back to article UK taxman has amassed voice profiles of 5.1 million taxpayers

Campaign group Big Brother Watch has accused HMRC of creating ID cards by stealth after it was revealed the UK taxman has amassed a database of 5.1 million people's voiceprints. The department introduced its Voice ID system in January 2017. This requires taxpayers calling HMRC to record a key phrase, which is used to create a …

  1. Rob D.

    Give it a year

    And GDPR (probably) won't apply to the non-EU citizens living in the UK.

    1. Doctor Syntax Silver badge

      Re: Give it a year

      By default it becomes part of EU law on Brexit. The UK is going to need to keep it there in order to continue doing business with the EU. The new DPA specifically puts it into UK law more or less. It's the "less" bit that's going to cause problems down the line.

    2. }{amis}{
      Megaphone

      Re: Give it a year

      BZZZT wrong: The UK will not only keep complying with GPDR but will probably be in the situation of having to run even tighter implementation.

      The reason is that as an outsider to the EU the public security requirements that mostly defang GPDR against government bodies will no longer apply to the UK government.

      And as a mostly service-based economy, the UK will have no choice but to comply or lose a huge chunk of the countries GDP.

      1. Giovani Tapini

        Re: Give it a year

        Dogma rules over reality however. So we will lose the GDP. As a nation we seem to be behaving like a goth teenager locking themselves in the bedroom and promising never to come out again.

        1. Alan Brown Silver badge

          Re: Give it a year

          "Dogma rules over reality however. So we will lose the GDP."

          Do you really think a nation of shopkeepers would ever allow that?

          Losing the GDP would be the clarion call.

      2. Dan 55 Silver badge

        Re: Give it a year

        And as a mostly service-based economy, the UK will have no choice but to comply or lose a huge chunk of the countries GDP.

        What about Boris Johnson's two-word thought on the matter?

        1. earl grey
          Trollface

          Re: Give it a year

          "What about Boris Johnson's two-word thought on the matter?"

          I don't think "I brainless" counts as a thought.

        2. Anonymous Coward
          Anonymous Coward

          Re: Give it a year

          "What about Boris Johnson's two-word thought on the matter?"

          "Woof! Briplp?"

        3. Avatar of They
          Happy

          Re: Give it a year

          Which particular two words? He has come up with plenty and is an advert for plenty of two words phrases. :)

          However despite his best efforts the EU don't care about him or his thoughts. So the rules will still apply.

    3. Anonymous Coward
      Anonymous Coward

      Re: Give it a year

      It would be wonderful if we could get rid of GDPR and cookie consent too, then you will actually be able to use a website without having to first accept cookies then click on some privacy agreement thingy that no one ever reads. If only we were given the option to opt out of all that crap.

      1. Anonymous Coward
        Anonymous Coward

        Re: Give it a year

        > If only we were given the option to opt out of all that crap.

        You *are* given the option: do not go to websites that don't give a toss about you as an individual and run a charade of compliance with what at the end of the day are perfectly reasonable rules.

        The websites that my company operates have a two paragraph privacy policy that simply announces that we do not use cookies, trackers, "analytics" scripts or anything else and that the only way we will get any information about you is if you call us or email us. Information which of course we are happy to share with you or delete at any time. We did not invent this, we stole it from other sites on the web.

        What I find hard to believe is people's obsession with all that Google "analytics" crap. Unless you are running a marketing front (e.g., "news" sites such as this and the like) you do not need it and you do not want it. The only ones who are benefiting from it are Google themselves who take advantage of your voyeur tendencies.

        1. Alan Brown Silver badge

          Re: Give it a year

          > What I find hard to believe is people's obsession with all that Google "analytics" crap

          Which doesn't do much more than I was doing with canned log analysis scripts 30 years ago.

          In any case, Slurp AnalYtics are blocked by default in most script blockers.

          Do No Evil went out the window when they bought DoubleClick. Just like horror movie "The Stuff", what they ate, consumed them from the inside.

  2. Doctor Syntax Silver badge

    "HMRC ... is developing a new process which will be operated on the basis of the explicit consent of the customer."

    Translation. We had two years warning which we ignored. Now we realise we have to do it. Can we have a moratorium?

    1. macjules

      "HMRC ... is developing a new process which will be operated on the basis of the explicit consent of the customer."

      That means exactly the opposite. By the time Brexit has happened any 'civil rights' (oxymoron warning) of UK citizens subjects HMRC, along with most other departments, will have been able to exempt themselves from any liability.

      1. This post has been deleted by its author

        1. deive

          Symon, I think you may have misunderstood Macjules - or at least I read it differently to you!

          The word citizens is deleted and replaced with subjects as that is how the government are treating us. They currently think they are our superiors and not working for us.

    2. phuzz Silver badge

      "HMRC ... is developing a new process which will be operated on the basis of the explicit consent of the customer."

      And how will that work?

      ".. if you do not wish for your voice ID to be recorded, please hang up now"

      Yep, that'll be really helpful when you need to get your taxes sorted.

  3. Joe Harrison

    Not just HMRC

    My bank is doing this voice is my passport thing now. They do explicitly ask you though. Also heard that for years insurance claims have been using "Voice Stress Analysis" VSA, supposedly the AI can tell when you are lying about your lost expensive camera on holiday.

    1. Spanners Silver badge
      Big Brother

      Re: Not just HMRC

      @Joe Harrison I don't think voice stress analysis itself would be against GDPR if it does not actually store your voice. I imagine they now have to change the warning about recording from "training purposes" to include "and legal matters".

      1. Moog42

        Re: Not just HMRC

        The processing of VSA would be a form of automated decision making (yes they are lying so deny payment) and therefore under GDPR would be subject to the requirements of recital 71 and article 22.

    2. katrinab Silver badge

      Re: Not just HMRC

      The DWP tried that to detect benefits fraud, and they found that it didn't work at all.

  4. defiler

    I'm one of those 5M

    I can't begin to describe how infuriating it is being forced into a biometric registration because you absolutely positively must speak to someone at HMRC. Especially when the reason they're threatening immediate court action is because somebody fucked up and put a number in twice. Also, they send out letters demanding action "within 7 days of the date of this letter", and you don't actually receive them until the 7th day. Which in one case was the 31st of January, so you can imagine how much fun that was...

    What I will say, though, is if it lets me in when I'm anything short of enraged to the point of spitting then it's probably too lenient.

    I accept that they're just trying to do a job that nobody likes, but so many of them are so incompetent at it, or too constrained to be able to help out.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm one of those 5M

      Mmmh.. Wonder how many of the British 'Elite' are on this latest surveillance state data-obese? Oh, that's right... Just like at the airport there's a different door / different dedicated line for them!

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm one of those 5M

        "Mmmh.. Wonder how many of the British 'Elite' are on this latest "

        Mmmm ..... given that the richest 1% pay twice as much tax as the poorest 50% it's possible that some of them are, but more probably they pay accountants to look after their tax to make sure they don't pay any more than needed.

        1. annodomini2

          Re: I'm one of those 5M

          "but more probably they pay accountants to look after their tax to make sure they don't pay any more than needed as little as they can get away with."

          Corrected it for you.

    2. Anonymous Coward
      Anonymous Coward

      Re: I'm one of those 5M

      > I can't begin to describe how infuriating it is being forced into a biometric registration because you absolutely positively must speak to someone at HMRC.

      I have no idea how the system works, but can't you just put the radio on or fart on the phone or something when it's taking the samples? Let's see how good their "AI" is.

      1. defiler

        Re: I'm one of those 5M

        can't you just put the radio on or fart on the phone or something when it's taking the samples?

        I couldn't say. I didn't try. I was more concerned about getting to speak to someone who could stop the bailiffs turning up at my door.

        So, they basically nudged and winked at the strong arm of the law to get everyone to comply.

    3. Scroticus Canis
      Holmes

      Re: I'm one of those 5M

      I'm just amazed that they claim 5 million people actually got through to HMRC by phone!

    4. N2

      Re: I'm one of those 5M

      Also, they send out letters demanding action "within 7 days of the date of this letter", and you don't actually receive them until the 7th day.

      I must admit of all the nipple tweaking, cunt twanging practises big business & arse hat organisations like these have adopted over a number of years, this is one of the worst.

      Along with those "here to help" slogans.

  5. cbars Bronze badge

    opt-out

    I can't remember if it was my bank or HMRC, but I was so offended by the lack of an option for an opt-out, I just tried to break the damn thing. It was fun responding:

    "Say 'my voice is my id'"

    "No"

    "I'm sorry, please say the phrase in your normal tone of voice: 'my voice is my id'"

    "No fucking way, you bastards"

    "I'm sorry, please say the phrase in your normal tone of voice: 'my voice is my id'"

    "..."

    "I'm sorry, please say the phrase in your normal tone of voice: 'my voice is my id'"

    "camel horse fish pot"

    "I'm sorry, please say the phrase in your normal tone of voice: 'my voice is my id'"

    "I wonder what the error rate on this is"

    "I'm sorry, please say the phrase in your normal tone of voice: 'my voice is my id'"

    "meow"

    .

    .

    .

    (I can't remember how long this went on for)

    "I'm sorry, we're having trouble with our service right now, let me put you through to someone who can help'"

    "jackpot!"

    1. Anonymous Coward
      Anonymous Coward

      Re: opt-out

      "Say 'my voice is my id'"

      "My voice is my passport. Verify me" would have been much more awesome!

      Well, not really. Some years ago calling the Xerox help here in Finland insisted on saying to whether I needed technical support, sales or whatever the options were. The company I work for was a Xerox retailer at the time so I needed to ask for tech support weekly. Never in those couple years did it understand my dictation no matter how clearly or slowly I spoke. In the end I gave up, just mumbled something until it gave up and connected to a Real Person. My colleagues never had success either.

      Xerox probably couldn't just discard it because:

      a) the person who bought it wouldn't admit failure

      b) some people got frustrated and didn't call again

      c) they bought non-working tech but they'll cling on to it for a few years just because of the costs.

      1. Paul Herber Silver badge

        Re: opt-out

        "b) some people got frustrated and didn't call again"

        So, it worked exactly as required.

    2. 's water music

      Re: opt-out

      I can't remember if it was my bank or HMRC, but I was so offended by the lack of an option for an opt-out, I just tried to break the damn thing. It was fun responding:

      I applaud your anarchic approach but be careful what you wish for

    3. iron Silver badge

      Re: opt-out

      Nice. I was wondering what would happen if I just play some Motorhead down the phone at it.

    4. Anonymous Coward
      Anonymous Coward

      Re: opt-out

      well, I have long (at least the last ten years?) ignored the "voice" or even pad to enter or key in my this or that piece of bullshit, I just sit through the nonsense, this is the safest and fastest way to get through to a live person. Actually, even quicker, just go for "or any other problem / query / issue". It's quite funny though, it's like in the good old days of hunters/gatherers, you adopt to the changing environment (trolly hunters, etc.)

  6. EnviableOne

    cant say who they share this with as it "risked prejudicing the prevention or detection of crime"

    Sounds like law enforcement are getting it then

    1. Rich 11

      Catch-all Cop-out

      It's their crime they fear the detection of.

  7. Crisp

    Implied consent

    What's implied consent exactly?

    1. Davisch

      Re: Implied consent

      It is actually a concept in all legal codes I've come across. Basically it means that if for e.g. you hire a plumber to fix your kitchen sink at an approximate time, you have almost no chance of a successful trespass claim if said plumber is on you property anywhere near that time.

      That said, I don't see how it would work in this case.

  8. Lee D Silver badge

    I wonder how many people have a voice ID of:

    "Oh, feck off with your nonsense biometric bull-shizzle"

    Personally, I tend to just keep silent at things like that and see what the computer makes of it. Voice ID is no more secure than anyone being able to hear any such conversation, ever, which is basically "not secure".

    But to be honest, why have 5.1 million people had to call HMRC should be the real question.

    1. macjules

      "For your continued security please provide us with the answers to these 2 simple questions:

      1) What do fish breathe through? (Gill)

      2) What is Britain's favourite drink (Tea)

      Now, in regards to the outstanding £5000 on your tax account how do you wish to plead?

      I have recorded your response of Gill Tea, is that correct?"

  9. Davisch
    Angel

    Ah yes, opt in/out

    Me: I don't want to opt in to your voice recognition service.

    Droid: Of course sir, no problem, I'll flag your account. You'll have to use some way to identify yourself though.

    Me: OK shouldn't be a problem I'll ... (Droid interrupts)

    Droid: Our requirements are that you select a contact office (see attached list) that is at least 30 miles from the address we have for you.

    Carrying your mobile so we can check your location. Proceed on foot for at least 80 percent of the distance required. To avoid possible interference no motorized or metallic conveyance should be used from that point.

    We suggest you proceed as a pedestrian or on horseback. Please time your journey to arrive at the selected office between 03H15 and 03H54.

    On arrival please announce yourself with <secret random passphrase that matched what you wanted you to opt in to>.

    Me: But I wanted to register a change of address from Poland to Manchester.

    Droid: Then you should have started the process a little earlier. The rules require at most 14 days for change of address notification. I'd suggest you go back to Poland and start walking briskly.

    Me: ????

    Droid: I'm sure that answers you question sir, have a nice day, goodbye

    1. Clarecats

      Re: Ah yes, opt in/out

      "To avoid possible interference no motorized or metallic conveyance should be used from that point.

      We suggest you proceed as a pedestrian or on horseback."

      This would require riding bareback or at least without stirrups, on your unshod horse wearing a bitless bridle.

  10. Anonymous Coward
    Anonymous Coward

    Is it me or the more honest your are, the more you are screwed?

    1. Anonymous Coward
      Anonymous Coward

      No, it's not you.

    2. macjules

      That is the golden rule of Capita and (we don't give) ATOS: we don't want to screw people who might actually attack us, so we'll just take all the benefits away from those too meek to argue.

      Looking after someone who has gone through a truly awful back injury and was judged 'fit to work' by ATOS, trust me: I f*cking celebrate every time I hear another Capita employee has been made redundant or another Capita contract has failed. The world is a better place without these bastards.

  11. PhilipN Silver badge

    Key phrase

    Oh I’m disappointed.

    Given we are talking about calls to HMRC, I was hoping for an article praising us Brits’ creation of the world’s largest audio profanisaurus.

  12. Steve Davies 3 Silver badge

    Or...

    You could respond with

    "No speakee the English" in an approximation of Manuel from Faulty Towers.

    Then followed by

    "Не говорите по-английски"

    That should confuse the buggers.

    1. Kevin Johnston

      Re: Or...

      As they are likely to have a good catalogue for phrase matching you could try offering mp3 files for the phrase in Klingon or Esperanto just to really test the system

  13. splin
    Mushroom

    Looking forward to the ICO fining HMRC 4% of it's global turnover. Wonder what they will spend it on?

  14. Anonymous Coward
    Anonymous Coward

    5.1 million people's voiceprints on record

    worry not, they're in the safe hands, protected by the top-world-best-guaranteed-security-systems! They will NEVER get hacked!

  15. Anonymous Coward
    Anonymous Coward

    Information Commissioner's Office confirmed

    that it's writing a VERY angry letter indeed, and is prepared to follow it with the most severe and crippling financial penalties to the tune of (up to) £30K no less!

    by the way, did you hear about those tax increase promised lately? ;)

  16. This post has been deleted by its author

  17. 89724102172714582892524I7751670349743096734346773478647892349863592355648544996312855148587659264921

    Where the heck is the opt out?

    They just sprang it on me with no option to opt out! Annoyed, I tried my Barry White impression which just got a "Sorry I don't speak jive", or somesuch. Then I tried hanging up, hoping I'd lost some kind of phone based lottery but no, same blasted vocal data slurpage into who knows where and for who the hell knows what purpose. Even if they claim to destroy these voiceprints, they'll keep it all squirrelled away because it's too damn (potentially) useful when combined with mass monitoring of phone calls/Voip/street eavesdropping. Or something.

  18. Velv
    Coat

    Penalties for breach of GDPR

    Up to €20,000,000, or 4% of annual turnover, whichever is higher.

    HMRC Annual Report 2017, £574,000,000,000 (£574billion) total tax revenues

    4% fine is £22billion

    So that’s where the government is getting the extra funds for the NHS #sarcasm

  19. steviebuk Silver badge

    Call them up and say...

    "my voice is my password verify me"

  20. Anonymous Coward
    Anonymous Coward

    So....about these recordings.....

    ..... which my room mate has made of John Humphries (Radio 4) and Fiona Bruce (BBC TV). It's been fun watching the use of Audacity to edit these into useful chunks and then seeing the phone call to HMRC about tax matters. They're working on Theresa May and Boris Johnson right now. Jeremy Hunt is in the list, and Jacob Rees-Mogg too.

    *

    Isn't technology wonderful?

    1. Velv

      Re: So....about these recordings.....

      Q division got there years ago. Diamonds Are Forevery anyone?

      But seriously. Is there a deep fake available yet that can voice change as we speak?

    2. Anonymous Coward
      Anonymous Coward

      Re: So....about these recordings.....

      .....and it's not just your room mate.....Interpol is doing EXACTLY the same thing, except on a somewhat larger scale:

      -https://theintercept.com/2018/06/25/interpol-voice-identification-database/

      Your tax euro, your tax pound at work!!!!

  21. JaitcH
    FAIL

    Don't Talk To Me - I'm Hard Of Hearing (Wink, Wink) - Use Text!

    When I found out all Passport pictures were captured to a computerised database. I progressively changed my appearance with Photoshop over a few years (I usually have to renew every 12-18 months when filled) until a company biometric scanner rejected me. (The US has donated numerous cams to Third World countries).

    Then the renowned money launderers, HSBC, surreptitiously introduced 'voice analysis' - without announcement - although their technicians mentioned it in technical magazines.

    There are two practical ways to defeat these 'voice analysis' systems. One is to make calls with a radio or other disruptive variable tones in the background. The other is the use electronic filters to narrow a telephone calls bandwidth (especially raising the bass) or a Tremolo unit to distort the voice.

    Mind you, when conversing to an overseas HSBC Call Centre, the lines are so poor the systems don't function.

    There is little more personal than biometric data.

    1. Clarecats

      Re: Don't Talk To Me - I'm Hard Of Hearing (Wink, Wink) - Use Text!

      "There are two practical ways to defeat these 'voice analysis' systems. One is to make calls with a radio or other disruptive variable tones in the background."

      I'm reading this with a large truck reversing outside the window, making a nice loud beep - beep. Hardly my fault if I make the call now.

      Puzzled as to why / how you were altering your appearance with Photoshop. Maybe better not to know.

  22. Anonymous Coward
    Anonymous Coward

    A majority of response are missing the broader Privacy implications of using Biometrics..

    Biometric profiles (of any kind) are regarded as personal data IE used to identify an individual – that is the easy bit over! The global wave of privacy concerns may be the 'Achilles heel' of the ‘convenience’ story proposed by the Biometric movement.

    Early experiments with citizen ID systems (too many to mention) did not have quite so many problems as the potential benefits outweighed any downside IE registration and clunky authentication. Now that Biometrics are being deployed to reduce friction of authentication, we are seeing real problems as the persistence of Biometric profiles is mutually exclusive with Privacy!

    India has Aadhaar, one of the world’s largest national ID systems is beset with verification problems when using biometrics, recently a process to register with mobile network operators with biometrics was suspended because of ‘Biometric Phishing’!

    Privacy concerns are going to be a big issue whenever Biometrics are deployed, the inevitable standardization governing profile (3 – 5 year’s time) will only make things worse, once a Biometric profile is on the dark web, it is gone for life as a reliable credential.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like