Her Majesty’s Revenue and Customs (HMRC) in the UK is under investigation by that country’s regulator over the collection of more than 5 million biometric voice IDs.
The Information Commissioner’s Office (ICO) is investigating the tax agency’s practice, which may violate the recently implemented General Data Protection Regulation, following an official complaint from watchdog group Big Brother Watch. Among other problematic developments, the advocacy organization said that information on how individuals can easily and securely have their voiceprint deleted is not publicly accessible, and that the collection of the voiceprint is not being done with explicit consumer consent.
Since January 2017, HMRC has been taking voice recordings from those who call the department’s tax credits and self-assessment helplines to create a voiceprint that will be used to identify callers in the future. Billed as a boon for efficiency and making citizens’ lives better, the Voice ID technology that HMRC uses analyzes unique voice patterns and rhythms to identify a person using just their voice – this involves checking over 100 behavioral and physical vocal traits, including the size and shape of someone’s mouth, how fast he or she talks, and general diction and how words are emphasized.
“Biometric voice ID is not the same as Automatic Speech Recognition (ASR), which automatically identifies words spoken and is not necessarily unique to each person. A biometric voice ID is a voiceprint that is unique to each individual,” explained Big Brother Watch, in a posting on the situation on Sunday.
As such, because voiceprints are such sensitive data – and voice IDs are not necessary for dealing with tax issues – HMRC must also request the explicit consent of each taxpayer to enroll them in the scheme, as required by Article 9 of GDPR, which was made into UK law via its Data Protection Act. The GDPR also requires the right of erasure, in which any citizen has the right to request his or her private information be deleted – and that the process for doing so is transparent and straightforward.
But instead of explicit consent, HMRC said that it will “be encouraging customers who call to take advantage of the Voice ID service, but they can choose to opt-out and continue to use HMRC’s services in the usual way if they prefer.”
To boot, the opt-out process is not very straightforward. In the Big Brother Watch investigation and call transcripts, the automated voice assistant that answers when citizens call in will repeatedly – and more insistently each time – ask the caller to repeat the phrase “My voice is my password” before being able to access services; and only after three proactive “no” responses does it default to a different method.
The automated attendant then says, “Sorry, I wasn’t able to create a Voice ID for you. This is often because of background noise or a bad connection. Don’t worry – next time we’re able to offer you Voice ID, we’ll try again. Please hold on a moment and I’ll transfer you to one of our advisors.”
Big Brother Watch also submitted Freedom of Information requests to find out more about how the government is storing and handling the voiceprints, revealing that it has so far collected 5.1 million of them.
“However, HMRC has refused to disclose which other Government departments the voice IDs have been shared with, how the IDs are stored and used, whether it is possible to delete a voice ID, which legal territory the data is kept in, how much the scheme has cost taxpayers, or the legally-required ‘privacy impact assessment’,” Big Brother Watch said.
In one of the FOI requests, HMRC declined to discuss its erasure methodology.
“We sent HMRC a Freedom of Information request, asking how an individual could securely delete their voice ID and use the usual method to access the helpline,” Big Brother Watch said. “Disturbingly, HMRC refused to answer our question under FOIA Exemption s31 (1) (a) – prejudice to the prevention or detection of crime.”
The group’s investigation found that it’s possible to unselect the use of Voice ID as a security check by calling in and talking to an HMRC adviser, but that the deletion of the actual record as provided for by the GDPR requires a person to submit a data subject access form. The problem, according to Big Brother Watch, is that finding out the information on how to have a voiceprint deleted is far from easily accessible, with no information to be gleaned on how to do it short of calling in and speaking to someone at HMRC.
“There’s a form you can fill in there if you have a look at gov.uk and search for HMRC Subject Access Request,” the advisor told a Big Brother Watch representative during the investigation, once the investigator was finally connected to a live person and after back-and-forth questioning.
Big Brother Watch isn’t the only privacy group concerned about the situation.
“HMRC’s voiceprint scheme appears to be almost surreptitious, failing to meet basic data protection principles,” Pat Walshe, data protection law expert and director of Privacy Matters, said in a media statement. “The non-transparent manner harvesting of people’s data and significant questions of lawfulness are troubling. Given the significant number of citizens involved, and the potential for broader use of biometric voiceprints by government agencies, the ICO could issue a notice requiring the temporary suspensions of the scheme.”
Even so, the HMRC seemed unconcerned in an official statement: “Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems. The Voice ID data storage meets the highest government and industry standards for security.”
Andrew Bud, founder and CEO at iProov, said via email that in theory, convenience and privacy should be able to be balanced.
“Biometric authentication is the most user friendly and accessible way of determining whether a customer is in fact who they claim to be – just as humans would when at a customer service desk or at a border crossing, for example,” he said. “Extensive studies have also highlighted just how effective these modern machine learning tools are at getting this right compared with humans.”
He added, “Privacy and trust are vital. There is a big difference between biometric recognition, which identifies citizens sometimes without their knowledge, and biometric authentication that helps the citizen confirm their identity, to their benefit and under their control. Every organisation offering this capability must adhere to the stringent regulations now in force to protect users’ privacy.”