Data and securityCyber SecurityHMRC storing voice ID data ‘without consent’

HMRC storing voice ID data 'without consent'

HM Revenue and Customs has collected 5.1 million taxpayers’ voiceprints without their consent, according to a privacy campaign group

HM Revenue and Customs has collected 5.1 million taxpayers’ voiceprints without their consent, according to privacy campaign group, Big Brother Watch.

Millions of callers to HMRC have been required to repeat the phrase, “My voice is my password” on an automated line before being able to access services. Big Brother Watch said taxpayers are being “railroaded into a mass ID scheme” as they are not given the choice to opt in or out, in a scheme that experts say breaches UK data protection laws.

Big Brother Watch submitted Freedom of Information requests revealing the Government department has amassed a staggering 5.1 million voiceprints.

However, HMRC has refused to disclose which other Government departments the voice IDs have been shared with, how the IDs are stored and used, whether it is possible to delete a voice ID, which legal territory the data is kept in, how much the scheme has cost taxpayers, or the legally-required ‘privacy impact assessment’.

The Information Commissioner’s Office is now investigating the issue.

After members of the public raised concerns, Big Brother Watch tested the system and found there is no option for callers to opt out of the ID scheme, or have their voiceprint securely deleted.

HMRC’s automated line instructs callers, “I’ll need you to say exactly those words”.

Callers that say “no” are repeatedly instructed by the automated line, “It’s important you repeat exactly the same phrase. Please say ‘My voice is my password’”.

Voice IDs identify taxpayers just by hearing their voice when they call HMRC’s helpline. Voice ID technology converts the sound and rhythm of each person’s voice into a uniquely identifying numerical pattern, as sensitive as a fingerprint.

However, the security of voice ID has been disputed. The technology came under fire in 2017 when a BBC reporter tricked HSBC’s voice ID system into allowing access to a bank account.

Silkie Carlo, director of Big Brother Watch, said: “Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing. The tax man is building Big Brother Britain by imposing biometric ID cards on the public by the back door. The rapid growth of the British database state is alarming. These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives. HMRC should delete the 5 million voiceprints they’ve taken in this shady scheme, observe the law and show greater respect to the public.”

Pat Walshe, data protection law expert and director of Privacy Matters, said: “HMRC’s voiceprint scheme appears to be almost surreptitious, failing to meet basic data protection principles. The non-transparent manner harvesting of people’s data and significant questions of lawfulness are troubling.Given the significant number of citizens involved, and the potential for broader use of biometric voiceprints by government agencies, the ICO could issue a notice requiring the temporary suspensions of the scheme.”

A spokesperson for HMRC said: “Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems. The Voice ID data storage meets the highest government and industry standards for security.”

GDPR requires organisations to obtain explicit consent before they use biometric data to identify someone, including voice recordings.

Related Articles

Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

8h Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

1w Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

1w Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2w Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2m Jay Ashar
AI support: Outnumbered but not outgunned

Cyber Security AI support: Outnumbered but not outgunned

2m Piers Wilson
A shot in the arm for Bristol's cybersecurity

Cyber Security A shot in the arm for Bristol's cybersecurity

2m Jay Ashar
Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

2m Austin Clark