British Tax Agency HMRC Alleged to Collect 5.1 Million British Voice Records

A British privacy and civil liberties organization found that the HM Revenue and Customs (HMRC) has collected more than 5.1 million British voice records.

HMRC was accused of collecting these voice records through a new service launched in January 2017. The service is named “Voice ID” and allows British citizens to authenticate themselves with their voice when calling the HMRC call center.

When it was released, the HMRC website claimed that users could choose not to use this feature and continue to authenticate and prove their identity through conventional methods.

However, a survey conducted by the privacy protection organization Big Brother Watch found that when calling the HMRC support line, there was no option to opt out. All callers were forced to record tracks for use with voice recognition services.

The only way to avoid creating tracks is to say “no” three times during the track’s creation, which was discovered by privacy researchers. This process is described in detail in the survey report of Big Brother Watch.

Unfortunately, the Voice ID system does not directly indicate this option and asks the user for a speech sample each time he dials.

Members of the Big Brother Watch believe that HMRC did not provide a simple way to withdraw, thereby infringing the rights of users.

In addition, after a lengthy and complicated process, users can only choose not to use speech recognition for the authentication process, but users cannot delete their speech patterns from the HMRC database.

Big Brother Watch stated that it had submitted FOIA requests, but HMRC officials declined to disclose how users removed their recordings from the HMRC database. At the same time, HMRC officials also declined to disclose the contents of voice recordings that were shared with other third parties and government agencies. The only detail revealed by HMRC officials is that on March 13, 2018, the Voice ID system had more than 5.1 million users.

The privacy protection organization believes that HMRC has clearly violated the GDPR (EU General Data Protection Regulations) and did not allow Britons to obtain their own choices, nor did they provide them with a simple way to revoke their licenses to delete their personal Biometric data.

Officials at Big Brother Watch are currently urging users to file complaints with HMRC and submit another complaint about HMRC to the Office of the United Kingdom’s National Data Protection Agency (ICO).

The privacy protection organization stated that it has informed ICO officials about the results of this investigation, and the latter has started an official investigation of HMRC’s conduct.