QUESTION TIME | Even as Health Minister Khairy Jamaluddin prepares to make his explanations on the continuation of MySejahtera today at the Dewan Negara, more questions keep piling up for him to address, including issues of foreign ownership of the app and whether it is indeed necessary anymore.
Before we go into those questions, a quick recap of some of the latest news articles that have emerged since we pointed out holes in his statement on Tuesday and an outline of the issues.
The outrage arises over the proposed assignment of a continuation contract to MySJ which is supposedly linked to the original developers of the app, KPISoft Sdn Bhd, now known as Emtomo Malaysia Sdn Bhd. Here is a good factual explanation of the whole episode.
MySJ is reported to be the vehicle of Entomo for the public-private partnership of MySejahatera. Controversially among its directors are prominent people such as Eco World Development Group Bhd executive chairperson Liew Kee Sin and executive director and chief financial officer Heah Kok Boon, alongside Sapura Energy Bhd founder and former chief executive officer Shahril Shamsuddin. Also among the directors is Bersatu disciplinary board chairperson Megat Najmuddin Megat Khas.
Health portal Code Blue also reported that MySJ agreed to pay RM338.6 million for the rights to the intellectual property associated with the app in October 2020 and these rights will continue until the end of 2025.
It now transpires that Entomo is wholly owned by a Singapore-registered company. According to a company search on Singapore’s Accounting and Corporate Regulatory Authority (ACRA) by Code Blue, Entomo Pte Ltd has four directors: Malaysian Raveenderen Ramamoothie; Singaporeans Tan Seng Hong and Finian Tan; and Indian national Naveen Pralhad Deshpande.
Raveenderen is also Entomo Pte Ltd chief executive officer, based on the ACRA record. According to Entomo’s website, Finian Tan is chairperson, whereas Naveen is co-founder and chief operating officer, the report said.
The five additional questions for Khairy then are:
1. How did a CSR for the app end up being wholly owned by a Singaporean-registered company?
Although the selection of the company was done by an agency of the PM’s Department, National Cyber Security Agency or NACSA, Khairy as the government spokesperson, must explain why such a sensitive task involving national security was given to a company which was and is wholly-owned by a Singaporean-registered company.
The public needs to know how such a selection was made and why there appears to be serious security lapses in the selection of the company to develop the MySejahtera app which contains details of the movement and spending patterns of all Malaysians.
For instance, a person who has access to the data will have access to all the public places that Khairy visited and by cross-checking can make a reasonable assessment of who accompanied him. Which leads us to the next question.
2. Does this mean that a foreign country could have access to key data on basically all Malaysians?
It is more plausible the data, because the ultimate owner of the app developer is foreign, can fall into foreign hands. It could be sold to foreigners, including countries. So it is entirely possible that the data through the app can eventually go to anyone.
Khairy assures us that the data belongs to the government and will not be permitted to be used for any other purpose. But in practice, this is easier said than done. Which leads us to the third question.
3. How can you ensure data security in the first place?
If you have an external developer which seems not even to be a professional firm with systems in place and controls to ensure there is no data breach (the companies are all just a few years old and don’t have shareholders who have major standing), data breaches can occur at any point in data gathering.
In fact, it is possible that at this point in time, the data has already been transferred. If external hackers can steal data from US computers and banks, it will be a cinch for an app developer who has free access to all data to simply transfer the data a long time ago.
Neither Khairy nor the government is in a position to give an assurance that data has not already been stolen. The controls for a system like this should have been done a long time ago with the use of professional, accredited agencies. Even that only reduces the chances of a security breach working for a government company or organisation.
4. How can you ensure the price will not be at least RM338.6 million?
Khairy talks about the eventual price for the continuation of the app to be far less than the RM338.6 million used for the purchase of the app by MySJ. That, however, makes no financial sense to MySJ who is likely to have been given assurances over the continuation of services at an attractive rate.
There is one other approach which the government should seriously consider - get rid of MySejahtera altogether. Which leads to our final question.
5. Do we really need MySejahtera anymore?
As all controls associated with the Covid-19 pandemic are being slowly withdrawn, it might be better to scrap MySejahtera altogether and simply destroy the previous information which has been gathered.
The focus should be just ensuring that people are double-vaccinated and boosted to gain entry to public places. This can easily be done by a simple downloading of vaccine and boosting certificates. If necessary, this can be done via a far simpler and way cheaper app which does not store sensitive info.
There was a previous need for MySejahtera because of the heavy reliance on contact tracing and isolation to prevent the spread of the disease. This has been largely abandoned.
Ultimately, scrapping MySejahtera and destroying non-relevant data altogether may be the best solution to this conundrum, avoiding needless worry over large expenditures, data mining, and the compromise of privacy to big brother.
But that would take a brave government and a responsible one to do it. Right now, we don’t have one. - Mkini
P GUNASEGARAM, a former editor at online and print news publications, and head of equity research, is an independent writer and analyst.
The views expressed here are those of the author/contributor and do not necessarily represent the views of MMKtT.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.