MySejahtera - the enemy of the state?
Manivanan Gowin07 Apr 2022 12:38pm
Manivanan Gowin says MySejahtera could pose serious privacy and security issue to the nation.
In the past weeks, Health Minister Khairy Jamaluddin said that the use and management of MySejahtera data are subject to the Prevention and Control of Infectious Diseases Act of 1988 [Act 342], the Medical Act of 1971 [Act 50], and the international standards.
Khairy said the National Security Council had on behalf of the government entered into a non-disclosure agreement with KPISoft (M) Sdn Bhd (now known as Entomo Malaysia) on 1st April 2020, on terms agreed upon by both parties before the government launched the MySejahtera application on 20th April 2020.
We must not forget that the CSR agreement ended with the government on April 1, 2021 . There have been allegations claiming that the government had been paying Entomo Malaysia Sdn Bhd, the company responsible for managing the application, for its services since last year.
Khairy also said that all the information and data in the MySejahtera application are fully owned by the government and guaranteed that all data stored in the MySejahtera database will be preserved and used only for the Covid-19 pandemic.
According to the Companies Commission of Malaysia (SSM), the current sole shareholder of Entomo Malaysia Sdn Bhd – which owns the software to develop MySejahtera – is a company registered and based in Singapore, Entomo Pte Ltd.
In addition to the issue of who is managing MySejahtera and its cost, and whether there’s foreign ownership and interest in the app and its components; there is another vital area that ‘rakyat’ should be concerned about - the tracking feature.
MySejahtera could pose serious privacy and security issue to the nation.
As we know, among the requirements of individuals to make the MySejahtera contact tracing more effective since late last year, was to switch on ‘Bluetooth’ on the smartphone as it is claimed that the feature is an added preventive measure on Covid-19.
After consulting security and ICT experts, it is apparent that the app stores checking-in records at places or locations by using the QR code.
It is also able to act as a mobility tracking and provide an access to the government to store the movement records of every individual via the MySejahtera, especially those who switched on the ‘Bluetooth’ alongside ‘location info’ at all times on their smartphones.
Everyone adheres to it including the VIPs, celebrities, and common folks.
It is clear that many MySejahtera holders don’t switch off or forget to disable the ‘Bluetooth’ and ‘location info’ after visiting retail shops, food outlets, places of worship, and all location that requires one to scan before entering the premises.
With such tracking features, it provides easy access to those in control of the app and has the upper hand in knowing the places individuals went to – for business, leisure, or personal purpose - and up to their residential place at the end of the day.
Without realising it, I strongly believe the MySejahtera app is directly posing serious privacy, personal safety, and security issues to the nation.
Since the government is already opening the borders on 1st April 2022, the recording of digital human tracking is now becoming more prevalent.
This creates unparalleled electronic data of human behaviour and movement patterns in the country, perhaps the first of its kind in Malaysia.
Looking at the indicators, there is every possibility that the MySejahtera app could pose a scenario of “Big brother is always watching” as portrayed in George Orwell’s ‘1984’ book.
The availability of data for 38 million MySejahtera registered users – Malaysians and foreign residents - and their movement as well as records of check-ins at public and commercial places is indeed a big data exercise.
It is understandably a great concern that the app could predict the behaviour of humans via check-in records, and movement patterns, and all of this could be the much sought-after piece of information about Malaysia on a silver platter.
I shudder to think that MySejahtera is being utilised akin to a Hollywood movie in the late 90's ‘Enemy of the State' starring Will Smith, Gene Hackman, Jon Voight, and Jack Black in which a covert intelligence agency able to track mobile phones for ‘asset tracking’ or locating the whereabouts via live feed.
Questions:
As such, I am demanding the government of the day and Khairy to clarify the following questions: i) Is there a guarantee that MySejahtera is not being used for data exploitation and human behaviour movements and it won’t act in such a way?
ii) Is there any assurance that MySejahtera is not being utilised for unauthorized purposes or breach of privacy by any unknown party?
iii) Is it true about the foreign ownership and/or interest in the MySejahtera app and its components?
iv) Is there any concrete assurance that no domestic and foreign entity/organization penetrates the data of human tracking and channels the vital mobility or patterns of movement of ‘rakyat’ to some alternate back-end international server or acts as hidden scientific behavioural records?
These are the questions that Khairy, the Health Ministry, and the National Security Council must answer to the ‘rakyat’ and users about the privacy and security issues of MySejahtera.
Lastly, it is my fervent hope that the concern with possible privacy and security breaches is something that the Parliament's Public Accounts Committee should also look into.
Manivanan Gowin, is a lawyer and the PKR deputy information Chief.
The views expressed in this article are the author's own and do not necessarily reflect those of Sinar Daily.