Voice Recognition Technology: U.K. Revenue and Customs (HMRC) Has Taken 5.1 Million Taxpayers’ Biometric Voiceprints Without Consent
Big Brother Watch has been investigating the collection of sensitive personal data by HM Revenue and Customs. Their investigation revealed that HMRC has taken 5.1 million taxpayers’ biometric voiceprints without their consent.
What is a ‘Voice ID’?
Voice ID technology is a form of biometric identification and authentication, as sensitive as a fingerprint. Voice recognition technology is used to extract and analyse unique voice patterns and rhythms to identify a person using just their voice, checking over 100 behavioural and physical vocal traits including the size and shape of your mouth, how fast you talk and how you emphasise words.
Biometric voice ID is not the same as Automatic Speech Recognition (ASR), which automatically identifies words spoken and is not necessarily unique to each person. A biometric voice ID is a voiceprint that is unique to each individual.
HMRC’s mass collection of Voice IDs
Since January 2017, HMRC has been taking voice recordings from those who call the tax credits and self-assessment helplines to create a voiceprint that will be used to identify callers in the future.
HMRC deceptively promotes voice ID as an optional high-tech system to improve customer service, stating:
“HMRC will be encouraging customers who call to take advantage of the Voice ID service, but they can choose to opt-out and continue to use HMRC’s services in the usual way if they prefer.”[1]
Our investigation finds this statement to be misleading.
Upon calling HMRC’s self-assessment helpline we were met with an automated system. After the account verification questions, the system demanded that we create a voice ID by repeating the phrase “my voice is my password”.
Far from ‘encouraging’ customers, HMRC offers no choice but to do as the automated system instructs and create a biometric voice ID for a Government database.
In our investigation, we found that the only way to avoid creating a voice ID is to say “no” to the system – three times – before the system resolves to create your voice ID “next time”.
System: Finally what’s your date of birth?
Caller: *DOB provided*
System: Thank you. For some calls we are introducing a quicker and more secure way for you to identify yourself. You can skip these security questions in the future by using your voice to confirm who you are. Voice ID uses the sound and rhythm of your voice to identify a numerical pattern. This pattern is unique to you in the same way your fingerprint is. It works if you have an accent or are unwell. For example, you can still use Voice ID if you have a cold. It is the fastest and most secure way for us to know it is really you we are talking to. It’s easy to setup. You’ll be asked to repeat the sentence ‘My voice is my password’ multiple times. I’ll need you to say exactly those words. It takes about a minute. So, please say ‘My voice is my password’.
Caller: No
System: Sorry, it’s important you repeat exactly [emphasis in recording] the same phrase. Please say ‘My voice is my password’
Caller: No
System: Sorry, it’s important you repeat exactly [emphasis in recording] the same phrase. Please say ‘My voice is my password’
Caller: No
System: Sorry, I wasn’t able to create a Voice ID for you. This is often because of background noise or a bad connection. Don’t worry – next time we’re able to offer you Voice ID, we’ll try again. Please hold on a moment and I’ll transfer you to one of our advisors.
For quality and security this call might be recorded. We may need to ask you additional security questions before being able to help you.
Your rights under data protection law
The EU General Data Protection Regulation (GDPR), incorporated in UK law through the Data Protection Act 2018, prohibits the processing of biometric data for the purpose of uniquely identifying a person, unless the there is a lawful basis under Article 6.
However, because voiceprints are such sensitive data – and voice IDs are not necessary for dealing with tax issues – HMRC must also request the explicit consent of each taxpayer to enrol them in the scheme, as required by Article 9 of GDPR.
However, HMRC has in fact railroaded taxpayers into this unprecedented ID scheme.
On our analysis, that means HMRC must now delete this giant biometric database.
We have registered a formal complaint with the ICO, which is now investigating.
Consent
“Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.”[2]
Explicit consent must come from a very clear and specific statement of consent. This means offering citizens real informed choice and control. Genuine consent should empower the individual so that they feel fully informed and engaged in the decision making process.
Consent must be explicit with a positive opt-in. Explicit consent requires a very clear and specific statement of consent, naming any third party data controllers who will also rely on the consent. Blanket consent is not enough.
Your right to erasure
Individuals have the right to have their personal data erased if their data has been processed unlawfully. We believe it is very likely to apply in relation to HMRC’s voice ID scheme, as the Government department failed to obtain the consent of those enrolled.
All voiceprints processed without the explicit consent of the individual should be erased. Moreover, this erasure must be a secure and complete removal from HMRC’s system and any other third party – such as other Government departments – the IDs have been shared with.
Even if an individual consents to data collection, they have the right to withdraw their consent at any time and request that their data is securely erased.
Why is it so hard to securely delete a voice ID?
Our investigation found that HMRC does not have an accessible process to delete voice IDs. Whilst you can, at great lengths, unselect the use of voice ID as a security check, your voiceprint may not be deleted from Government databases.
We sent HMRC a Freedom of Information request, asking how an individual could securely delete their voice ID and use the usual method to access the helpline. Disturbingly, HMRC refused to answer our question under FOIA Exemption s31 (1) (a) – prejudice to the prevention or detection of crime.
This suggests that taxpayers’ voiceprints are being used in ways we do not know about.
The Freedom of Information Requests
5.1 million voice IDs – HMRC FOI Response 30.4.18
Refusing transparency – HMRC FOI Response 5.4.18
Big Brother Watch tries to delete a voice ID: transcript of our call to HMRC
At the beginning of the call, when the automated system asked our reason for calling, it did not recognise ‘removal of Voice ID’ as a valid call reason. Instead we followed the route of ‘something else’ and waited an agonising 15 minutes to be connected.
(Connected at 15:05)
Adviser: Good afternoon, you’re speaking to **** today. How can I help you?
Caller: I would like to remove my Voice ID from your system.
Adviser: That’s a good question. It’s a very good question. I’ll just see if there’s a way we can do that for you. Are you okay to just hold the line there?
Caller: Yeh, sure.
(Connected at 25:20)
Adviser: Hello I’m sorry for keeping you there. Thank you for waiting. Right there should be a way to get this done. When you made this call, did you get any options about opting in or opting out at all?
Caller: Opting in to using my voice as a password?
Adviser: Yes
Caller: No, I haven’t had any options on this call and when I signed up there was no suggestion that there was another way of doing it (verifying security).
Adviser: Okay if I could just confirm your [security details].
Caller: *Gives all security details*
Adviser: Thank you. Okay. So we should have a means by which we can remove this. Lets have a look here. (Pause). I take it you are already registered for the Voice ID service.
Caller: Yes that’s correct, I did it a couple of months ago.
Adviser: Right, here we go. One second there. I won’t keep you a moment. (Pause) Right that’s done for you so you’re now out of the Voice ID system.
Caller: Okay. So am I right in saying that it will be removed from any other systems it’s on across the Government that it may have been passed on to.
Adviser: Erm. That’s a good question. Let’s have a look here.
Caller: Does that suggest that there is a chance that it has already been passed on?
Adviser: (No initial response) One second. I don’t know whether it’s… let’s have a look here. So it’s available to tax credits, self-assessments, pay as you earn, child benefits and National Insurance.
Caller: Okay
Adviser: So once you’ve opted out of one you would effectively opt out of all of them.
Caller: Okay. So would my voice have been deleted from the system?
Adviser: I don’t know if it’s deleted but you’re out of the system so it won’t use your voice as a means to get through to the call any further. But whether it’s deleted or not, I don’t know.
Caller: Okay. So would it be possible for you to make sure it is deleted?
Adviser: It’s not something that I would be able to do.
Caller: Okay. Is there any way you could find out how the process of getting it deleted is done?
Adviser: Is there a particular concern that you have *Name*?
Caller: It was just a concern about my individual biometric data really and how it’s held and how it may be passed on to other government bodies. To do with GDPR and stuff like that.
Adviser: Right, one second. Okay are you alright to hold the line again?
Caller: Yeh, sure.
(Connected at 35:40)
Adviser: Thanks for waiting. Right in order to look at getting that deleted altogether the way to do that would be to make what’s referred to as a subject access request, which you can do online. There’s a form you can fill in there if you have a look at gov.uk and search for HMRC Subject Access Request.
Caller: HMRC Subject Access Request?
Adviser: Yes. There’s an online form that you can fill in and send in to us.
Caller: Okay and then once I do that it will be removed from all systems and databases that it might be held on?
Adviser: As far as I’m aware yes.
Caller: Okay. It’s just a general concern because I didn’t consent to having my voice on a database when the Voice ID was taken and I’d just like to make sure its removed from any Government system and couldn’t then be passed on.
Adviser: I’m with you, I’m with you. Yep so that would be the way to do it.
Caller: Through the website?
Adviser: Through the website yes.
Caller: Okay. Well thank you very much
Adviser: That’s okay, thanks for your call.
*
Featured image is from TruePublica.