Data and securityCyber SecurityHMRC storing voice ID data ‘without consent’

HMRC storing voice ID data 'without consent'

HM Revenue and Customs has collected 5.1 million taxpayers’ voiceprints without their consent, according to a privacy campaign group

HM Revenue and Customs has collected 5.1 million taxpayers’ voiceprints without their consent, according to privacy campaign group, Big Brother Watch.

Millions of callers to HMRC have been required to repeat the phrase, “My voice is my password” on an automated line before being able to access services. Big Brother Watch said taxpayers are being “railroaded into a mass ID scheme” as they are not given the choice to opt in or out, in a scheme that experts say breaches UK data protection laws.

Big Brother Watch submitted Freedom of Information requests revealing the Government department has amassed a staggering 5.1 million voiceprints.

However, HMRC has refused to disclose which other Government departments the voice IDs have been shared with, how the IDs are stored and used, whether it is possible to delete a voice ID, which legal territory the data is kept in, how much the scheme has cost taxpayers, or the legally-required ‘privacy impact assessment’.

The Information Commissioner’s Office is now investigating the issue.

After members of the public raised concerns, Big Brother Watch tested the system and found there is no option for callers to opt out of the ID scheme, or have their voiceprint securely deleted.

HMRC’s automated line instructs callers, “I’ll need you to say exactly those words”.

Callers that say “no” are repeatedly instructed by the automated line, “It’s important you repeat exactly the same phrase. Please say ‘My voice is my password’”.

Voice IDs identify taxpayers just by hearing their voice when they call HMRC’s helpline. Voice ID technology converts the sound and rhythm of each person’s voice into a uniquely identifying numerical pattern, as sensitive as a fingerprint.

However, the security of voice ID has been disputed. The technology came under fire in 2017 when a BBC reporter tricked HSBC’s voice ID system into allowing access to a bank account.

Silkie Carlo, director of Big Brother Watch, said: “Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing. The tax man is building Big Brother Britain by imposing biometric ID cards on the public by the back door. The rapid growth of the British database state is alarming. These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives. HMRC should delete the 5 million voiceprints they’ve taken in this shady scheme, observe the law and show greater respect to the public.”

Pat Walshe, data protection law expert and director of Privacy Matters, said: “HMRC’s voiceprint scheme appears to be almost surreptitious, failing to meet basic data protection principles. The non-transparent manner harvesting of people’s data and significant questions of lawfulness are troubling.Given the significant number of citizens involved, and the potential for broader use of biometric voiceprints by government agencies, the ICO could issue a notice requiring the temporary suspensions of the scheme.”

A spokesperson for HMRC said: “Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems. The Voice ID data storage meets the highest government and industry standards for security.”

GDPR requires organisations to obtain explicit consent before they use biometric data to identify someone, including voice recordings.

Related Articles

Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

3d Austin Clark
Three-quarters of government organisations not DMARC compliant

Cyber Security Three-quarters of government organisations not DMARC compliant

4d Jay Ashar
MoD invites applications for the design phase of Cyber Risk Tooling

Cyber Security MoD invites applications for the design phase of Cyber Risk Tooling

4w Jay Ashar
How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

Cyber Security How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

1m Chris Huggett
Government announces projects to boost diversity in cyber security

Cyber Security Government announces projects to boost diversity in cyber security

2m Austin Clark
Learning, development and diversity will help close the cyber skills gap in 2019

Cyber Security Learning, development and diversity will help close the cyber skills gap in 2019

2m Simon Hember
Top public sector tech trends in 2019

Change Management Top public sector tech trends in 2019

2m Gary Flood
Microsoft aims to boost public sector cloud security through new guidance

Cloud Computing Microsoft aims to boost public sector cloud security through new guidance

2m Austin Clark