ninja-forms domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/emirresea/public_html/wp-includes/functions.php on line 6114wp-user-avatar domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/emirresea/public_html/wp-includes/functions.php on line 6114really-simple-ssl domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/emirresea/public_html/wp-includes/functions.php on line 6114sgg domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/emirresea/public_html/wp-includes/functions.php on line 6114google-analytics-for-wordpress domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/emirresea/public_html/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/emirresea/public_html/wp-includes/functions.php on line 6114Published in Business Today<\/a>, CodeBlue<\/a>, Astro Awani<\/a>, and The Malaysian Insight<\/a>, image by Business Today<\/a>.<\/em><\/p>\n\n\n\n When the authorities can\u2019t get their stories straight, they would be subjected to various presumptions\u2014 either it is a case of severe incompetence, or collusion<\/strong>. Both are possibilities are unacceptable.<\/p>\n\n\n\n The Public Accounts Committee (PAC) Chairman reportedly pointed to a \u201cconfusion\u201d over the appointment of KPISoft (now known as Entomo) for the development of the MySejahtera application, based on responses the PAC received from the witnesses in a proceeding on April 21, involving senior officers from the National Security Council (NSC), the National Cyber Security Agency (NACSA), and the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU), as reported by health portal CodeBlue.<\/p>\n\n\n\n As EMIR Research highlighted in earlier articles, even high-level officials from the Health Ministry and the Finance Ministry appear to have conflicting accounts on who appointed KPISoft. <\/p>\n\n\n\n If the government does not even know who appointed KPISoft, perhaps it was too much to expect them to conduct the necessary due diligence to uncover the potential risks surrounding data ownership and the clear conflict of interests given questionable names appearing on the companies involved and across international borders.<\/p>\n\n\n\n EMIR Research has now published six articles on the MySejahtera debacle, alongside other organisations such as health portal CodeBlue which has been at the forefront of this scandal with numerous reports and investigations. <\/p>\n\n\n\n But how has the government responded to these obvious red flags? <\/p>\n\n\n\n In what appears to be complete defiance of public outcry and utmost disregard for strict governance standards<\/strong>, there has been:<\/p>\n\n\n\n For example, there is an unexplainable and unacceptable direct appointment of KPISoft in a contract-less \u201cCorporate Social Responsibility deal\u201d, with only a non-disclosure agreement to govern data ownership (which we know nothing about or if it is still legally enforced), which subsequently appear to have \u201ctrapped\u201d the government into having to deal with MySJ Sdn Bhd. <\/p>\n\n\n\n Entomo reportedly sealed an exorbitant deal worth RM338.6 million with MySJ, making MySJ the effective “owner” of the MySejahtera app. Note that <\/strong>Entomo and MySJ share the same business address, and there are high-profile and potentially politically-linked individuals as directors in MySJ<\/strong>. There are also questionable and mysterious business figures, as reported by various sources.<\/p>\n\n\n\n MySJ will likely seek to recoup its large \u201cinvestment\u201d through lucrative and long-term deals with the government (which the government has no way of determining if the prices are fair given MySJ is the only option and will pay using public funds) or app features that require users to pay.<\/p>\n\n\n\n Although Malaysians appear to hold the highest number of shares in DreamTeam Inc (which is the major shareholding company in Entomo Pte Ltd) ultimately there are other shareholders from other countries.<\/p>\n\n\n\n The government asserted that they own the data, but EMIR Research questions in prior articles on the exclusive accessibility to the database, and data security\/integrity prior to any contracts (aside from the NDA) were made (such as within the contract-less CSR period).<\/p>\n\n\n\n Questions the PAC need to ask include the following:<\/p>\n\n\n\n When was the data started to be stored at AIMS Data Centre in Malaysia? If it didn\u2019t happen right at the start when KPISoft was directly appointed, where was the data stored before AIMS Data Centre? If it was initially stored in locations other than AIMS Data Centre, how was the transfer of data governed to ensure all data has been deleted from previous storage location, no copies have been made, or transferred elsewhere during the database migration without a contract to govern this transfer process ever being made?<\/strong><\/p>\n\n\n\n Based on the above points, it is clear that only forensic digital investigation or audit of the entire ecosystem surrounding how MySejahtera processes and stores information and accessibility of this information can provide some level of confidence<\/strong>. Even then, it is unlikely to bring trust levels on the app back to pre-scandal days. <\/p>\n\n\n\n Most recently, and related to point number 5, Health Minister Khairy Jamaluddin reportedly said that the private entity MySJ has access to the database as the \u201cmanager\u201d of the app, subject to the supervisions of the Health Ministry. <\/p>\n\n\n\n Khairy previously referred to MySJ as the \u201coperator\u201d, but only said that the government is finalising a \u201cfar lower than RM300 million\u201d deal with MySJ. As far as publicly available reports go, EMIR Research is not aware of the existence of any contracts or formal deals made by the government with MySJ to appoint them as manager\/operator of the app. <\/p>\n\n\n\n There are important questions to ask such as:<\/p>\n\n\n\n Has the government entered into some contract or understanding with MySJ for MySJ to become the manager\/operator? If so, why wasn\u2019t this made public and what is the government\u2019s cost of (directly) appointing MySJ as the operator\/manager? If it was only a deal to be a mere manager of the app, why was there no open tender? <\/p>\n\n\n\n EMIR Research understands that unless MySJ has sub-licensed their license to the MySejahtera app to other entities, then the government has no choice but to appoint MySJ as the manager\/operator. In this case MySJ is both owner and manager of the app. <\/p>\n\n\n\n The government must exercise full transparency as the deal involves public funds, and the issue involves the personal data security of 38 million app users.<\/p>\n\n\n\n The government\u2019s misplaced \u201crespect\u201d for the shareholders of MySJ (by brushing aside their ongoing disputes as something that does not concern the government, not addressing governance concerns, commercial red flags etc.) reflects how the government forgets the people as its true shareholders. <\/p>\n\n\n\n The government should be reminded that it is to the people that the government is accountable\u2014not private entities or political masters.<\/p>\n\n\n\n Thus, upholding proper governance and ensuring the interests of the people surpass any NDAs signed by the government with a (questionable) company with mere commercial interests. <\/p>\n\n\n\n In the past article titled \u201cFind MySejahtera alternatives, move away from MySJ deal\u201d dated April 18, 2022, EMIR Research recommend that the government put any deals with MySJ on hold until investigations by the PAC have concluded. <\/p>\n\n\n\n On April 23, CodeBlue reported that the PAC urged the government not to formalise its deals with MySJ before the tabling of the PAC\u2019s report in the Dewan Rakyat in July, and urged for the report to be debated by Members of Parliament for at least one day.<\/p>\n\n\n\n EMIR Research is glad that the PAC is echoing its call, but investigations must be comprehensive. Historical appointment and development mechanisms regarding the app are important to be elucidated, but there are many other questions. Also, it is likely more than one day will be needed to debate the topic.<\/p>\n\n\n\n At the moment, it is likely that the PAC has only scratched the surface of the scandal.<\/p>\n\n\n\n EMIR Research urges the PAC to ensure all questions raised by various parties are satisfactorily answered (in-depth and sufficiently backed up)<\/strong>, and if not, for the report to be tabled with a strong recommendation to halt deals with MySJ and for the setting up of an independent commission to carry out further investigations.<\/strong><\/p>\n\n\n\n Unexplainable Infatuation with MySJ<\/strong><\/p>\n\n\n\n The surprising role MySJ is playing as operator\/manager of the app without any publicly-known contracts in place indicates the government is adamant to move ahead with the MySejahtera application and continue dealing with MySJ, despite the ongoing investigations.<\/p>\n\n\n\n This is happening in the backdrop of mounting distrust over the app as evident through the plunging check-in rates nationwide despite increasing mobility, calls by certain quarters to delete MySejahtera, and various reports and publications surrounding the scandal by various parties.<\/p>\n\n\n\n The apparent \u201crush\u201d to finalise deals with MySJ is peculiar, and unbecoming of authorities who should be focusing on good governance and due process, particularly as Malaysia\u2019s transitioning into endemicity and relaxation of standard operating procedures provide the opportunity to move away from the app and therefore, MySJ.<\/p>\n\n\n\n The only speculative explanation is that MySJ is in a severe financial pressure, and is pushing for the deals to go through, no matter what. How can they not be, after committing to RM338.6 million licensing deal with Entomo?<\/p>\n\n\n\n Until investigations are over and concerns have been addressed (if ever), there would be decreasing use of the app, if not complete deletion by users. <\/p>\n\n\n\n This wouldn\u2019t solve previous concerns, and the government\u2019s requirement for check-ins and things such as vaccine certificates for international travels may \u201cforce\u201d the people to use the app, but perhaps it\u2019ll make MySJ\u2019s future business plans worth a lot less.<\/p>\n\n\n\n The authorities must understand that addressing the people\u2019s concerns and respect for proper governance is a priority over the so-called future modules of the MySejahtera app, which can always be developed later.<\/p>\n\n\n\n The Government Must Clean Up Its Own Mess<\/strong><\/p>\n\n\n\n Khairy was reported to have said \u201cIf we don\u2019t have MySejahtera, how can we monitor the condition of those under self-isolation at home? Maybe Utusan Malaysia has an app that we can use, I don\u2019t know,\u201d when commenting on Utusan Malaysia\u2019s<\/em> call for the deactivation\/deletion of the app.<\/p>\n\n\n\n Reasonings behind that call\u2014real concerns over data security and integrity, governance issues plaguing the MySejahtera scandal, usefulness in endemicity, and many other factors\u2014were met with an underserving sarcastic remark. <\/p>\n\n\n\n If the people don\u2019t trust MySejahtera because their concerns have not been addressed (faults on the part of the government)<\/strong>, issues such as \u201cmonitoring those under self-isolation\u201d or any other uses of the app are responsibilities that the government must bear. <\/p>\n\n\n\n If it requires using an alternative app, manual monitoring, dropping the need for check-ins etc. then these are the steps that must be done, at least until investigations are over and the scandal has been resolved. <\/p>\n\n\n\n These repercussions are of the government\u2019s own doing<\/strong>, and they must take full responsibility.<\/p>\n\n\n\n Dr Rais Hussin and Ameen Kamal are part of the research team of EMIR Research, an independent think tank focused on strategic policy recommendations based on rigorous research.<\/em><\/p>\n<\/div><\/div>\n<\/div><\/div>\n
![Business Today<\/a>.<\/em><\/p>\n\n\n\nWhen the authorities can\u2019t get their stories straight, they would be subjected to various presumptions\u2014 either it is a case of severe incompetence, or collusion<\/strong>. Both are possibilities are unacceptable.<\/p>\n\n\n\nThe Public Accounts Committee (PAC) Chairman reportedly pointed to a \u201cconfusion\u201d over the appointment of KPISoft (now known as Entomo) for the development of the MySejahtera application, based on responses the PAC received from the witnesses in a proceeding on April 21, involving senior officers from the National Security Council (NSC), the National Cyber Security Agency (NACSA), and the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU), as reported by health portal CodeBlue.<\/p>\n\n\n\nAs EMIR Research highlighted in earlier articles, even high-level officials from the Health Ministry and the Finance Ministry appear to have conflicting accounts on who appointed KPISoft. <\/p>\n\n\n\nIf the government does not even know who appointed KPISoft, perhaps it was too much to expect them to conduct the necessary due diligence to uncover the potential risks surrounding data ownership and the clear conflict of interests given questionable names appearing on the companies involved and across international borders.<\/p>\n\n\n\nEMIR Research has now published six articles on the MySejahtera debacle, alongside other organisations such as health portal CodeBlue which has been at the forefront of this scandal with numerous reports and investigations. <\/p>\n\n\n\nBut how has the government responded to these obvious red flags? <\/p>\n\n\n\nIn what appears to be complete defiance of public outcry and utmost disregard for strict governance standards<\/strong>, there has been:<\/p>\n\n\n\nSevere confusion<\/strong> in providing sufficient and consistent details for the investigation<\/strong> of serious governance concerns regarding the appointment of KPISoft. <\/li><\/ol>\n\n\n\nFor example, there is an unexplainable and unacceptable direct appointment of KPISoft in a contract-less \u201cCorporate Social Responsibility deal\u201d, with only a non-disclosure agreement to govern data ownership (which we know nothing about or if it is still legally enforced), which subsequently appear to have \u201ctrapped\u201d the government into having to deal with MySJ Sdn Bhd. <\/p>\n\n\n\nBaffling inconsistency on MySejahtera ownership<\/strong> status (app, data, platform), where statements from authorities keep changing. Initially, it was alluded that the government owns practically everything related to MySejahtera but then reported legal documents revealed a 3-way ownership split between the components related to the app which contradicts official statements. <\/li><\/ol>\n\n\n\nTotal silence<\/strong> regarding questionable individuals and governance red flags<\/strong> involved in the development of the MySejahtera app (KPISoft\/Entomo), and the people who own MySJ. <\/li><\/ol>\n\n\n\nEntomo reportedly sealed an exorbitant deal worth RM338.6 million with MySJ, making MySJ the effective “owner” of the MySejahtera app. Note that <\/strong>Entomo and MySJ share the same business address, and there are high-profile and potentially politically-linked individuals as directors in MySJ<\/strong>. There are also questionable and mysterious business figures, as reported by various sources.<\/p>\n\n\n\nMySJ will likely seek to recoup its large \u201cinvestment\u201d through lucrative and long-term deals with the government (which the government has no way of determining if the prices are fair given MySJ is the only option and will pay using public funds) or app features that require users to pay.<\/p>\n\n\n\nComplete downplay<\/strong> on the risk of foreign ownership as Entomo Malaysia is owned by Singapore-based Entomo Ptd Ltd, with corporate and private shareholders from various countries.<\/li><\/ol>\n\n\n\nAlthough Malaysians appear to hold the highest number of shares in DreamTeam Inc (which is the major shareholding company in Entomo Pte Ltd) ultimately there are other shareholders from other countries.<\/p>\n\n\n\nGrossly insufficient explanation <\/strong>to back up statements on personal data safety and integrity.<\/li><\/ol>\n\n\n\nThe government asserted that they own the data, but EMIR Research questions in prior articles on the exclusive accessibility to the database, and data security\/integrity prior to any contracts (aside from the NDA) were made (such as within the contract-less CSR period).<\/p>\n\n\n\nQuestions the PAC need to ask include the following:<\/p>\n\n\n\nWhen was the data started to be stored at AIMS Data Centre in Malaysia? If it didn\u2019t happen right at the start when KPISoft was directly appointed, where was the data stored before AIMS Data Centre? If it was initially stored in locations other than AIMS Data Centre, how was the transfer of data governed to ensure all data has been deleted from previous storage location, no copies have been made, or transferred elsewhere during the database migration without a contract to govern this transfer process ever being made?<\/strong><\/p>\n\n\n\nBased on the above points, it is clear that only forensic digital investigation or audit of the entire ecosystem surrounding how MySejahtera processes and stores information and accessibility of this information can provide some level of confidence<\/strong>. Even then, it is unlikely to bring trust levels on the app back to pre-scandal days. <\/p>\n\n\n\nQuestionable obscurity<\/strong> on deals with MySJ, such as not specifying what \u201cbelow RM300 million\u201d deal with MySJ really means in terms of the exact amount and what the deal is for.<\/li><\/ol>\n\n\n\nMost recently, and related to point number 5, Health Minister Khairy Jamaluddin reportedly said that the private entity MySJ has access to the database as the \u201cmanager\u201d of the app, subject to the supervisions of the Health Ministry. <\/p>\n\n\n\nKhairy previously referred to MySJ as the \u201coperator\u201d, but only said that the government is finalising a \u201cfar lower than RM300 million\u201d deal with MySJ. As far as publicly available reports go, EMIR Research is not aware of the existence of any contracts or formal deals made by the government with MySJ to appoint them as manager\/operator of the app. <\/p>\n\n\n\nThere are important questions to ask such as:<\/p>\n\n\n\nHas the government entered into some contract or understanding with MySJ for MySJ to become the manager\/operator? If so, why wasn\u2019t this made public and what is the government\u2019s cost of (directly) appointing MySJ as the operator\/manager? If it was only a deal to be a mere manager of the app, why was there no open tender? <\/p>\n\n\n\nEMIR Research understands that unless MySJ has sub-licensed their license to the MySejahtera app to other entities, then the government has no choice but to appoint MySJ as the manager\/operator. In this case MySJ is both owner and manager of the app. <\/p>\n\n\n\nThe government must exercise full transparency as the deal involves public funds, and the issue involves the personal data security of 38 million app users.<\/p>\n\n\n\nThe government\u2019s misplaced \u201crespect\u201d for the shareholders of MySJ (by brushing aside their ongoing disputes as something that does not concern the government, not addressing governance concerns, commercial red flags etc.) reflects how the government forgets the people as its true shareholders. <\/p>\n\n\n\nThe government should be reminded that it is to the people that the government is accountable\u2014not private entities or political masters.<\/p>\n\n\n\nThus, upholding proper governance and ensuring the interests of the people surpass any NDAs signed by the government with a (questionable) company with mere commercial interests. <\/p>\n\n\n\nIn the past article titled \u201cFind MySejahtera alternatives, move away from MySJ deal\u201d dated April 18, 2022, EMIR Research recommend that the government put any deals with MySJ on hold until investigations by the PAC have concluded. <\/p>\n\n\n\nOn April 23, CodeBlue reported that the PAC urged the government not to formalise its deals with MySJ before the tabling of the PAC\u2019s report in the Dewan Rakyat in July, and urged for the report to be debated by Members of Parliament for at least one day.<\/p>\n\n\n\nEMIR Research is glad that the PAC is echoing its call, but investigations must be comprehensive. Historical appointment and development mechanisms regarding the app are important to be elucidated, but there are many other questions. Also, it is likely more than one day will be needed to debate the topic.<\/p>\n\n\n\nAt the moment, it is likely that the PAC has only scratched the surface of the scandal.<\/p>\n\n\n\nEMIR Research urges the PAC to ensure all questions raised by various parties are satisfactorily answered (in-depth and sufficiently backed up)<\/strong>, and if not, for the report to be tabled with a strong recommendation to halt deals with MySJ and for the setting up of an independent commission to carry out further investigations.<\/strong><\/p>\n\n\n\nUnexplainable Infatuation with MySJ<\/strong><\/p>\n\n\n\nThe surprising role MySJ is playing as operator\/manager of the app without any publicly-known contracts in place indicates the government is adamant to move ahead with the MySejahtera application and continue dealing with MySJ, despite the ongoing investigations.<\/p>\n\n\n\nThis is happening in the backdrop of mounting distrust over the app as evident through the plunging check-in rates nationwide despite increasing mobility, calls by certain quarters to delete MySejahtera, and various reports and publications surrounding the scandal by various parties.<\/p>\n\n\n\nThe apparent \u201crush\u201d to finalise deals with MySJ is peculiar, and unbecoming of authorities who should be focusing on good governance and due process, particularly as Malaysia\u2019s transitioning into endemicity and relaxation of standard operating procedures provide the opportunity to move away from the app and therefore, MySJ.<\/p>\n\n\n\nThe only speculative explanation is that MySJ is in a severe financial pressure, and is pushing for the deals to go through, no matter what. How can they not be, after committing to RM338.6 million licensing deal with Entomo?<\/p>\n\n\n\nUntil investigations are over and concerns have been addressed (if ever), there would be decreasing use of the app, if not complete deletion by users. <\/p>\n\n\n\nThis wouldn\u2019t solve previous concerns, and the government\u2019s requirement for check-ins and things such as vaccine certificates for international travels may \u201cforce\u201d the people to use the app, but perhaps it\u2019ll make MySJ\u2019s future business plans worth a lot less.<\/p>\n\n\n\nThe authorities must understand that addressing the people\u2019s concerns and respect for proper governance is a priority over the so-called future modules of the MySejahtera app, which can always be developed later.<\/p>\n\n\n\nThe Government Must Clean Up Its Own Mess<\/strong><\/p>\n\n\n\nKhairy was reported to have said \u201cIf we don\u2019t have MySejahtera, how can we monitor the condition of those under self-isolation at home? Maybe Utusan Malaysia has an app that we can use, I don\u2019t know,\u201d when commenting on Utusan Malaysia\u2019s<\/em> call for the deactivation\/deletion of the app.<\/p>\n\n\n\nReasonings behind that call\u2014real concerns over data security and integrity, governance issues plaguing the MySejahtera scandal, usefulness in endemicity, and many other factors\u2014were met with an underserving sarcastic remark. <\/p>\n\n\n\nIf the people don\u2019t trust MySejahtera because their concerns have not been addressed (faults on the part of the government)<\/strong>, issues such as \u201cmonitoring those under self-isolation\u201d or any other uses of the app are responsibilities that the government must bear. <\/p>\n\n\n\nIf it requires using an alternative app, manual monitoring, dropping the need for check-ins etc. then these are the steps that must be done, at least until investigations are over and the scandal has been resolved. <\/p>\n\n\n\nThese repercussions are of the government\u2019s own doing<\/strong>, and they must take full responsibility.<\/p>\n\n\n\nDr Rais Hussin and Ameen Kamal are part of the research team of EMIR Research, an independent think tank focused on strategic policy recommendations based on rigorous research.<\/em><\/p>\n<\/div><\/div>\n<\/div><\/div>\n](\"https:\/\/www.businesstoday.com.my\/wp-content\/uploads\/2022\/02\/Minister-of-health-Khairy-e1644490095627-945x420.jpg\"){kind=link}