HMRC used ‘implied consent’ to collect voiceprints of five million citizens

Written by Sam Trendall on 25 June 2018 in News

ICO investigating tax agency after investigation by advocacy group Big Brother Watch 

The Information Commissioner’s Office is investigating a complaint made against HM Revenue and Customs, after the department used an “implied consent” model to collect voice identification information on more than five million citizens. 

Responding to a Freedom of Information request from the privacy advocacy group Big Brother Watch, HMRC said that, as of 13 March 2018, 5.1 million citizens were enrolled on its voice ID scheme. The department also said that these identifications had been collected “on the basis of the implied consent of the customer” – although a process of explicit consent is being developed, it added.

A call transcript provided by Big Brother Watch indicates that callers to HMRC’s self-assessment helpline are automatically prompted to say the phrase “my voice is my password”, with no option given to decline to provide a voice ID. The only way to avoid doing so, according to Big Brother Watch, is to refuse to say the phrase or say ‘no’ instead three times in a row. At which point the automated system tells callers they can “try again” to create a voice ID next time they call.

When asked under FOI about the process by which citizens can opt out of the voice ID programme, HMRC said that “if a customer wishes to opt out of VoiceID, they tell an advisor that they wish to opt out, and whether they would like their voiceprint to be deleted”.

Related content

A further call transcript provided by Big Brother Watch also shows that, after waiting 15 minutes to be connected to an advisor, a caller to HMRC was put on hold for a further 10 minutes while the adviser looked into their request to have their voice ID removed from the department’s systems. The adviser was then able, on the caller’s behalf, to opt out of using voice ID for all applicable HMRC services.

But the adviser claimed that deleting the caller’s voice data entirely is “not something that I would be able to do” over the phone, according to Big Brother Watch. After another lengthy period on hold, the caller is advised that, if they wish to completely delete their voice ID, they must go online and fill out an HMRC Subject Access Request form.

Big Brother Watch also used FOI requests to ask HMRC to provide info on where and by whom the voice ID data is stored, what agencies have access to it, what “procedural guidelines” govern the storage, access, and use of the data, and how much has been spent on installing and maintaining the necessary technology. The department was also asked by the activist group to provide details of the privacy impact assessment undertaken in advance of implementing the voice ID scheme.

HMRC declined to provide responses to any of these questions, citing FOI Act exemptions under the possibility of prejudice to the prevention or detection of crime and, in the case of enquiry regarding spending, commercial interest exemptions.

The department did, however, respond to confirm that it has not yet consulted the Biometrics Commissioner about the voice ID programme. 

Big Brother Watch has filed a complaint against HMRC with the ICO – the UK’s data-protection watchdog.

An ICO spokesperson said: “We have received a complaint about HMRC’s voice ID scheme and will be making enquiries.”

Silkie Carlo, director of Big Brother Watch, said that “HMRC should delete the five million voiceprints they’ve taken in this shady scheme, observe the law, and show greater respect to the public”.

“Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing. The tax man is building big brother Britain by imposing biometric ID cards on the public by the back door,” she added. “The rapid growth of the British database state is alarming. These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives.”

An HMRC spokesperson said: “Our voice ID system is very popular with customers, as it gives a quick and secure route into our systems. The voice ID data storage meets the highest government and industry standards for security.”

About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

Police investigated 4,300 cyber offences last year – but charged fewer than 100 criminals
12 August 2022

The proportion of offences resulting in a formal charge increased slightly, but remains at barely more than one in every 50

Government appoints £2m firm to help build search tool for citizens’ internet records
29 July 2022

Defence contractor BAE Systems wins Home Office contract 

Met Police claims series of Oxford Circus arrests in facial-recognition deployment
20 July 2022

London force claims success from use of controversial technology, which was accompanied by public information effort – as well as protestors

National Crime Agency seeks to boost ranks of digital forensic specialists
15 July 2022

Eight roles on offer to boost technical ranks