Privacy Issues With MySejahtera — George Mathews

The Health Ministry should be transparent about what kind of data is actually being collected from MySejahtera.

Malaysian Health Director-General Dr Noor Hisham Abdullah has assured Malaysians that the MySejahtera contract tracing app is being used responsibly.

The app comes under the watch of the Health Ministry and he has said that they do not share information with any third parties that are not relevant (not even the individual states who actually need the information!).

This, of course, comes in the wake of the 400 missing Medan 88 residents in Sepang who apparently decided not to return after finding out that their area was to be put under the enhanced movement control order (MCO). Noor Hisham denied that the MySejahtera app was used to track these people.

He has continued to stress that the app is only used for contact tracing when a positive case has been found in an area and when they need to get in touch with all the others who would be at risk for testing.

Noor Hisham has been a beacon of light during this pandemic and he has gained a lot of respect from Malaysians. Deservedly, I would say. However, just because he is the spokesperson to vouch for the responsible use of the app, doesn’t make me and many Malaysians anymore confident that the data gathered from the app will not be misused or abused.

I have had doubts about the invasion of our privacy and individual rights since the start of the first MCO in March.

I understand the need for contact tracing in this pandemic. I realise the importance of it and I willingly record my own and my family’s details whenever we go anywhere.

But I think that the authorities and the government may just be pushing the pandemic excuse a little bit too far with what they think they can get away with.

Earlier in the year, it was not wanting to proceed with parliamentary sessions because they said it was too risky. But the country needs to be governed and eventually, it went on with strict guidelines being imposed.

Then, they wanted to call for an unnecessary national emergency. Thank God that wasn’t approved by the Yang di-Pertuan Agong.

And now issues about the MySejahtera app have come to light. A regular reader and subscriber of my YouTube channel brought something to my attention just a few days ago. She had sent me a link to a website called Exodus Privacy.

Exodus Privacy is a French non-profit research centre and works in collaboration with Yale University’s Privacy Lab. They aim to create cybersecurity awareness, especially when it comes to privacy and unethical data collection through the Internet.

You can visit the website, key in the name of an app and Exodus Privacy will audit and analyse it.

I typed in “MySejahtera” and quite a detailed report came out stating the kind of data that the app collects that I wasn’t even aware of.

According to Exodus Privacy, MySejahtera collects a lot of location data which is expected from a contact tracing app. But, there is a slew of different capabilities that is very much of a concern, such as:

  • Pair with Bluetooth devices
  • Directly call phone numbers
  • Find accounts on your phone
  • Read your contacts
  • Read the contents of any external storage on your phone like SD cards
  • Modify or delete the contents of your SD cards
  • Prevent phone from sleeping
  • Modify your contacts

I don’t know about you but this is definitely something that I feel is a misuse and abuse of the app. If MySejahtera is only being used for what the Health DG says it is being used for, then it would be just fine for the app to collect the relevant data. But what are all these extra frills that we were not made aware of?

Should we be trusting the authorities with all this data just because they say that they won’t abuse it? I am very sceptical.

It’s just like listening to the government say that they won’t abolish the Sedition Act but will not act on it. Or, they won’t amend the Finas Act but they just won’t act on it when it comes to YouTubers and social media users.

The fact of the matter is, the archaic acts and laws are there and if those in power ever want to use it, they could and it would be entirely legal, even if they initially said they wouldn’t act on it. I find this very manipulative and sneaky. If they aren’t going to abuse it, then just don’t have it in the first place. Easy as that.

Now back to the issue of MySejahtera and our privacy. I would suggest that the Health Ministry be transparent about it.

Tell the public what kind of data is actually being collected. Have clear terms and conditions agreement that users will have to read through and agree if they want to use the app. And it shouldn’t be in legalese like what they have on Facebook and Instagram.

I’m sure Malaysians are more than willing to follow the proper standard operating procedures and guidelines. We all are in this together and want to stop Covid-19, or at least get it under control. But let’s do it together — ethically and transparently — where we can all trust each other.

A pandemic is no reason to abuse power.

  • This is the personal opinion of the writer or publication and does not necessarily represent the views of CodeBlue.

You may also like