Further questions are pouring in over the Health Ministry’s MySejahtera app, reviving previous concerns over who really owns and controls the app and the kind of data gathering and processing power that the app has, its value and what it can be harnessed for.
Preliminary back-of-the-envelope calculations we have done and industry reports and conversations with those in the business indicate that the value of the data, especially when it is processed, can be in the billions of ringgit.
Latest revelations by medical news portal Code Blue have opened yet another can of worms by exposing court documents which suggest that MySJ owns the MySejahtera platform and intellectual property (IP) rights.
Code Blue reported: “According to the August 27, 2021 share sale agreement in respect of MySJ, the OEM software licence agreement between Entomo Malaysia and MySJ grants MySJ an exclusive, sub-licensable, and perpetual licence to the MySejahtera app, as well as a non-exclusive, non-transferable, non-sublicensable right and perpetual licence to use the KPISoft software.”
But it clarifies that Entomo is the “developer and legal and beneficial owner of the KPISoft software”.
The share sale agreement described MySJ as the owner of the platform, through which the MySejahtera app operates, for the Malaysian government to manage the Covid-19 outbreak.
Direct contradiction
According to Code Blue the agreement states further that MySJ “is and shall be the legal and beneficial owner of all rights, title and interest in and to such additions, enhancements, changes, modifications, including introduction of new or changes in features to the MySejahtera application or made to the KPISoft software for the MySejahtera application, save and except that the rights, title and interest in and to the KPISoft software and its trademarks shall be retained by Entomo”.
This is in direct contradiction to what Health Minister Khairy Jamaluddin said in the Dewan Negara last Thursday that the government owns MySejahtera and all its associated developments.
The revelations indicate that this was not an ordinary corporate social responsibility (CSR) project but what was at stake was the entire app itself and probably all the associated data which goes together with it. That appears to be the ultimate aim of the original companies.
Our two previous articles on scrapping MySejahtera and the holes in Khairy’s clarification give the background to the issues. This time we focus on the potential value of MySejahtera.
Briefly, Entomo Malaysia Sdn Bhd, formerly KPI Soft, has sold or is in the process of selling MySejahtera for RM338.6 million to MySJ. Big names are involved.
According to reports, MySJ directors include Eco World Development Group Bhd (EcoWorld Malaysia) executive chairman Liew Kee Sin and executive director and chief financial officer Heah Kok Boon, alongside Sapura Energy Bhd founder and former chief executive officer Shahril Shamsuddin.
Also, on MySJ’s board of directors is Bersatu disciplinary board chairman Megat Najmuddin Megat Khas, who currently also serves as non-executive chairman of Sime Darby Plantation Bhd and recently listed Farm Fresh Bhd.
A data goldmine
The major concern is data. There are 38 million users of My Sejahtera, according to reports. Data for virtually all Malaysian adults is available - which restaurants they go to, which supermarkets, which departmental store, which pharmacy and so on.
And the app also has access to some five to 10 million outlets - who goes there, when, etc. It is possible to draw up profiles for each Malaysian adult and up to 10 million outlets. That’s very powerful marketing info.
Khairy assures us the data is protected but how can you ensure this is safe when the app developer constructs the app and has access to all data. How is it possible to ensure that this data cannot be syphoned off and sold?
He denied the government will pay over RM300 million for the app but this is what the new buyers are paying for the intellectual property rights. The government may pay less than RM300 million for the continuation of the service but it looks like MySJ is willing to pay such a high price because of the data which is in the system.
The ongoing data gathering is valuable and will give profiles of both consumers and suppliers, providing highly saleable market intelligence. You can potentially come up with a spending pattern for every adult in Malaysia and you can track who he or she went out with and where. You can tell which were the outlets most visited and how many people visited them which can be used for all kinds of commercial purposes.
Statistics indicate the number of Malaysian adults at over 22 million - add on at least four to six million foreigners and the figure goes up to 28 million. If data on each person is worth RM100, that amounts to RM2.8 billion. Add perhaps another five million establishments at RM200 each, and you have a further RM1 billion, to make in all RM3.8 billion.
The RM100 per person and the RM200 per establishment is arbitrary but conservative based on estimates of data prices from this article where costs of personal data can range from three US cents for basic identity data to as much as US$250 per person for health records. MySejahtera records go far beyond identification data and give consumer spending patterns for each individual with proper data mining as well as patronage patterns for establishments. Thus, it is worth a lot potentially.
Scrap the app
It is very big money. The government was rather remiss in not ensuring that everything was properly done earlier and to ensure data security. Khairy said there is a non-disclosure agreement (NDA) which ensures that the data belongs to the government.
Really, an NDA - which is precursor to a full agreement to ensure confidentiality? Why not a proper agreement? And why was there no such agreement?
It is clear that the intention was not CSR in the first place but to get valuable data, data which has not been collected before on this scale in Malaysia which involves virtually all Malaysian adults, foreign workers and expatriates and millions of tourists.
The data can be mined to show details of these people which is much more than identity card and passport numbers but detailed travel and spending patterns.
There are just too many holes. It is best to just scrap the app after it has outlived its usefulness and move on to a simple one showing vaccination status and a bill of health for entry. And ensure that whatever data remaining is deleted. Investigations should be conducted to see if data leaks occurred and if they did, directors must be held responsible and brought to book.
The total lack of competence over this entire process is simply astounding and incomprehensible which warrants a special investigation as to why there were no checks and balances put in ahead of approving this so-called CSR project.
But it would take an honest government to implement these. We don’t have that. - Mkini
P GUNASEGARAM, a former editor at online and print news publications, and head of equity research, is an independent writer and analyst.
The views expressed here are those of the author/contributor and do not necessarily represent the views of MMKtT.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.