Data and securityCyber SecurityHMRC storing voice ID data ‘without consent’

HMRC storing voice ID data 'without consent'

HM Revenue and Customs has collected 5.1 million taxpayers’ voiceprints without their consent, according to a privacy campaign group

HM Revenue and Customs has collected 5.1 million taxpayers’ voiceprints without their consent, according to privacy campaign group, Big Brother Watch.

Millions of callers to HMRC have been required to repeat the phrase, “My voice is my password” on an automated line before being able to access services. Big Brother Watch said taxpayers are being “railroaded into a mass ID scheme” as they are not given the choice to opt in or out, in a scheme that experts say breaches UK data protection laws.

Big Brother Watch submitted Freedom of Information requests revealing the Government department has amassed a staggering 5.1 million voiceprints.

However, HMRC has refused to disclose which other Government departments the voice IDs have been shared with, how the IDs are stored and used, whether it is possible to delete a voice ID, which legal territory the data is kept in, how much the scheme has cost taxpayers, or the legally-required ‘privacy impact assessment’.

The Information Commissioner’s Office is now investigating the issue.

After members of the public raised concerns, Big Brother Watch tested the system and found there is no option for callers to opt out of the ID scheme, or have their voiceprint securely deleted.

HMRC’s automated line instructs callers, “I’ll need you to say exactly those words”.

Callers that say “no” are repeatedly instructed by the automated line, “It’s important you repeat exactly the same phrase. Please say ‘My voice is my password’”.

Voice IDs identify taxpayers just by hearing their voice when they call HMRC’s helpline. Voice ID technology converts the sound and rhythm of each person’s voice into a uniquely identifying numerical pattern, as sensitive as a fingerprint.

However, the security of voice ID has been disputed. The technology came under fire in 2017 when a BBC reporter tricked HSBC’s voice ID system into allowing access to a bank account.

Silkie Carlo, director of Big Brother Watch, said: “Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing. The tax man is building Big Brother Britain by imposing biometric ID cards on the public by the back door. The rapid growth of the British database state is alarming. These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives. HMRC should delete the 5 million voiceprints they’ve taken in this shady scheme, observe the law and show greater respect to the public.”

Pat Walshe, data protection law expert and director of Privacy Matters, said: “HMRC’s voiceprint scheme appears to be almost surreptitious, failing to meet basic data protection principles. The non-transparent manner harvesting of people’s data and significant questions of lawfulness are troubling.Given the significant number of citizens involved, and the potential for broader use of biometric voiceprints by government agencies, the ICO could issue a notice requiring the temporary suspensions of the scheme.”

A spokesperson for HMRC said: “Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems. The Voice ID data storage meets the highest government and industry standards for security.”

GDPR requires organisations to obtain explicit consent before they use biometric data to identify someone, including voice recordings.

Related Articles

Top public sector tech trends in 2019

Change Management Top public sector tech trends in 2019

6d Gary Flood
Microsoft aims to boost public sector cloud security through new guidance

Cloud Computing Microsoft aims to boost public sector cloud security through new guidance

2w Austin Clark
Infographic: Cyber Security in 2019

Cyber Security Infographic: Cyber Security in 2019

3w Austin Clark
Cyber security is about much more than technology

Cyber Security Cyber security is about much more than technology

1m Austin Clark
Q&A: How cyber security is changing in the public sector

Cyber Security Q&A: How cyber security is changing in the public sector

3m Austin Clark
NCSC defends UK from more than 10 cyber attacks a week

Cyber Security NCSC defends UK from more than 10 cyber attacks a week

3m Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

3m Austin Clark
Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

4m Austin Clark