HMRC accused of voice ID data protection breaches
Privacy campaigners have accused HMRC of breaching data protection laws by collecting more than five million ‘voiceprints’ without explicit consent.
The Information Commissioner’s Office (ICO) is investigating a complaint made by advocacy group Big Brother Watch against HMRC after the tax authority used an ‘implied consent’ model to collect voice identification information on taxpayers.
Responding to Freedom of Information Requests from Big Brother Watch, HMRC revealed that since it launched the Voice ID scheme in January 2017 it has taken 5.1 million taxpayers’ biometric voiceprints in January 2017. These voice recordings are from those who called the tax credits and self assessment helplines.
After responding to initial account verification questions, callers to the helplines are asked to create a voice ID by repeating the phrase “my voice is my password” before being able to access services. The data is then used to create a ‘voiceprint’ that can identify them in the future.
Concerns over the service and other aspects of HMRC's 'data harvesting' were raised back in March in Wendy Bradley's piece for AccountingWEB on the tax authority going beyond its remit in demanding more information than the law requires taxpayers to submit.
The department said it collected these voiceprints “on the basis of the implied consent of the customer,” although a process of explicit consent is currently being established, and the data is held to the “highest government and industry standards for security”.
|What is Voice ID?
Voice ID technology is a form of biometric identification and authentication, as sensitive as a fingerprint. Voice recognition technology is used to extract and analyse unique voice patterns and rhythms to identify a person using just their voice, checking over 100 behavioural and physical vocal traits including the size and shape of your mouth, how fast you talk and how you emphasise words.
Biometric voice ID is not the same as Automatic Speech Recognition (ASR), which automatically identifies words spoken and is not necessarily unique to each person. A biometric voice ID is a voiceprint that is unique to each individual.
Source: Big Brother Watch
Opting out and deletion
Callers are able to access services without using voice ID, but HMRC admits to “encouraging customers who call to take advantage of the Voice ID service”. The department states that taxpayers can “choose to opt-out and continue to use HMRC’s services in the usual way if they prefer.”
But Big Brother Watch claims this is misleading. In a statement on its website, the group said that on calling HMRC’s self assessment helpline they were met with an automated system that “demanded that we create a voice ID by repeating the phrase ‘my voice is my password’
“Far from ‘encouraging’ customers,” continued the statement, “HMRC offers no choice but to do as the automated system instructs and create a biometric voice ID for a government database.
The group found that the only way to avoid creating a voice ID is to say ‘no’ to the system three times before the system states that it will create your voice ID ‘next time’.
Responding to the claims, an HMRC spokesperson said: “if a customer wishes to opt out of Voice ID, they tell an advisor that they wish to opt out and whether they would like their voiceprint to be deleted”.
However, when a representative from Big Brother Watch called to delete a voice ID, they claimed that HMRC does not have an accessible process to do so.
During a call to HMRC to remove the data, the automated system did not recognise ‘removal of Voice ID’ as a valid call reason, prompting a 15-minute wait to be connected.
When connected to an advisor, a transcript of the 35-minute call revealed that although the caller was able to opt out of using voice ID on the system it was not possible for the HMRC representative to completely remove the caller’s biometric data from the system altogether, and the caller would have complete an HMRC subject access request.
Is the scheme GDPR-compliant?
The General Data Protection Regulation (GDPR), came into force across Europe on 25 May this year and requires organisations to obtain explicit consent before they use biometric data to identify someone, including voice recordings.
Big Brother Watch claims that because voiceprints are such sensitive data, and voice IDs are not necessary for dealing with tax issues, HMRC must obtain the explicit consent of each taxpayer to enrol them in the scheme under Article 9 of GDPR or delete the records.
According to ICO guidelines, consent means “offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.”
‘Biometric ID cards through the back door’
Silkie Carlo, director of Big Brother Watch, called for the deletion of the five million voiceprints. “Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing,” she said and added that HMRC was “building big brother Britain by imposing biometric ID cards on the public by the back door.
“These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives.”
Responding to the claims an HMRC spokesperson said: “Our voice ID system is very popular with customers, as it gives a quick and secure route into our systems. The voice ID data storage meets the highest government and industry standards for security.”
HMRC sources also told the BBC that identifying details were stored separately from voice recordings.
An ICO spokesperson said: “We have received a complaint about HMRC’s voice ID scheme and will be making enquiries.”
Pat Walshe, director of a separate group, Privacy Matters, stated that the scheme was “failing to meet basic data protection principles,” and it was possible that the ICO could issue a notice requiring its temporary suspension.
*29 June 2018 - This article was amended to include a reference to a previous AccountingWEB piece on the subject*