Slashdot Mirror

← Back to Stories (view on slashdot.org)

Voices of Millions of UK Taxpayers Stored By HMRC (bbc.co.uk)

Posted by BeauHD on from the can-you-hear-me-now dept.

AmiMoJo shares a report from BBC: The voices of millions of taxpayers have been analyzed and stored by HM Revenue and Customs (HMRC) without consent, privacy campaigners say. Big Brother Watch says HMRC's Voice ID system has collected 5.1 million audio signatures and accuses the department of creating "biometric ID cards by the back door." The Voice ID scheme, which was launched last year, asks callers to repeat the phrase "my voice is my password" to register. Once this task is complete, they can use the phrase to confirm their identity when managing their taxes.

4 of 90 comments (clear)

  1. Without consent? by Anonymous Coward · · Score: 5, Insightful

    I don't love the idea of companies collecting biometrics, but what did people think was going on when they repeated the phrase in order to register? Did they think a person was on the other end that was going to remember their voice?

    1. Re:Without consent? by AmiMoJo · · Score: 5, Insightful

      Under EU derived UK law HMRC is required to completely inform the user of what data is stored and how it will be used, including if it will be shared with any other organization. Not only did they fail to do so, but have admitted storing the actual recordings rather than just the metadata which strongly suggests that their system is badly designed and insecure.

      The recordings represent a massive and unnecessary security risk, because anyone with access to them an impersonate any user of the system. Like passwords they should just store an irriversible hash of the metadata.

      This kind of system is fine if it is done properly and legally, but that means fully informing the users and properly controlling the data.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Without consent? by Anonymous+Brave+Guy · · Score: 3, Insightful

      It's often said that biometrics are user IDs, not passwords. Perhaps that's a little simplistic, but for practical purposes it's probably a better analogy.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  2. Oh come on now, that's just dumb. by sabbede · · Score: 2, Insightful
    The phrase itself lets people know exactly what's going on. In no way is it a "backdoor biometric ID card". That's just so mind-bogglingly stupid I don't know what to do with it.

    It's a convenience for taxpayers and probably a lot easier to use than having to remember a PIN that gets used once a year (listen up IRS).