Sunday, April 10, 2022

MySejahtera - to USE or not to USE? Should be owned/controlled by the Government - the Ministry of Heath? All our personal data, including movement in there?

MySejahtera - have Malaysians been deceived? We all thought it was a government owned App, and all the data we provided was only accessible by the government, in particular the the Ministry of Health.
The problem now is our PERSONAL data, which also contains data of our movement, the shops we frequent, etc - Not a major problem if access and ownership was with the Ministry of Health, who we 'TRUST' will not use or sell this data to others.
But now, we are informed that Mysejahtera is owned by a private company - now even a government owned company >>> Hence, the worry for many.
Worse still, is recent news by Code Blue that this is not even a Malaysian company but a foreign company - a Singapore company.
Health Minister said that users' personal data is protected...and is not shared ...

Health Minister Khairy Jamaluddin told the press yesterday that MySejahtera users’ personal data is protected by the government with a non-disclosure agreement, and is not shared with the private sector or a third party.
A non-disclosure agreement - well, it is most likely between the company and the government > and not with the individuals who are shareholders, directors, employers(present/former), and so if there is 'theft' of the data, 'disclosure of the data, or abuse of the data - the DAMAGE is done, and the government can sue and will most likely recover damages from the company( most likely not from the individuals concerned. Will we, the individual victims, be compensated - most likely, whatever damages/compensation will go into the government's coffers.
PERSONAL DATA - well, it can be used against us. Would an insurance company be wanting to insure us, knowing our medical history(and possibly those of our family members) which indicate that we at higher risk of contracting some serious disease which makes us HIGH RISK? Just an example ...

I have wondered how in some past elections, I received SMS/Messages to vote for the BN or some other candidate - how did my PERSONAL DATA(my phone number) come into possession of these political party/candidates. Likewise, we receive messages from loan providers, advertisers >>> Who is leaking our personal data.

TRUST in government has been eroded - Trust in MySejahtera have been eroded - why should I provide data of my movements if that is going to some other people...

What the government should do to REMEDY their fumble is to immediately purchase all RIGHTS to the App, and make sure that access and control is 100% in the hands of the Malaysian Government, in particular the Health Ministry ONLY.
If purchase is impossible, the Malaysian government should immediately get their OWN new App, and input all the personal data they have into this new government controlled App.
URGENTLY Enact a law, that will make it a crime for any person to use, disseminate, sell, abuse the personal information of any of the 38 million persons who are currently using the App. Make it a serious offense with prison terms for directors, employees or anyone that have or use of data wrongfully.
The problem is that MySejahtera may have copyright issues - so, best that the government immediately get a new App with a new name > and stop getting MySejahtera certs recognized by other countries > Give us all immediately a Ministry of Health Certificate. This certificate should also be available to the public from any Health Department in every district.
I received my Booster shot overseas, and despite several times informing MySejahtera by email and the app > I have yet to get the Malaysian certificate verifying that I have had 3 shots, including the Booster shot. I should be allowed to go to the Health Ministry to settle the problem - but currently that option seem to be not available >> I was told to deal with MySejahtera directly. Health Minister Khairy must do something about this.
I would have called for the Prime Minister to resign for this massive 'fumble' in failure of government to procure full ownership/control over the MySejahtera App - but that Prime Minister is no more, and we have a new Prime Minister(from a different party) now.
A couple of days ago,  "... MySJ Sdn Bhd today assured that data in the MySejahtera application belonged solely to the government and for pandemic management purposes only. Its chief business officer Aiza Azreen Ahmad said there was no abuse of user data as the application is subject to provisions under the Prevention and Control of Infectious Diseases Act 1988 (Act 342)...". 

DATA - is not like monies, shoes, gold. Data can be copies and stolen, and the original remains, even the Minister and the government will not know????
And, who is the MySJ Sdn Bhd - a private company. Our relationship is with the government of Malaysia - the Ministry of Health. So, why is MY SJ Sdn Bhd even 'assuring us'? 
We remember the experience with 1MDB, which was, I believe, a 100% government owned/controlled company - and they too denied all, until Najib and others started being arrested and prosecuted and the TRUTH was revealed. Now, MySJ 'chief business officer' is speaking - not even the Chairman/Board of Directors - and we are expected to trust this 'employee'?
Should we BOYCOTT and stop providing our personal private data to some private company now?
Is MYSJ a private company? If it was a 100% government owned company, we may not be so concerned....THERE IS SO MUCH UNCERTAINTY ABOUT THE OWNERSHIP, CONTROL, ETC... Did the Malaysian government 'outsource' this to some private entity when it should be under the 'trusted' government?
And now, there is a court case trying to remove some Directors in MySJ - it is all very worrying..
The Malaysian government must URGENTLY settle matters - and Minister Khairy or PM Ismail Sabri must clearly explain the 'fumble' and how the government should will remedy matters..
Should we continue 'CHECK IN' using the MySejahtera App, or should we just sign the attendance book at the various premises. Providing data to a private company, who maybe is not even by Malaysians anymore is a matter of serious concern...

TOO MUCH Contradictory data out there ... tell us which is FAKE and which is true??

NST Leader: MySejahtera ownership
March 30, 2022 @ 12:00am

This file pic dated July 4, 2020, shows a woman scanning the QR code via the MySejahtera app to enter a premise in Bandar Baru Selayang. - NSTP/ASYRAF HAMZAH

It is true that Malaysians are wont to be cynical, untrusting of government and given to conspiracy theories.

But when inefficiencies like the government's planned procurement of the MySejahtera app come to light, a Malaysian's wildest imaginations cannot compete with the sad truth: The government doesn't even know how to draw up a contract.

That is the jaw-dropping revelation that has come from a parliamentary Public Accounts Committee (PAC) enquiry last week into Covid-19 vaccine procurement. The idea for some sort of Covid-19 contact-tracing app was born at the start of the pandemic in February or March 2020.

Though 11 proposals had been submitted, the mandate was given to KPISoft Malaysia Sdn Bhd (KPISoft) because the company offered to develop the software and manage it for free as a corporate social responsibility (CSR) project for one year. It is unknown what the government thought would happen one year later, but the short of it is that the government took up KPISoft's offer but didn't draw up a legally-binding agreement.

For the past two years, the government has been operating under the impression that it owns the MySejahtera app. But except for a non-disclosure agreement, there is nothing on paper that defines who owns what, who has the ultimate right over what. That works well to the software developer's advantage, but not to the government's. In May 2020, KPISoft changed entities and became Entomo Malaysia Sdn Bhd (Entomo).

In October 2020, Entomo leased the MySejahtera app's software licence and intellectual property rights to MySejahtera Malaysia Sdn Bhd (MySJ) for RM338.6 million for a period of five years and three months until the end of 2025. How could they have done that if the app is owned by the government? The government now finds itself having to buy or make a new deal for what it thought it already owned.

In November last year, the cabinet decided that the MySejahtera system ought to be transferred to MySJ, and based on this decision, the Finance Ministry approved for the Health Ministry to go into direct negotiation with MySJ, provided that the Health Ministry did its due diligence. A PAC check on MySJ's company profile and list of directors revealed the involvement of influential business figures with ties to the ruling party.

It is significant that the PAC chairman summarised the KPISoft deal as a "backdoor way" of getting a contract. A CSR project, bearing no cost to the government, bypasses the normal procurement process, which would have required an open tender, which then would have needed the Finance Ministry's approval.

It is fair enough that beyond the first year, the developer expects to be paid for services rendered, especially as the MySejahtera app's scope is far bigger than what it started out as. But how could the government have been so careless as to not have locked down ownership of it? How hard would it have been to draft a forward-thinking contract? The government claims that user data is safe and in the government's hands; but is that a fact or merely the government's understanding?

Two years on, MySejahtera now has 38 million registered users (residents and visitors) and racks up 30 million check-ins per day. All people in Malaysia are mandated by law to use it. But for want of a contract, the app is now a hostage. Now whose fault is that? - New Straits Times, 30/3/2022

We need a trustworthy owner for MySejahtera


Saturday, 02 Apr 2022
THE Malaysian Health Coalition (MHC) is concerned over recent reports on the ownership and operations of the MySejahtera app. We welcome the Health Minister’s official statement regarding the ownership of MySejahtera (issued on March 27), but we also note the recommendation of the Public Accounts Committee for the government to “take over the operations of the MySejahtera application without involving any additional costs.”

The importance of a centralised national contact tracing application in managing Covid-19 cannot be underscored, hence we urge the government to safeguard the ownership of MySejahtera.

Key issues that may arise if we do not have a trustworthy owner for MySejahtera include breach in personal data privacy, misuse of public data and decline in public trust. This will subsequently erode public trust in governance and accountability, which are key to our successful transition into an endemic state for Covid-19.

We urge the government to rebuild public trust in MySejahtera through regular and transparent updates on privacy and data usage policies for the app. This must include publishing legal documents that explain the data governance (such as which servers, who has access to the data, and how is the data processed).

The rakyat must know the legal structure of all the private companies involved. Technical transfers of ownership for MySejahtera should not be made through direct negotiations without the rakyat’s knowledge. The government and Health Ministry must institute measures, including possible legal recourse, to increase the public’s trust in MySejahtera.

Protecting the rakyat’s health and data privacy must go hand in hand and cannot be compromised at any cost. Public health needs trust to be successful.


Singaporean Company Is MySejahtera Software Owner’s Sole Shareholder

Entomo Malaysia Sdn Bhd (formerly KPISoft Malaysia) lists Singaporean company Entomo Pte Ltd as its sole shareholder; Entomo Pte Ltd’s biggest shareholder is also a Singaporean company.

The Ministry of Health's MySejahtera Covid-19 app. Picture by CodeBlue.

KUALA LUMPUR, March 29 – The current sole shareholder of Entomo Malaysia Sdn Bhd – which legally owns the software it used to develop Malaysia’s Covid-19 app MySejahtera – is a company registered and based in Singapore, Entomo Pte Ltd.

A Companies Commission of Malaysia (SSM) search today shows that Entomo Pte Ltd owns 300,004 shares in Entomo Malaysia, formerly known as KPISoft Malaysia Sdn Bhd, that has issued share capital of RM300,004. 

SSM’s record on Entomo Malaysia’s shareholder particulars lists Entomo Pte Ltd, the sole shareholder, as “foreign”, with a Singapore-based address.  

According to a company search on Singapore’s Accounting and Corporate Regulatory Authority (ACRA) yesterday, Entomo Pte Ltd has four directors: Malaysian Raveenderen Ramamoothie; Singaporeans Tan Seng Hong and Finian Tan; and Indian national Naveen Pralhad Deshpande. 

Raveenderen is also Entomo Pte Ltd chief executive officer, based on the ACRA record. According to Entomo’s website, Finian Tan is chairman, whereas Naveen is co-founder and chief operating officer.

Entomo Pte Ltd has paid-up capital of some SG$10.2 million and about US$26 million. 

DreamTeam Incorporation Pte Ltd, registered in Singapore with an address in Singapore as well, is the biggest shareholder in Entomo Pte Ltd with 35,524,848 ordinary shares in Singapore dollars.

Entomo Pte Ltd – which has 28 shareholders in total – lists five Singaporean corporate shareholders, two American corporate shareholders, one Japanese corporate shareholder; as well as eight Japanese individual shareholders, four Singaporean individual shareholders, three Malaysian individual shareholders, three Indian individual shareholders, one American individual shareholder, and one Indonesian individual shareholder. 

The National Security Council (NSC) said in a statement on July 1, 2020 that “KPISoft” was founded by two Malaysians – Anuar Rozhan and Raveenderen Ramamoothie – who were also the “biggest shareholders of the company to date” then. NSC also said KPISoft was a local MSC-status company founded in 2010.

However, SSM records show that KPISoft Malaysia Sdn Bhd, which changed its name to Entomo Malaysia Sdn Bhd on May 20, 2020, was incorporated on June 21, 2005. 

SSM’s record on Entomo Malaysia’s shareholder particulars also shows no change of shareholding since January 31, 2017, when the company registered its document on the date of change in shareholding lodged with SSM.

This indicates that Singaporean company Entomo Pte Ltd has been Entomo Malaysia’s sole shareholder since at least 2017.

The Hansard of a meeting by the Parliament’s Public Accounts Committee (PAC) on March 8 this year showed confusion over the actual names of KPISoft Malaysia Sdn Bhd and MySJ Sdn Bhd, as Ministry of Health (MOH) and Ministry of Finance (MOF) officials at the meeting initially referred to the former company as KPISoft Sdn Bhd. 

“How can the Cabinet approve this if such information can’t be accurate?” PAC chairman Wong Kah Woh said, referring to the Cabinet’s approval last November for direct negotiations with MySJ on MySejahtera.

“Yes, that’s right. Maybe NACSA (National Cyber Security Agency) is the one who brought this paper, or the NSC. They all didn’t do a thorough check, but no matter, we have instructed MOH to check this issue. If it’s found that this really is inaccurate, then Mr Chairman needs to bring this back to the Cabinet,” replied MOF division deputy secretary (government procurement) Rosni Mohd Yusoff. 

Share Sale Agreement: Malaysian Government Owns Data Collected Through MySejahtera

According to a share sale agreement on December 31, 2020, between two MySJ shareholders – Revolusi Asia Sdn Bhd and P2 Asset Management Sdn Bhd – which was disclosed in a supporting affidavit by Entomo Malaysia in an ongoing court case, Entomo Malaysia is the owner of “all rights, title and interest, including all intellectual property rights” related to the MySejahtera app.

This excludes the “trademark and data collected through the operation of MySejahtera” that are owned by the Malaysian government.

Through an October 6, 2020 licence agreement disclosed by the affidavit, Entomo Malaysia gave MySejahtera’s intellectual property rights to MySJ and granted MySJ a perpetual licence to use Entomo Malaysia’s “proprietary software” to develop and support the MySejahtera app for RM338.6 million in a deal until end 2025.

The licence agreement states that MySJ only acquires a licence to the KPISoft software specifically for MySejahtera and “does not acquire any other rights or ownership interests.”

These public court documents were filed in a lawsuit that P2 Asset Management initiated last November against Entomo Malaysia, Revolusi Asia, and MySJ over an alleged breach of a share sale agreement between Revolusi Asia and P2 Asset Management.

Malaysians Anuar and Raveenderen are on MySJ’s board of directors.

Health Minister Khairy Jamaluddin told the press yesterday that MySejahtera users’ personal data is protected by the government with a non-disclosure agreement, and is not shared with the private sector or a third party.

He also acknowledged that a contract had not been created when KPISoft developed MySejahtera for the Malaysian government for free as part of a corporate social responsibility (CSR) initiative that ended on March 31 last year.

The health minister further said that after his appointment last August, he sought to transfer management of MySejahtera to MOH and to put a contract into place, as KPISoft had been providing the app’s services to the government via the NSC without a legal agreement.

MySejahtera, which has 38 million registered users, contains information on Malaysia’s Covid-19 epidemic, including positive cases, their location, and those under home quarantine, besides users’ personal data that includes their name, IC number, phone number, and check-ins at public premises. - Code Blue, 29/3/2022

Your data in MySejahtera is safe, for pandemic management only, assures MySJ

KUALA LUMPUR: MySJ Sdn Bhd today assured that data in the MySejahtera application belonged solely to the government and for pandemic management purposes only.

Its chief business officer Aiza Azreen Ahmad said there was no abuse of user data as the application is subject to provisions under the Prevention and Control of Infectious Diseases Act 1988 (Act 342).

"The data we have is in the cloud (network) in Malaysia and has never been anywhere else.

"After 30 days, it will be archived and be placed in a sort of demilitarised zone where the public have no access to it.

"And after 90 days, there will be an auto-deletion process of the data.

"The data is owned by the government where we will archive then delete. We are aware of the public's concern but this is also a way for us to save lives during the Covid-19 pandemic," she told TV3 Malaysia Hari Ini programme aired today.

Aiza who is also the MySJ Sdn Bhd acting chief executive officer stressed that the use of the MySejahtera application is based on the Health Ministry's Digital Health Strategies.

"It was also discussed that if there is a need for other industry players (to take over), we must oblige … but for now we want to help Malaysians."

Aiza said there were currently 29 million active MySejahtera users and 47 million downloads based on MySJ statistics.

"The use of the application is not just about tracing close contacts; I think it became a concern among users because it was like 'Big Brother was watching' them because of the MySJ Trace function.

"But people must be aware that Covid-19 has not gone away, it is still happening. For example, several London flights had to be rescheduled because the ground staff was found positive.

"As a MySejahtera user myself even though my data is in there, the transition to endemicity from pandemic must be in stages as we still need the application to save lives.

"Now even our borders are opened and our vaccine certification has been recognised by the European Union.

On the possibility of a data breach or abuse, Aiza reminded the country has a Personal Data Protection Act (PDPA) 2010.

"The important part is to address the concerns and complaints of the people, there are others who are trying to sensationalise this but we need to be aware of the existence of the PDPA.- NST, 7/4/2022

"The government, Health Ministry and its Minister Khairy Jamaluddin even addressed this and provided a detailed explanation where the data is only for pandemic management and there is no need to be worried," she said. - NST, 7/4/2022


Suit filed to remove two directors of MySejahtera operator

A board tussle has developed among shareholders in companies involved with the government’s MySejahtera contact tracing app.

PETALING JAYA: A boardroom tussle has developed among companies involved in developing and operating the MySejahtera contact tracing programme.

A suit has been filed by Hasrat Budi Sdn Bhd, a shareholder in MySJ Sdn Bhd, which operates the MySejahtera app, seeking the removal of two MySJ directors, Shahril Shamsuddin and Anuar Rozhan.The suit also seeks to have Raveenderen Ramamoothie and a representative from Hasrat Budi to be appointed to the board.

Watch the video here.

Raveenderen is chief executive of Singapore-based Entomo Pte Ltd, which owns Entomo Malaysia Sdn Bhd, previously known as KPISoft Sdn Bhd, which had developed the MySejahtera app.

Hasrat Budi also sought to have meetings of MySJ in February to be declared invalid on the grounds that Hasrat Budi had bought a 10% stake in MySJ and had the right to buy another 10%, according to a share-sale agreement.

Hasrat Budi alleged that Raveenderen, Anuar, Entomo Malaysia and another company, Revolusi Asia, had conducted themselves “in a manner contrary to a mutual understanding” between them, in relation to board changes in December. - FMT, 4/4/2022



No comments: