HMRC are facing an investigation by the ICO after complaints from the privacy watchdog ‘Big Brother Watch’ who say HMRC have secretly recorded the voices of 5.1 million people who have called the hotline and failed to ask for permission to store this data. The watchdog says that this may be illegal.
Silkie Carlo, the director of Big Brother Watch, told one newspaper, “Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing. “
“The taxman is building Big Brother Britain by imposing biometric ID cards on the public by the back door. The rapid growth of the British database state is alarming.”
“These voice IDs could allow ordinary citizens to be identified by Government agencies across other areas of their private lives. ‘HMRC should delete the five million voiceprints they’ve taken in this shady scheme, “, as there’s no lawful basis for the collection of the voice samples, which aren’t necessary to the service’s ‘statutory function’, observe the law and show greater respect to the public.”
Callers to tax hotlines are told they can avoid standard security questions, involving their dates of birth and account numbers, simply by using their voice. The automated HMRC script tells them: ‘It is the fastest and most secure way for us to know it is really you we are talking to.’ The callers are then ordered to repeat ‘My voice is my password’ several times and if they try to object, they are told: ‘Sorry, it’s important you repeat exactly the same phrase.’
The id scheme, designed to enable people’s voices to act as passwords to unlock accounts and to be stored to be used as a high tech security check, has put HMRC into the privacy spotlight and are facing the investigation after it was reported they failed to ask permission to store the recordings and because there is no choice to opt out of the scheme
The technology is also used by high street banks. But privacy campaigners are alarmed that there is no opportunity to opt out of the HMRC scheme, which they say may breach the law requiring active consent to be given for private data to be stored.
There is also the chilling possibility of other Government departments using the voiceprints – and a data breach by criminal gangs could see voice IDs used to hack into private bank accounts.
When Big Brother Watch asked HMRC to provide them with details about how the system worked they were told that ‘5.1 million customers were enrolled with a Voice ID.’ HMRC were also asked how they obtained a callers’ consent. It did concede. that as it operates at the moment. consent was ‘on the basis of the implied consent of the customer’ but said it was developing a new process ‘which will be operated on the basis of the explicit consent of the customer’.
Under a new privacy law known as the General Data Protection Regulation (GDPR), organisations must ensure that customers have given consent to ways in which their data is used and requires organisations to obtain explicit consent before they use biometric data to identify someone, including voice recordings.
Big Brother Watch has now complained about Voice ID to the Information Commissioner’s Office (ICO), which has said it will be ‘making inquiries’.
An HMRC spokesman said: ‘Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems.
‘Voice ID data storage meets the highest Government and industry standards for security.’”
HMRC sources also said that identifying details were stored separately from the voice recordings.