On the Beat | By Wong Chun Wai

Status quo solution

STILL reeling from the controversy surrounding MySejahtera data protection for contact tracing mobile applications, there have even been calls to discard the system now. Of course, that’s easier said than done.

The Malaysian Medical Association has said it is time to consider relinquishing the use of MySejahtera as the country transitions into the endemic phase, adding that the app’s scanning features are no longer beneficial.

Its president, Dr Koh Kar Chai, said the app may have outlived its usefulness for contact tracing given the large number of cases within and surrounding the community.

Opposition leader Datuk Seri Anwar Ibrahim has also asked for the app to be done away with.

But MySejahtera is for more than just entering premises or revealing a record of vaccinations. Let’s not forget that it has become an acceptable and recognised app for Malaysians to use to enter most foreign nations.

Many countries insist on verifying if a visitor has at least two vaccinations or the added safety of a booster jab. The brand of vaccine is also a point of concern for many governments.

A large portion of the Western world, for example, doesn’t accept Sinovac, while China won’t accept Pfizer or AstraZeneca. So the reference point for now is still MySejah-tera, which is at least some form of an official declaration issued by the Malaysian Health Ministry.

Almost all countries in the world have some form of a digital contact tracing application.

If you visit Singapore, you will need to download Trace Together, which is still required for compulsory registration before entry into all premises. In Indonesia they have PeduliLindungi, while Hong Kong has the Leave Home Safe app.

To put it succinctly, all the talk of abolishing MySejahtera is premature and certainly ill-advised.

The crux of the controversy is the ownership of MySejahtera and public concern about the protection of the data of over 30 million Malaysians. There are certainly grounds for concern.

Malaysians aren’t the only ones that have raised a flag. All around the world, people are debating the same questions and demanding answers from their governments.

In Australia, for example, the concerns include what’s called “function creep”, with contact tracing information being used for other law enforcement purposes even though the country has laws preventing this.

There were also initial concerns regarding the government tracking people, which was soon allayed by its COVIDSafe app that doesn’t use GPS.

Australia’s Cyber Security Cooperative Research Centre has also carried out a cyber security review to ensure that the personal information collected is limited.

It’s also not unusual for countries to use or adopt technology from foreign developers or incorporate technologies developed by governments of other countries.

For example, Colombia’s CoronApp is developed by its government but uses technologies from the Singapore and South Korean governments, as well as Apple.

The Fijian government reportedly launched its careFIJI app based on the BlueTrace protocol developed by the Singapore government.

Last week, Health Minister Khairy Jamaluddin assured the public that the Malaysian government owns MySejahtera, adding that the Malaysian Administrative Modernisation and Management Planning Unit (Mampu) and National Cyber Security Agency (Nacsa) conducted a penetration and vulnerability test before the app was launched.

He said Nacsa conducted a monthly audit trail on the MySejahtera servers and that its Cyber Coordination and Common Centre monitors the app to detect possible breaches.

The ownership and management of the MySejahtera app made headlines recently when it was revealed that KPI Soft, now known as Entomo, sold the app’s intellectual property and software licence to MySJ Sdn Bhd for an eye-watering RM338.6mil.

The sale prompted questions about the safety of the data contained on MySejahtera servers, especially when it was revealed that Entomo is owned by a Singaporean company. But Khairy has clarified that while Entomo is based in Singapore, the company’s shareholders are largely Malaysian.

I agree with Khairy that we need to adopt a more broad-minded approach because many Malaysians have set up their tech ventures outside the country, with Singapore and the United States as the preferred choices.

A digital hub isn’t just a cluster of buildings. It also encapsulates the skills and ideas from the brains behind it, with real financial backing from the government and venture capitalists.

The truth is, the Malaysian government has not done a great job with this, and one shining example is how Grab had to seek out Singapore after Malaysia had turned it down.

Founded in 2012, Grab started as the MyTaxi app based in Kuala Lumpur, but then moved to Singapore in 2014 and was rebranded as Grab after Temasek Holdings backed Vertex Venture Holdings, saying that to grow big, they had to move to Singapore. It was a missed opportunity for Malaysia.

Khairy also said the government has not paid a single sen to any parties for the management of MySejahtera, adding that no payments have been made to “KPI Soft, Entomo or MySJ”.

But this may not be the best way to handle things. The developer has provided its service to Malaysia as a corporate social responsibility (CSR) exercise for one year, but surely nothing can be free forever, especially since additional features have been included in MySejahtera.

For example, this writer has been made to understand that MySejahtera’s Helpdesk doesn’t function effectively because it lacks the ideal number of staff to handle queries and complaints from users.

The government surely can’t expect the developer to use money from its own pocket to hire workers. Here is where Khairy is right – there must be a proper agreement between the government and the developer after the one-year CSR period ends.

As for the rumoured RM338.6mil the government is set to pay MySJ for the app, Khairy said the amount was exaggerated, but added “we are in the final stages of negotiation, it is less than RM300mil’.

It will be interesting to see what the agreed figure is because while we can’t expect it to be cheap, we certainly won’t accept a hefty bill either.

It looks like we either buy the app, extend the lease or refrain from using it and create a new one.

According to various news reports, Britain’s National Health Service (NHS) reportedly spent more than £35bil (RM193bil) on its contact tracing app. In March 2021, its Parliament reported that as of May 2020, NHS Test and Trace had been set up with a budget of £22bil (RM121bil). “Since then, it has been allocated £15bil (RM82.8bil) more, totalling £37bil (RM204bil) over two years.”

The amount, understandably, became a hot topic in Parliament with the Opposition describing it as “unimaginable.”

The New Zealand Herald reported that the Kiwi government paid NZ$6.4mil (RM18.64mil) to build its tracer app, while the New Daily reported Australia paid AU$8mil (RM25mil) for its own app.

Germany’s Corona-Warn-App reportedly cost the government €20mil (RM93mil).

While a smaller start-up could incur a lower cost, let’s remember that developers will always charge for additional work and features.

For now, Malaysians must insist our data is secure and not vulnerable to abuse, and that MySejahtera will have fresh features because, as the MMA rightly pointed out, it could be outdated soon. But taxpayers are certainly not expecting to foot an astronomical bill.

The World Health Organisation has said the severity of the disease caused by the Covid-19 virus would wane over time due to greater public immunity but warned that a more dangerous variant could be lurking around the corner.

I would rather stick with MySejahtera, practise physical distancing and keep my double-layer mask on than trust politicians who are asking us to dump the app.