ADVERTISEMENT

ADVERTISEMENT

10:37am 19/04/2022
Font
Find MySejahtera alternatives, move away from MySJ deal
By:Dr. Rais Hussin, Ameen Kamal

It is understood the government is finalising deals with MySJ Sdn Bhd, but the government should not rush it. If anything, the government should put the deal on hold until investigations from the Public Accounts Committee (PAC) is over. That would be the responsible action.

The government’s excuse of not finding other app developers may have been a little more acceptable at the height of the pandemic, but the fact that the debacle is made public at a time when the country is transitioning into endemicity should be seen as an opportunity to move away from MySejahtera application and free itself from MySJ.

There are already unexplainable and questionable sequence of events surrounding the apparent one-sided exclusive treatment of the so-called “Corporate Social Responsibility (CSR) deal” by the government (by not stopping and finding a new “operator”) as KPISoft/Entomo entered into a commercial arrangement with MySJ on October 6, 2020, while the CSR deal was still in effect.

Therefore, ignoring the opportunity to sever ties with MySJ may send the wrong signal that the government is complicit.

MySJ effectively “owns” the MySejahtera app as reports indicate that it has been given exclusive and perpetual license to the app from the developer, Entomo Malaysia (formerly KPISoft), through a licensing agreement.

Health Minister, Khairy Jamaluddin, was reported to have said that the reason for continuing negotiation with MySJ was that there was more request for modules, leading the government to continue with the existing “operator” instead of stopping and finding new “operator”.

Regardless of what modules are being referred to or what “operator” means, a mere operator should be changeable.

If we take Khairy’s reported statement that the government owns the data, modules in MySejahtera and the brand, then perhaps there are still components of ownership that MySJ has that the government wants or need from said “operator”.

For example, health portal CodeBlue reported that a share sale agreement dated August 27, 2021 states that MySJ is the “legal and beneficial owner of all rights, title, and interest, including intellectual property rights in the MySejahtera application and all related technology, knowledge, know-how, updates/upgrades, and trade secret in relation to the MySejahtera application.”

Simply put, the “operator” of the platform is also the owner of the platform.

Be that as it may, it could mean that if the government want more “modules” or “updates” to the app, only MySJ has the rights to these upgrades. Therefore, if MySejahtera is the one and only option, then the government has no choice but to deal with MySJ.

Therein lies the opportunity for the government to escape the apparent “CSR Trap”.

Given that the Malaysian government already owns the data as it claims, and if there are ways to securely migrate all data to be integrated with a new app, then the government should strongly consider changing the platform, relinquishing the government’s dependence on MySJ.

If the government truly wants the modules or functions of MySejahtera, it should seek other developers that can develop similar, or perhaps better app features.

Overarching reasons to move away from MySejahtera and MySJ include the significant loss of trust and questionable usefulness of the app, the questionable fairness of the deal with MySJ, and unaddressed concerns surrounding MySJ shareholders and ownerships.

People don’t trust the MySejahtera app anymore

The debate on whether MySejahtera is relevant or not for an endemic disease (which Malaysia is probably transitioning to) is a related point and a topic on its own.

Regardless, there are strong indications that many people distrust the app, even if some people and the government appreciate the modules and functions.

As EMIR Research mentioned in prior publications, involvement of various parties owning different “parts” of MySejahtera cast more doubt in people’s minds that only the government has (exclusive) access to the data gathered and processed by MySejahtera, even if it owns it.

The app, which is owned by MySJ, collects data that is owned by the government, running on software developed and owned by KPISoft/Entomo.

It remains unclear how this separation of ownership is realistically operationalised outside of ideally-written legal documents.

Not to mention the issue of company shareholding, directorships, and ownership structures which gets more convoluted with multiple reports from various sources on similar names appearing across companies and across international borders that appear to be dealing with one another.

These obvious red flags and clear indications of conflicting interests contribute to the mounting distrust on the app.

The authorities’ silence on this merely serve to accelerate the trust degradation, putting waste to any payments the government makes (using public funds!) to MySJ, as less and less people use the MySejahtera app.

Ignoring the issue fuels speculation that that there could be elements of corruption, conflicting interest and collusion between private parties and the authorities, especially if the deal still goes through despite not making sense.

Other issue such as the risk of foreign ownerships remain unaddressed, worsening the trust-deficit.

Personal data protection issue is a main driver to the degrading trust on MySejahtera, and concerns have been growing in the past weeks.

In addition to uncertainties on the fate of personal data before any formal contracts were made, doubts on exclusive data accessibility, and technical concerns on data security and integrity (which can only be addressed via forensic digital investigation or audit of the entire ecosystem), it would appear that even the MySejahtera privacy policy has potential loopholes too, as reported by CodeBlue.

Specifically, the health portal reported that according to an intellectual property and information technology expert, MySejahtera’s privacy policy lacks important information such as the names of agencies or government contractors which may have may have access to different types of personal data, the way personal information is processed, data storage locations and other details.

CodeBlue reported additional concerns such as the 90-day retention period whereby the app’s privacy policy only states this in relation to check-in data. Other personal information such as personal individual identifiers, medical and health data are not specified in the policy.

Even for the check-in data, the same issue on whether there are sufficient safeguard mechanisms to ensure exclusive access to the information still remains. For example, how do we know duplicates of this data have not and could not have been made prior to the deletion?

Despite the nation’ transition into endemicity, border reopening, and loosened standard operating procedures (SOPs) which have contributed to increasing mobility, CodeBlue reported a significant 30% decline in MySejahtera check-ins nationwide, with East Coast states Kelantan and Terengganu, and the state of Pahang, Putrajaya, and Kedah exceeding the national decline with a range of 38% – 49% drop based on data between March 25 to April 9.

These are strong enough reasons to consider alternatives to the app.

MySJ deal may not be fair

The biggest winner at the moment is Entomo as reports indicate that they were able to seal an exorbitant deal worth RM338.6 million with MySJ.

Assuming that the actual development cost by KPISoft/Entomo was around RM8-10 million, MySJ would be paying up to 42 times the cost!

Now, the question is how would MySJ recoup this large investment?

On the government’s deal with MySJ, Khairy was reported to have said the following:

I can tell you for a fact that the amount that we are negotiating with MySJ is much, much lower than RM300 million. Far lower than RM300 million.”

Let’s say that the figure ends up being between RM80 – 100 million, that would still mean the government is actually paying about 10 times the actual development cost if we use the same cost assumption.

Thus, it is a false notion to simply assume that any figure lower than RM300 million is good. In all likelihood, the statement of “far lower than RM300 million” could mean the government is still getting a very bad deal.

Now, if MySJ gets the deal around the assumed RM80 – 100 million price, that is at best only around a third of MySJ’s cost of RM338.6 million.

It is likely that other revenue streams for MySJ to recover its investments include the proposed 15-year scope expansion of MySejahtera for a reported RM138 million annually.

Following the same assumptions, this means MySJ can recover its initial cost of RM338.6 million in less than two years if the expansion agreement also starts this year.

Upon cost-recovery, MySJ could be enjoying 13-years of revenue totalling nearly RM1.8 billion.

Say that the annual cost for the scope expansion deal is also RM8-10 million, the government would be paying MySJ around 13.8 times its development cost.

If these deals go through with such assumptions, then MySJ and Entomo owners would be making big bank. The people are the true losers in this case as the government overspends public funds (people’s money!) and enriching the few, while concerns regarding personal data protection remain.

And MySJ isn’t likely to just stop there.

As reported by CodeBlue, MySJ actually had plans for the acquisition/investment of healthcare companies, for what is presumably “MySejahtera-expansion” businesses which may involve more payments either from the government or perhaps even app users—which could face much lower financial projections with shrinking pool of app users.

This scenario of perpetual reliance on MySJ puts the government in a continuously disadvantageous position in negotiations. How can the government ensure it gets a fair price without opening this to other developers?

If these MySejahtera expansion projects are truly value-adding (which is up to public health experts to determine alongside economists), then what is needed is an open tender now, before the government gets stuck with relying solely on MySJ for any public health related modules and functions.

MySJ shareholders are also in a legal battle, which may decrease the company’s reliability. The government shouldn’t rely on a problematic company.

If anything—and contrary to the notion that the shareholder disputes have nothing to do with the government—the underlying reasons for the dispute should be of interest for the government to probe further.

Assuming the government has the source code—which previous statements by the government appear to allude to—then they should make it open-sourced so that new modules/features can always be designed by other developers.

If not, or if this infringes on rights owned by MySJ/Entomo, then the government should consider moving away from MySejahtera entirely, and opt to develop a new app through open tender if they deem the functions to be necessary.

As EMIR Research reported before, Singapore reportedly spent SGD13.8 million for the development and acquisition of the SafeEntry digital check-in system and TraceTogether app and tokens.

Technology ecosystem news portal Digital News Asia (DNA), reported that Ravee Suntheralingam, who is a Cambridge-educated Gerak Independent candidate with 23 years in the information and communication technology sector, opined that MySejahtera is not costly to develop after studying its features, and doubts it would cost more than US$238,000 (RM1 million) for the first three modules.

A Malaysian software developer released a press statement on March 29, 2022 offering to not only replicate MySejahtera but also improve it, for about RM6 million.

There could be many other proposals by other companies if only an open tender was conducted, and if what appeared to be a “CSR trap” didn’t happen.

Ultimately, if the government wants to continue using the current or future features of MySejahtera, there may be other developers that can develop it at a far cheaper price.

But the government must act now before it is too late.

(Dr. Rais Hussin and Ameen Kamal are part of the research team of EMIR Research, an independent think tank focused on strategic policy recommendations based on rigorous research.)

ADVERTISEMENT

mysejahtera
Dr Rais Hussin
Ameen Kamal
Emir Research

ADVERTISEMENT

4 w ago
4 w ago
4 w ago
1 mth ago
2 mth ago
3 mth ago

Read More

ADVERTISEMENT