29.1.19

Hear me out! Thousands tell UK taxman to wipe their voice IDs




Even so, the database has grown to seven million voiceprints amid a controversy that puts the spotlight on the privacy implications of the collection of biometric information
In June 2018, a British privacy campaign group called Big Brother Watch accused the country’s tax authority of amassing the voiceprints of millions of people without asking for their explicit consent.
Within six months, more than 162,000 people would opt out of the voice ID scheme of Her Majesty’s Revenue and Customs (HMRC) and would have their biometric data deleted. While the thousands exercised their right to be forgotten as enshrined in the European Union’s General Data Protection Regulation (GDPR), another 2.1 million people joined the scheme between June and December 2018, bringing the number of people with voiceprints on file to around 7 million.
These developments come on the heels of a controversy that came to a head last summer when Big Brother Watch accused HMRC of “creating biometric ID cards by the back door” for 5.1 million taxpayers. The campaigners alleged that “HRMC has in fact railroaded taxpayers into this unprecedented ID scheme”, without providing a straightforward opt-out method. HMRC introduced the voice recognition system in January 2017.
Although there was a way to say ‘no’ to the scheme – it required saying ‘no’ to automated requests three times in a row – the opt-out route was not, in fact, immediately obvious (as detailed here). Instead, HMRC’s automated helpline instructed millions of callers to repeat the phrase “My voice is my password” up to five times in order to create a unique voiceprint for each of them and use it to verify the caller’s identity in the future.
The issue has also prompted the privacy campaigners to file a complaint with the Information Commissioner’s Office (ICO). The UK’s data protection watchdog has yet to decide on whether HMRC has been seeking user consent that is “freely given, specific, informed and unambiguous”, another requirement set out in the GDPR.
Either way, HMRC revamped the recording in July, introducing a clear option for callers to turn down the voice ID, as well as delete their existing voiceprints. By the taxman’s own admission, this option had not been stated explicitly before. As noted in HMRC’s Voice ID privacy notice, callers who reject the biometric option can continue to answer security questions to access their HMRC accounts.
ESET UK cybersecurity specialist Jake Moore views the news as a positive, but also sounded a warning: “It’s very promising that people can now delete their biometric voice data if they choose to. However, if HMRC took such data without consent then this is a different story. People should be given the option from the start whether to have their biometric data stored by the provider or not. Usually, people will assume this data will also be encrypted and kept highly secure, too”.
Meanwhile, the tax agency has also had to respond to concerns about the security of the collected data, not least because of the size of its database. HMRC has said that the data is encrypted, stored in a data center in the UK, and is never shared with anyone outside the agency.
HMRC is no stranger to biometrics, having also embraced the technology on its mobile app both for Android and iPhones. Besides authentication relying on a PIN code, people can also prove their identity using face recognition and fingerprint scanning.