In Malaysia, a Covid-19 tracing application causes a scandal

It’s a catchphrase that resonates more and more in Malaysia: “If it’s free you are the product”. But for several weeks, the “you” seems important since it could designate both the Malaysian state and its citizens.

It all started at the end of March when Malaysia discovered, through legal documents consulted by the CodeBlue site, that a private company had transferred the license and intellectual property of “My Sejahtera”, a mobile application developed by the Malaysian government to help to trace Covid-19 patients, to another company, for 73 million euros. The authorities would, in fact, never have owned the application, then reveal various press titles in the country.

To understand how Malaysia arrived, two years after the first confinement, at such a situation, we must put ourselves in the context of the beginnings of the pandemic. In this Southeast Asian country, as everywhere else, a wave of panic and a call for solidarity are then in order. In this climate, a company offers the government to use the application it has created to fight the spread of Covid-19, free of charge for one year by asserting its corporate social responsibility (CSR).

The government accepts, and this initial gratuity allows the company not to be subject to the laws in force for public orders which normally require a call for tenders. After this initial free period, “My Sejahtera” then becomes the object of great financial greed and its intellectual property and its license sell for exorbitant prices.

A way of proceeding which seems far from being an isolated case for Khairil Yusof of the Sinar Project, a Malaysian NGO specializing in issues of transparency in political life. “Public procurement in the field of information technology represents several billion dollars in most countries. So they’re valuable because for most private companies it’s hard to get a million or millions of customers like that, but if you can sell your product to a government, then you can have the whole the population as customers”he says.

And Khairil Yusof thus continues his demonstration : “Many companies, such as Microsoft, have been able to approach a government by offering, for example, a free copy of Microsoft Windows and Microsoft Office for the first two years, and after this period, announce to the government that it is now necessary to pay for the license that each official uses.”

In France, Microsoft had precisely been in the crosshairs of certain unions and defenders of the use of free software, in 2015, after a “sponsorship offer“which they claim concealed a public contract that should have been put out to tender. More recently, the Senate’s report on the influence of political consulting firms pointed to how some private companies put “foot in the door” administrations with “pro bono services”.

Last year, finally, the financial prosecutor’s office opened an investigation for “favoritism“targeting private companies that have worked on StopCovid, the application that later became TousAntiCovid. Among them are, for example, the consulting firm Capgemini, a subsidiary of the Dassault group. They too initially worked for free to develop the application, but its operation and maintenance were then invoiced for a cost “between 200,000 and 300,000 euros per month“, according to revelations from The Obs.

In Malaysia, in addition to the financial aspect, the growing scandal around the anti-Covid application also raises more and more questions about the protection of privacy and the possible future uses of these. While the government continues to ensure that Malaysians’ data is protected and deleted every three months, both the opposition and the press wonder if the important place that private actors have won in the fight against covid does not weaken security. personal information.

However, the data collected in times of pandemic are particularly sensitive, reminds Khairil Yusof: “It’s not just an email address, which you can easily change if ever you’re hacked. With anti-Covid applications, personal data is first of all extremely numerous, and, secondly, concerns medical data, considered all over the world as very confidential. However, these data are often impossible to change. If we take even a simple address: you are not going to move, especially if you are owners if ever there is a piracy.

Finally, the final question raised by some Malaysian observers: why a private company bought the license for their anti-covid application for five years, when the government assures him that the Covid has entered an endemic phase and that the restrictions are gradually being reduced. slightly lifted? The answer may lie in statements from the local Ministry of Health that said they were considering using the app’s data for other purposes, such as fighting other diseases like cancer. If that were the case, the application would not even have to change its name, because while, in many countries, applications launched in times of pandemic explicitly mention the Covid in their name, “My Sejahtera” simply wants say “My serenity” in Malaysian.

A choice that remains very ironic in view of the panic aroused by the revelations of recent weeks, with hashtags calling on Internet users to delete the application from their phones, and the beginning of a boycott of it. In a few weeks, the number of QR codes scanned on the application to enter somewhere has dropped by 21%. Regularly questioned about “My Sejahtera”, the Malaysian Minister of Health has announced that he is thinking about abandoning these QR codes but continues to ensure that his ministry is the owner of the application, despite the legal documents leaked in the press indicating otherwise.


source site-26

Latest