HMRC’s Hidden Behaviour Database: How Civil Servants Profile Every Taxpayer

The brown envelope arrives with the familiar HMRC frank. Inside, a letter mentions you've been "selected" for review. Not an investigation—just a gentle reminder to check your returns. The tone is polite, almost helpful. You might have undeclared income from that Airbnb listing, the letter suggests. Others in your position have already come forward. Don't you want to do the right thing?

What the letter doesn't mention is how you ended up receiving it. HMRC didn't pick your name from a hat. You've been assigned a behavioural risk score, calculated by artificial intelligence comparing your tax returns against 55 billion pieces of data. Your payment patterns, industry sector, income fluctuations, and demographic profile have been fed into an algorithm designed by psychologists. The system has decided you're worth nudging. Whether you comply, how quickly you respond, even the tone of your reply—all of it feeds back into the database, refining your psychological profile for next time.

This is HMRC's behavioural profiling programme, one of the largest applications of psychological manipulation in Europe. Nearly every adult taxpayer in Britain has been categorised, scored, and placed into a risk band. The programme operates without statutory authority, without public notification, and without meaningful parliamentary oversight. It is state-level psychological engineering, hidden in plain sight behind the bureaucratic language of "compliance improvement" and "service enhancement."

The Machinery of Mass Psychological Profiling

HMRC's approach rests on two interconnected systems. The first is Connect, a vast data warehouse built by BAE Systems and managed in partnership with Capgemini. Originally costing £45 million when launched in 2010, the system has since expanded to hold what HMRC describes as 55 billion items of taxpayer data, drawn from more than 130 sources. These range from bank records in 60 countries to Land Registry files, credit card transactions, online marketplace activity, social media posts, and travel data. Connect uses artificial intelligence to cross-reference this information against tax returns, flagging discrepancies and assigning risk scores to individual taxpayers.

The second system is less visible but arguably more invasive: the Behavioural Insights approach. Originally pioneered by the Behavioural Insights Team—a unit established within 10 Downing Street in 2010 before being part-privatised in 2014—this framework uses psychological profiling to determine how HMRC communicates with different categories of taxpayer.

The methodology divides the population into behavioural segments based on their compliance history, demographic characteristics, and perceived psychological vulnerabilities. HMRC then deploys carefully crafted "nudge letters" designed to exploit cognitive biases and emotional triggers specific to each segment.

The integration of these systems creates something unprecedented in British administration: automated psychological profiling at population scale. Connect identifies potential non-compliance; behavioural profiling determines the psychological intervention most likely to secure compliance without formal investigation.

During the 2023/24 tax year alone, these nudge letters generated 6 million amended returns and £448 million in additional tax revenue. The cost to HMRC was negligible. The cost to principles of transparent governance is harder to calculate.

Is any of this given in law? Does the government have the lawful authority to conduct mass psychological experiments on its citizens?

No.

The Pseudoscience of Nudge Theory

The intellectual foundation for this programme is "nudge theory," popularised by behavioural economist Richard Thaler and legal scholar Cass Sunstein in their 2008 book "Nudge: Improving Decisions About Health, Wealth and Happiness".

The core proposition is deceptively simple: by restructuring the "choice architecture" in which people make decisions, governments can influence behaviour without coercion. Rather than banning unhealthy foods, you place fruit at eye level in supermarkets. Rather than mandating pension contributions, you auto-enrol employees whilst allowing them to opt out.

Nudge theory rests on dual-process theory, which posits two systems of cognition.

System 1 operates automatically, relying on mental shortcuts and emotional responses. System 2 engages in slow, deliberate reasoning.

Nudges target System 1, exploiting cognitive biases to steer choices in a desired direction before rational deliberation can intervene. Proponents describe this as "libertarian paternalism"—paternalistic because it guides people towards what authorities deem beneficial, libertarian because options remain technically available.

The theory faces serious empirical and normative problems. Meta-analyses of nudge studies have found weak or non-existent effects, with evidence of systematic publication bias—researchers selectively publishing successful trials whilst burying failures.

When nudges do work, effects often prove temporary, fading once the intervention ends. More fundamentally, the underlying model of human cognition is contested. Critics point out dual-process theory oversimplifies the complexity of human decision-making, reducing it to a binary of fast/emotional versus slow/rational thinking.

Even if nudges worked reliably, their use by government raises profound ethical problems. Nudge theory assumes authorities can correctly identify what citizens "really want" or what serves their best interests, then manipulate their environment to achieve those outcomes. This requires value substitution: policymakers' preferences replacing individuals' revealed preferences. When HMRC nudges you to declare income, it presumes to know your true preference is tax compliance, even if your behaviour suggests otherwise (as it should, tax is organised theft). This paternalism sits uneasily with democratic principles of autonomy and self-determination.

The manipulative character of nudging compounds the problem. Nudges work best when invisible. Once you realise you're being nudged—that the fruit is at eye level for psychological rather than logistical reasons—the effect dissipates.

Transparency undermines efficacy. This creates an incentive for opacity, for what legal scholars have termed "hidden steering." Government influences your choices in ways you cannot detect, cannot evaluate, and cannot meaningfully resist. You remain technically free to choose, but your decision-making environment has been architected to make certain choices more cognitively accessible than others.

HMRC's Psychological Playbook

HMRC's internal guidance, shaped by collaboration with the Behavioural Insights Team, instructs officials to deploy specific psychological techniques when crafting nudge letters.

1. The most prominent is social norm messaging: telling taxpayers most people in their position have already complied. One trial message stated nine out of ten people pay their tax on time, subtly framing non-compliance as deviant.
2. Another variant reminded recipients they were not part of the compliant majority, leveraging shame and social pressure.
3. A third approach emphasised public goods, describing how tax revenue funds hospitals and schools, whilst warning of poor social outcomes if payments aren't made.

Unsurprisingly, fear-based messaging features heavily in HMRC's arsenal. Letters to taxpayers suspected of involvement in tax avoidance schemes mention HMRC's 80% success rate at tribunal, discuss the bad publicity from negative rulings, and warn of escalating penalties. The stated purpose is "helping" taxpayers understand their position, but the psychological function is intimidation.

One parliamentary submission in 2016 documented how HMRC divided citizens into five experimental groups, testing which letter formulation would most effectively pressure them to abandon legal disputes and settle without litigation.

Guilt framing is equally deliberate. Letters ask taxpayers to confirm they have reviewed their affairs "to the best of their knowledge and belief," a phrasing designed to trigger self-doubt and conscientiousness. Some include "Certificates of Tax Position" with no statutory basis, creating the appearance of legal obligation where none exists. The certificate becomes a psychological commitment device: once you've signed confirming compliance, cognitive dissonance makes you more resistant to later revisiting that position, even if circumstances change.

Rather than generic communication, nudge letters address taxpayers by name, adopt informal closings ("with kind regards"), and reference specific details of their affairs—an Airbnb listing, a dividend from a particular company, travel to a certain country. This creates the illusion of individualised attention, suggesting HMRC knows more about you than it necessarily does. The effect is to make taxpayers feel uniquely observed, under scrutiny, when in fact they're recipients of mass-produced letters generated by algorithmic profiling.

Critically, HMRC frames nudge letters as "non-coercive."

They are not formal enquiries; recipients face no legal obligation to respond. This framing is misleading. Whilst technically voluntary, ignoring a nudge letter creates risks taxpayers cannot fully evaluate. Will HMRC escalate? Will penalties increase? The uncertainty itself functions as pressure.

And because nudge letters bypass tax agents in many cases, contacting taxpayers directly, they catch individuals without professional advice, making them more vulnerable to psychological manipulation.

Zero Statutory Authority, Anywhere

Here is the uncomfortable truth: there is no statutory basis for behavioural profiling of taxpayers. HMRC's powers to collect tax are extensive and well-defined. Schedule 36 of the Finance Act 2008 grants authority to request information from taxpayers and third parties. The Commissioners for Revenue and Customs Act 2005 establishes HMRC's core functions and imposes a statutory duty of confidentiality. Various Finance Acts set out penalties for errors, failures to notify, and deliberate evasion.

Nowhere in this legislative framework is there provision for psychological profiling, behavioural segmentation, or the use of cognitive manipulation techniques.

HMRC has simply assumed these powers as ancillary to its statutory functions. The logic appears to be:

• we are authorised to collect tax;
• we may use any method not explicitly prohibited;
• therefore we may psychologically profile taxpayers and deploy behavioural interventions designed to manipulate their compliance decisions.

This represents a significant expansion of executive power through administrative action, without parliamentary approval.

The absence of statutory authority matters for several reasons. First, it means the programme lacks democratic legitimacy. Parliament never debated whether HMRC should categorise taxpayers by behavioural risk, never weighed the privacy implications, never set boundaries on permissible psychological techniques. The programme emerged from executive initiative, shaped by collaboration with private consultancies and academic psychologists, operating in a legal grey zone between authorised enforcement and unauthorised manipulation.

Second, it creates accountability deficits. Without statutory provision, there are no mandated safeguards, no transparency requirements, no appeals mechanisms, no parliamentary oversight committees. The Information Commissioner's Office regulates HMRC as a data controller under data protection law, but this provides only limited protection against profiling practices. HMRC must process personal data lawfully and proportionately, but it can argue behavioural profiling serves its legitimate interest in tax collection. There is no dedicated oversight of whether the psychological techniques deployed are ethical, effective, or compatible with principles of fair administration.

Third, the statutory void enables mission creep. What begins as "nudging" taxpayers to check their returns can evolve into more invasive interventions. HMRC already uses Connect to trawl social media and email in criminal investigations. The behavioural profiling infrastructure could, in principle, be extended to predict which taxpayers are most likely to evade, who will respond to threats versus appeals to duty, which psychological vulnerabilities make someone susceptible to pressure. The absence of statutory constraints means these developments occur through internal policy decisions, invisible to public scrutiny.

Some will argue statutory authority is unnecessary because nudging preserves freedom of choice. You can ignore the letter; you can refuse to amend your return. This argument misconceives the nature of manipulation.

Manipulation succeeds precisely when it operates below the threshold of conscious awareness, when choices feel freely made even as they're being steered. The fact you remain technically free to resist doesn't mean the intervention is ethically unproblematic.

The law regulates fraud, duress, and undue influence even though victims could theoretically have resisted. Manipulation matters because it undermines the conditions for autonomous decision-making.

What Parliament Doesn't Know

Parliamentary oversight of HMRC focuses primarily on revenue collection, tax policy, and high-level strategy. The Public Accounts Committee examines HMRC's performance against targets. The Treasury Committee scrutinises tax administration and customer service. Neither has established ongoing oversight of behavioural profiling practices.

When HMRC has presented evidence to parliamentary committees, it has emphasised the effectiveness of its compliance programmes—how many additional returns filed, how much revenue recovered—without detailing the psychological techniques deployed.

A 2012 presentation to the Public Accounts Committee is illustrative. HMRC described an experiment dividing taxpayers involved in tax avoidance into five groups, each receiving differently worded letters. The purpose was to test which formulation would most effectively persuade taxpayers to withdraw from litigation and settle. HMRC presented this as innovative compliance work.

What it didn't explicitly draw to the committee's attention was the manipulative intent: using behavioural psychology to pressure citizens to abandon their legal right to have their cases heard by a tribunal.

Four years later, a parliamentary submission asked what efforts HMRC had made to actually litigate the tax strategy in question. The answer appeared to be: none. Psychological manipulation had substituted for legal process.

The focus in public-facing documents is always outcomes: X number of taxpayers came forward, Y million pounds recovered. The methodology—how those taxpayers were profiled, what psychological techniques were used, what safeguards apply—remains opaque. HMRC publishes high-level strategy documents describing its commitment to "making it easy to get tax right." It does not publish the internal guidance on fear-based messaging, guilt framing, or social pressure tactics.

The House of Lords Science and Technology Select Committee examined behavioural change interventions in 2011 and noted ethical concerns. It recommended policymakers consider the acceptability of behaviour change techniques when implementing them, but provided no mechanism for ensuring this happens. It suggested appointing a Chief Social Scientist to provide independent expert advice, but this recommendation hasn't resulted in meaningful oversight of programmes like HMRC's nudge letters.

The structural problem remains: behavioural interventions can be designed, tested, and deployed through administrative action, without legislative debate or parliamentary scrutiny.

MPs and peers who raise questions about specific nudge campaigns receive reassurances about proportionality and data protection compliance. But there is:

• No formal mechanism for ongoing parliamentary review of the behavioural profiling programme as a whole.
• No requirement for HMRC to publish annual reports on its psychological interventions.
• No independent evaluation of whether the techniques deployed are ethically appropriate.
• No forum where taxpayers can challenge their behavioural risk scores or demand to know what profile has been assigned to them.

Psychological Influence Without Democratic Authorisation

The implications extend beyond tax administration. HMRC's programme demonstrates how government can leverage behavioural psychology and mass data collection to influence citizen behaviour on a population scale, without new legislation, without public debate, without formal accountability mechanisms.

If this approach succeeds in tax, why not extend it elsewhere?

Over 200 governments worldwide now operate behavioural insights units. Australia, Canada, the United States, Singapore, and numerous European countries have established teams dedicated to applying nudge theory to public policy.

The UK Behavioural Insights Team, having proven the concept within government, has commercialised the model, selling its expertise globally. The result is a proliferation of psychological profiling programmes operating in the administrative sphere, below the threshold of legislative attention.

The pandemic provided a preview of how far this can extend. Governments deployed behavioural insights to encourage mask-wearing, social distancing, and vaccination.

Some interventions were straightforward: clearer signage, simplified booking systems. Others crossed into emotional manipulation: fear-based messaging designed to boost compliance, social pressure campaigns suggesting non-vaccinators were selfish, withholding of information to shape public perception of risk.

These techniques were rarely subject to parliamentary debate; they emerged from collaboration between public health officials, communications specialists, and behavioural psychologists, operating under emergency conditions with minimal oversight.

The concern isn't that government seeks to influence behaviour. Regulation always shapes choices; law always affects conduct.

The concern is the mode of influence: covert psychological manipulation, targeted at individuals based on profiling they're unaware of, using techniques designed to bypass conscious deliberation.

This represents a fundamental shift in the relationship between citizen and state, from transparent rule-setting to hidden persuasion, from regulation you can see and potentially resist to nudging you cannot detect until it's already shaped your choice.

Critics sometimes dismiss these concerns as paranoia, suggesting behavioural insights merely improve service delivery. But the question isn't whether nudging can achieve policy goals; it's whether government should exercise psychological influence without democratic authorisation.

The absence of malign intent doesn't resolve the accountability problem. Well-meaning officials can still overstep appropriate bounds. The infrastructure built for tax compliance can be repurposed for other ends. What begins as helping people save for retirement can evolve into manipulating political attitudes, consumer behaviour, or social conformity.

We face a choice. Either we accept that government may psychologically profile and manipulate citizens without statutory authority, parliamentary oversight, or public consent—in which case we should acknowledge this marks a significant departure from principles of democratic accountability.

Or we insist that population-scale psychological interventions require the same legitimacy as other exercises of state power: legislative authorisation, defined safeguards, transparency about methods, and mechanisms for redress.

A Path To Democratic Legitimacy

Reform must begin with statutory regulation. If the state must spend money on this garbage, Parliament should establish a legal framework governing behavioural profiling by government agencies, defining permissible techniques, mandatory safeguards, and oversight mechanisms. This framework should require:

1. Transparency about profiling practices. Citizens have a right to know when they're being psychologically profiled, what data informs their categorisation, and what behavioural risk score has been assigned. Opacity enables manipulation; transparency restores agency.
2. Limits on manipulation techniques. Not all nudges are equally problematic, but fear-based messaging, guilt framing, and social pressure tactics deployed without consent cross ethical lines. The law should prohibit psychological techniques designed to bypass rational deliberation or exploit emotional vulnerabilities.
3. Parliamentary oversight. A dedicated select committee should review behavioural profiling programmes across government, examining methodology, effectiveness, and ethical implications. Annual reporting requirements would ensure ongoing scrutiny rather than one-off inquiries.
4. Independent ethical review. Before deploying new behavioural interventions, agencies should submit proposals to an independent ethics committee with expertise in psychology, data privacy, and public administration. This committee would assess whether the intervention is proportionate, necessary, and compatible with principles of autonomous decision-making.
5. Rights of challenge and redress. Individuals should be able to challenge their behavioural risk scores, demand explanations for why they received particular communications, and seek redress if profiling was inaccurate or communications misleading. The current system offers no mechanism for contesting the algorithmic determinations that shape your interactions with HMRC.

Some will argue this would make tax administration less effective, that HMRC needs flexibility to optimise compliance strategies, that regulatory constraints would reduce revenue collection. This trades democratic accountability for administrative convenience.

The question isn't whether behavioural profiling can collect tax; it's whether we want a government that secretly manipulates rather than openly regulates its citizens.

Effectiveness doesn't justify procedural shortcuts, particularly when those shortcuts concentrate power in the executive and operate beyond parliamentary control.

Others will suggest the solution is simpler: better data protection enforcement. But data protection law regulates how personal information is processed, not whether psychological manipulation is democratically legitimate. HMRC can comply with data protection requirements whilst still deploying manipulative techniques. The problem isn't unauthorised data access; it's unauthorised psychological intervention.

The fundamental issue is democratic legitimacy. When government exercises power over citizens—through taxation, regulation, prosecution—it must do so through transparent processes, authorised by law, subject to oversight.

ehavioural profiling circumvents these requirements, exercising psychological influence through administrative action that looks like service improvement but functions as manipulation.

If Parliament believes HMRC should psychologically profile taxpayers, let it pass legislation saying so, with defined boundaries and safeguards. If Parliament is unwilling to authorise this explicitly, HMRC shouldn't assume the authority implicitly.