British Tax Department Secretly Collected 5.1 Million Voice IDs
Activists have discovered that the Her Majesty’s Revenue and Customs (HMRC) department of the U.K., which is responsible for collecting taxes, has collected voice data on millions of people without due warning. The discovery was made by the organization Big Brother Watch after they submitted Freedom of Information requests regarding the HRMC helpline.
The requests revealed that HMRC collected up to 5.1 million taxpayers voiceprints through “the back door.” According to Big Brother Watch’s findings, HMRC was able to achieve this by forcing callers to say “My voice is my password” after calling their helpline.
Since millions of callers are not allowed to opt out when prompted to say the phrase “My voice is my password,” Big Brother Watch claimed that people were “railroaded into a mass ID scheme.”
“My voice is my password.”
Millions of taxpayers who call into the HMRC helpline are prompted by an automated voice to say the exact words, “My voice is my password.” When callers hesitate or say no, the helpline persists by telling them that “I’ll need you to say exactly those words.” The automated voice continues to prompt the caller by saying that “It’s important you repeat exactly the same phrase. Please say ‘my voice is my password’”.
Data experts stated the HMRC’s “voiceprint scheme” contravenes basic U.K. data protection laws. Pat Walshe, data protection law expert and director of Privacy Matters, told Big Brother Watch, “HMRC’s voiceprint scheme appears to be almost surreptitious, failing to meet basic data protection principles. The non-transparent manner harvesting of people’s data and significant questions of lawfulness are troubling.”
Silkie Carlo, director of Big Brother Watch, added, “The tax man is building Big Brother Britain by imposing biometric ID cards on the public by the back door.”
HMRC has refused to own up to concerns raised by Big Brother Watch and members of the British public. Some of the concerns raised include –
- Whether HMRC has shared the voiceprints with other government departments
- The manner in which the voice IDs are stored and to what purpose they are put
- Whether it is possible to delete the collected voiceprint on HMRC’s servers
- The legal territory where the voice data is preserved
- How much the voice ID scheme has cost taxpayers
- If a “privacy impact assessment” is complied with as required by law
HMRC Says Their Voice ID System Complies With All Government Standards
Voice IDs can identify individual callers and even pull up their data with HMRC just from the sound of their voice alone. The system analyzes the sound and rhythm of the caller’s voice and converts the data into a distinctive numerical pattern, which is as sensitive as a fingerprint.
The security of voice ID is controversial as a BBC reporter in 2017 was able to trick an HSBC bank into allowing the reporter access using a voice ID.
An HMRC spokesperson said that their voice ID system provides customers with a fast and secure route into their systems. He insisted the way their store the collected voiceprints conforms to the “highest government and industry standards for security.”