Malaysians worry over reported plan to sell contact tracing app to a private firm · Global Voices
Mong Palatino

Screenshot of a video posted on the website of the MySejahtera app
News about a Malaysian government agency’s plan to sell the COVID-19 MySejahtera contact tracing app to a private developer has alarmed opposition leaders and the public because of potential consequences on national security and citizens’ privacy. A government minister clarified that the app’s data are owned by the state and will not be sold to a private entity. But the response only raised more questions about the nature of the negotiations involving authorities and the developers of the MySejahtera app.
The MySejahtera app was developed in 2020 by KPISoft Malaysia Sdn Bhd as part of its corporate social responsibility, which was then used by the government for contact tracing during the pandemic. In the past two years, Malaysians have been required to use the app as part of the government’s health and travel protocols.
During a Public Accounts Committee hearing on March 24, an official from the Ministry of Health revealed that the plan to sell the MySejahtera app was approved in November 2021 via a direct tender.
Opposition leader Datuk Seri Anwar Ibrahim questioned the decision to sell the app and the possibility that it will be given to close associates of the ruling party:
Under an open tender, these facts would be scrutinised by the government and the public. In the case of a direct negotiation, this deal appears to resemble a pattern of rewarding companies and individuals that have political and business connections to the ruling government.
The government was quick to assure the Parliament and the public that the private health data of Malaysians and other sensitive information contained in the app are secure.
But more questions arose after it was disclosed in several news reports that the MySejahtera app was used and adopted by the government without a contract and that the ownership of the intellectual property of the app remains uncertain.
Anwar said the people “have every reason to be suspicious and to be outraged.” He raised the following questions through a press statement posted on his Facebook page:
The Malaysian people would want to know where is their data being stored? Has it been stored in a secure and encrypted environment with limited access? What mechanisms are in place to prevent any third party from accessing or stealing their data? What recourse do people have if their data is misused in a way that causes them to experience harm, fraud or discrimination?
Charles Santiago, another member of Parliament, tweeted his concern about the planned sale of the app
It’s all been shrouded in secrecy from the beginning: the relationship between the application developer and the government is unclear. It’s suspicious that the contract was awarded through direct negotiations and not an open tender.
— Charles Santiago (@mpklang) March 27, 2022
Researchers Rais Hussin and Ameen Kamal noted the lack of transparency regarding the ownership of the app:
Is Malaysia’s government the “sole” owner or one of the owners?
Is Malaysia’s government the “only” party that has access to the trademark and data collected through the operation of MySejahtera?
The hashtag #StopUsingMySejahtera trended on Twitter, which reflected the fear and anger of many Malaysians over the reported plan to sell the app. Some called for a boycott of the app:
The best way forward is not to ask the government to come clean with MySejahtera. They may still ignore us.
The best way forward is MASS NON-COMPLIANCE. #StopUsingMySejahtera
Stop supporting outlets that insist on seeing MySejahtera. Educate them on the dangers of the app.
— Malaysian Freedom Movement (@MYFreedomMove) March 28, 2022
The same Twitter user wryly observed that “contract tracing,” referring to tracking government contracts, should have been considered too during the pandemic:
Everyone was so worried about contact tracing when we should have been worried about CONTRACT tracing. #StopUsingMySejahtera
— Malaysian Freedom Movement (@MYFreedomMove) March 28, 2022
The controversy led to the significant drop in the number of check-ins for those using the app.
MySejahtera check-ins have been generally declining since the start of 2022, but dropped particularly after controversy broke out since last weekend about who actually owns the app and users’ personal data. https://t.co/sOF3b9y9gc
— Boo Su-Lyn (@boosulyn) March 30, 2022
Writing for The Full Frontal website, Zameen Zhou Datta has summed up the main points of the controversy and ended with this question:
If our data is being sold, should we keep using MySejahtera anyway for the sake of the public good? Do we just go back to manually signing in with a physical logbook whenever we go out? Or are we forced to just stay at home all day, every day until this pandemic is officially over?
Aside from the concern about handing over the MySejahtera data to a third party, civil society groups had earlier raised the issue of intensified state surveillance through the use of the app. They warned that it could lead to misuse of the app by authorities and the filing of more cases targeting critics and the opposition under “repressive” laws such as the Sedition Act and the Communications and Multimedia Act.