By Chan Foong Hin

KUALA LUMPUR, Malaysia--I am not surprised that Putrajaya seemed to be confused about which agency decided about MySejahtera app's development and procurement. 

This is because all the decisions seemed to have been made by the National Security Council (NSC) which seems to have the power to bypass even the cabinet in the name of “national security”.

Apparently, the development of the MySejahtera app began after the Ministry of Health (MOH) asked for assistance from the National Cyber Security Agency (NACSA) and the Malaysian Administrative Modernisation and Management Planning Unit (Mampu) in contact tracing of people during the Covid-19 pandemic, and they just so happen to identify KPISoft’s app as being the best for purpose and decided to make all Malaysians use it.

This "just so happen" decision, regardless who made it, was put into force by the NSC.

On 9 February 2021, the then Senior Minister of Defence Datuk Seri Ismail Sabri Yaakob, under the powers granted to him by the NSC, announced that the use of the MySejahtera app has become mandatory in those areas with high-speed internet access as to boost contact tracing efforts should any positive Covid-19 cases be linked to a particular premises.

The fact that there is no formal contract entered between the government and KPISoft (now Entomo) for the usage of the MySejahtera app is shocking. KPISoft’s Corporate Social Responsibility (CSR) is only between 27 March 2020 to 31 March 2021, but there is nothing to regulate the usage of the data obtained during this period.

In a civil suit filed by P2 Asset Management, circa November to December 2020, Entomo Malaysia had submitted a proposal and had written letters to the government, pleading to the government to agree to a commercial model for the continued use of the MySejahtera App, by way of either a Public-Private partnership, or a service contract between the government and MYSJ. The government did not agree.

Either way, the government is now stuck as the data belongs to KPISoft and that the government had to take it away from KPISoft. Khairy previously said a sum “much lower than RM300million” will be paid to do so.

However, it is even more shocking that nobody, not even the NSC, is willing to owe up whose oversight was it to have no contract whatsoever with KPISoft. This oversight has costed Malaysians a sum “much lower than RM300million” but clearly in the region of “millions”.

All the check-ins and check-outs will reveal what places a person would usually frequent, and these are sensitive datas, like for example a person’s frequent check-ins into his or her church / mosque premises reveal his or her religious beliefs, a person’s frequent check-ins into a certain hotel may lead to khalwat allegations, etc.

It is odd that the NSC as the guardian of national security seems to be sorely unaware of such a national security breach and is now washing its hands off this hot potato.

Perhaps it is time to put a stop to such usage of MySejahtera as clearly it is just a matter of time the data would be misused commercially, perhaps even to the detriment of national security. 
Furthermore, it is time to scrutinize NSC's role in this clear oversight in having no contract with KPISoft. As the saying goes, "harapkan pegar, pegar makan padi".

*Chan Foong Hin is the Kota Kinabalu MP.*