Data and securityCyber SecurityHMRC storing voice ID data ‘without consent’

HMRC storing voice ID data 'without consent'

HM Revenue and Customs has collected 5.1 million taxpayers’ voiceprints without their consent, according to a privacy campaign group

HM Revenue and Customs has collected 5.1 million taxpayers’ voiceprints without their consent, according to privacy campaign group, Big Brother Watch.

Millions of callers to HMRC have been required to repeat the phrase, “My voice is my password” on an automated line before being able to access services. Big Brother Watch said taxpayers are being “railroaded into a mass ID scheme” as they are not given the choice to opt in or out, in a scheme that experts say breaches UK data protection laws.

Big Brother Watch submitted Freedom of Information requests revealing the Government department has amassed a staggering 5.1 million voiceprints.

However, HMRC has refused to disclose which other Government departments the voice IDs have been shared with, how the IDs are stored and used, whether it is possible to delete a voice ID, which legal territory the data is kept in, how much the scheme has cost taxpayers, or the legally-required ‘privacy impact assessment’.

The Information Commissioner’s Office is now investigating the issue.

After members of the public raised concerns, Big Brother Watch tested the system and found there is no option for callers to opt out of the ID scheme, or have their voiceprint securely deleted.

HMRC’s automated line instructs callers, “I’ll need you to say exactly those words”.

Callers that say “no” are repeatedly instructed by the automated line, “It’s important you repeat exactly the same phrase. Please say ‘My voice is my password’”.

Voice IDs identify taxpayers just by hearing their voice when they call HMRC’s helpline. Voice ID technology converts the sound and rhythm of each person’s voice into a uniquely identifying numerical pattern, as sensitive as a fingerprint.

However, the security of voice ID has been disputed. The technology came under fire in 2017 when a BBC reporter tricked HSBC’s voice ID system into allowing access to a bank account.

Silkie Carlo, director of Big Brother Watch, said: “Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing. The tax man is building Big Brother Britain by imposing biometric ID cards on the public by the back door. The rapid growth of the British database state is alarming. These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives. HMRC should delete the 5 million voiceprints they’ve taken in this shady scheme, observe the law and show greater respect to the public.”

Pat Walshe, data protection law expert and director of Privacy Matters, said: “HMRC’s voiceprint scheme appears to be almost surreptitious, failing to meet basic data protection principles. The non-transparent manner harvesting of people’s data and significant questions of lawfulness are troubling.Given the significant number of citizens involved, and the potential for broader use of biometric voiceprints by government agencies, the ICO could issue a notice requiring the temporary suspensions of the scheme.”

A spokesperson for HMRC said: “Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems. The Voice ID data storage meets the highest government and industry standards for security.”

GDPR requires organisations to obtain explicit consent before they use biometric data to identify someone, including voice recordings.

Related Articles

Q&A: How cyber security is changing in the public sector

Cyber Security Q&A: How cyber security is changing in the public sector

6d Austin Clark
NCSC defends UK from more than 10 cyber attacks a week

Cyber Security NCSC defends UK from more than 10 cyber attacks a week

4w Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

1m Austin Clark
Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

2m Austin Clark
Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

2m Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

2m Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

3m Guest Writer
Making the cloud a safe space

Cloud Computing Making the cloud a safe space

3m Guest Writer