In June 2018, privacy campaigners at Big Brother Watch revealed that the UK’s tax authority, HMRC, had created a giant database of the voiceprints of 5.1 million people.
The biometric data had been collected without consent when taxpayers called phone hotlines asking for advice.
As we discussed at the time on the “Smashing Security” podcast, callers were asked to repeat the phrase “My voice is my password” before being able to access HMRC services.
Smashing Security #084: 'No! My voice is not my password'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
At the time, HMRC gave callers no easy way to opt out of what Big Brother Watch described as “one of the largest known state-held voice databases in the world.”
It seems Big Brother Watch’s revelation has done some good though.
HMRC’s automated helpline now asks callers whether they want to opt in or out of the ID scheme, and a recent Freedom of Information request has shown that although there are now some seven million users enrolled with a voice ID, since last June over 160,000 people have opted out of the scheme and had their biometric data deleted from HMRC’s systems.
But that means, of course, that there are still millions of voice IDs which were collected by the British government without permission.
That voice data should be deleted.
Fingers crossed that the Information Commissioner’s Office (ICO) which has been investigating Big Brother Watch’s complaint since mid-2018 agrees, and orders HMRC to wipe the data.
When I first came across HMRC wanting my voiceprint I was so incensed that I shouted NOOOOO down the phone very loudly and continiously. This caused the system to fail and it gave up. So next time I phoned HMRC I just shouted, aham, rude words into the phone and it gave up again.
I just could not believe that HMRC were asking for a voiceprint; as far as I was concerned no matter what they might say about 'only using it for HMRC' my view is that voiceprints will be accessed by any Government department that wants them.
Do we have an update from the ICO on this? I can;'t see anything on the ICO website.
I after waiting 30 mintes to speak to HMRC in Jan 2018 was appalled to be presented with the enforced voice recognition. It immediately seemed to be to be a major breahc of the then DPA98. I stayed silent three times – rather than saying no as i was worried even no might mean they recorded by voice and thankfully it then did move on to continue the call without it but I had no way of knowing that refusing to speak might mean I had the call cut out and I had to start holding again.
I then complained to the ICO, mentioned the issue on line and also did a subject access required to HMRC who confirmed (promptly) that they hold no voice data of mine.