure programs will be much more attractive.
      • Describe the preventative systems your program has in place. Explain why successful theft and cheating efforts are dead to begin with and how your use of innovative security measures like SmartItems™ prevents all item harvesting and most forms of cheating. Let potential fraudsters know that honest preparation, learning, and experience is the only way to do well on your tests.
      • Describe detection systems in place along with triggered reactions. Mention your tip line, cameras, forensics, web patrol, testing land mines, authentication biometrics, proctors, keyboard sensors, etc. Overwhelm would-be-cheaters with descriptions of detection defenses. Provide statistics on unsuccessful attempts versus successful attempts. Be accurate. Show the data.
      • Consider embellishing your security. Even before security measures are operational, feel free to describe them as if they are already in place. You can be vaguely mysterious. Inspire the fear-based imagination of the fraudsters. People are often more afraid of what they imagine than what is real.
      • Require agreements for test takers and other partners in testing. Explain the purpose and value of the agreements. An honor code commitment can be a part of these agreements. Reinforce that the agreements give you the foundation for legal action should an incident occur.
      • Describe the rewards for honest test taking. Honesty and dishonesty are two sides of the same coin. Give test takers an honorable and reasonable alternative to cheating, and they will be less likely to cheat. Let them know that they can achieve the result they want through the more direct and easier way of obtaining learning and experience.
      • Redundancy and Flooding. Make sure all of these points are communicated clearly, in multiple ways, and often.

      1. Prevention. Prevention consists of actions a program can take to actually stop or reduce the risks associated with the threats before they even get off the ground. While not its primary purpose, preventative solutions can have a significant deterrent effect, but only if the scope and effectiveness of those solutions are communicated broadly.
      2. Detection/Reaction. These are systems put in place to detect when a threat has turned into a breach. Detecting the very beginning of a breach is associated with an automatic and immediate pre-determined set of responses intended to stop the breach and mitigate any damage. As with preventative measures, Detection/Reaction solutions can have a significant deterrent effect, but only if the scope and effectiveness of those solutions are broadly communicated.
      3. Deterrence. The third leg of the stool is deterrence, which is the subject of this article. To contrast it with the other two legs, deterrence is a set of actions involving specific communications that are meant to discourage and inhibit test takers from cheating or committing other forms of test fraud.

At this point, there are no logic nor data to suggest that deterrence should not be considered an equally important part of any test security plan. In fact, if the reader reviews the list of cheating and theft threats (see link above), it seems reasonable to conclude that deterrence may be considered the most broadly applicable protection method. Deterrent methods can be effective for threats that are difficult, and sometimes impossible to prevent or detect.

With that said, keep in mind that deterrence is not a subset of prevention. Deterrence methods do not attempt to prevent testing misbehavior, as test takers and others can still cheat and steal content to the same degree as they could before the deterrence messages were put in place. Deterrence is not a part of the detection family either, as it does not assist in pinpointing cheating or theft.
In Summary

In the realm of high-stakes testing, deterrence has either been an afterthought, forgotten about entirely, or applied unsystematically. In addition, deterrence is often misunderstood and confused with other security solutions. Hopefully, after reading this article and Lockbox edition, you can agree that it’s time for deterrence to have its moment in the sun. After all, deterrence has a very effective group of solutions that, when carefully planned for and used, benefit assessment programs of all sizes.