Thousands of taxpayers tell HMRC to delete voiceprint data it stored without consent

"My voice is not my password."

Thousands of taxpayers tell HMRC to delete voiceprint data it stored without consent

In June 2018, privacy campaigners at Big Brother Watch revealed that the UK’s tax authority, HMRC, had created a giant database of the voiceprints of 5.1 million people.

The biometric data had been collected without consent when taxpayers called phone hotlines asking for advice.

As we discussed at the time on the “Smashing Security” podcast, callers were asked to repeat the phrase “My voice is my password” before being able to access HMRC services.

Smashing Security #84: ‘No! My voice is not my password’

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

At the time, HMRC gave callers no easy way to opt out of what Big Brother Watch described as “one of the largest known state-held voice databases in the world.”

It seems Big Brother Watch’s revelation has done some good though.

HMRC’s automated helpline now asks callers whether they want to opt in or out of the ID scheme, and a recent Freedom of Information request has shown that although there are now some seven million users enrolled with a voice ID, since last June over 160,000 people have opted out of the scheme and had their biometric data deleted from HMRC’s systems.

But that means, of course, that there are still millions of voice IDs which were collected by the British government without permission.

That voice data should be deleted.

Fingers crossed that the Information Commissioner’s Office (ICO) which has been investigating Big Brother Watch’s complaint since mid-2018 agrees, and orders HMRC to wipe the data.

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

2 Responses

  1. Gary

    January 28, 2019 at 1:18 pm #

    When I first came across HMRC wanting my voiceprint I was so incensed that I shouted NOOOOO down the phone very loudly and continiously. This caused the system to fail and it gave up. So next time I phoned HMRC I just shouted, aham, rude words into the phone and it gave up again.

    I just could not believe that HMRC were asking for a voiceprint; as far as I was concerned no matter what they might say about ‘only using it for HMRC’ my view is that voiceprints will be accessed by any Government department that wants them.

  2. Jane Smith

    April 5, 2019 at 3:36 pm #

    Do we have an update from the ICO on this? I can;‘t see anything on the ICO website.
    I after waiting 30 mintes to speak to HMRC in Jan 2018 was appalled to be presented with the enforced voice recognition. It immediately seemed to be to be a major breahc of the then DPA98. I stayed silent three times - rather than saying no as i was worried even no might mean they recorded by voice and thankfully it then did move on to continue the call without it but I had no way of knowing that refusing to speak might mean I had the call cut out and I had to start holding again.

    I then complained to the ICO, mentioned the issue on line and also did a subject access required to HMRC who confirmed (promptly) that they hold no voice data of mine.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.