In June 2018, privacy campaigners at Big Brother Watch revealed that the UK’s tax authority, HMRC, had created a giant database of the voiceprints of 5.1 million people.
The biometric data had been collected without consent when taxpayers called phone hotlines asking for advice.
As we discussed at the time on the “Smashing Security” podcast, callers were asked to repeat the phrase “My voice is my password” before being able to access HMRC services.
At the time, HMRC gave callers no easy way to opt out of what Big Brother Watch described as “one of the largest known state-held voice databases in the world.”
It seems Big Brother Watch’s revelation has done some good though.
HMRC’s automated helpline now asks callers whether they want to opt in or out of the ID scheme, and a recent Freedom of Information request has shown that although there are now some seven million users enrolled with a voice ID, since last June over 160,000 people have opted out of the scheme and had their biometric data deleted from HMRC’s systems.
But that means, of course, that there are still millions of voice IDs which were collected by the British government without permission.
That voice data should be deleted.
Fingers crossed that the Information Commissioner’s Office (ICO) which has been investigating Big Brother Watch’s complaint since mid-2018 agrees, and orders HMRC to wipe the data.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.