Govt Stuck Due To Csr Over Mysejahtera Pac Told

---

PARLIAMENT | Putrajaya was "stuck" with an RM196 million bill for the MySejahtera smartphone application even though it was started off as corporate social responsibility (CSR) initiative.
Health Minister Khairy Jamaluddin told the Public Accounts Committee (PAC) that initially, the application vendor KPISoft Sdn Bhd was given a limited scope to build the application that contained features for self-monitoring, contact tracing and individual information.
Khairy explained that as the pandemic unfolded, new features had to be added to MySejahtera, involving 300 back-end builds and 53 mobile builds over two years.
"We didn't have time to conduct an open tender for a new application. We were stuck already with MySejahtera because of CSR.
"That is something you have to ask the National Security Council. We had the CSR. I don't know what the intentions were, but it was already there," said Khairy.
Rush to launch
MySejahtera was launched in April 2020 as a contact tracing application during the early stages of the pandemic to identify and isolate those with Covid-19.
At the time, the health minister was Dr Adham Baba, who was also a member of the National Security Council - a powerful body that decided on most of the Covid-19 protocols at the time.
Subsequently, the government used MySejahtera for Covid-19 vaccination appointments and records. It was also mandatory to use MySejathera's "check-in" function when leaving home. Later iterations saw the inclusion of proximity sensing through Bluetooth (MySJ Trace).
Health Minister Khairy JamaluddinKhairy became the health minister in August 2021. By then, the government had already committed to paying KPISoft - by that time known as Entomo - RM196 million from April 1, 2021, to the end of 2023 to run the application.
MySejahtera came under the spotlight early this year when several companies sued MySJ Sdn Bhd - the company that "bought" the MySejahtera application from KPISoft.
This led to fears that MySejahtera's data - reportedly involving 38 million users - was at risk of state-sanctioned commodification and thus privacy breaches.
No contract, initially
The PAC concluded that there were no minutes or documents that would have normally preceded the appointment of a vendor.
"Witnesses could not answer clearly who approved KPISoft (as the vendor) or which meeting where the appointment took place," said the PAC in its report.
The only document which could tie the government to KPISoft was a
(NDA) signed on April 1, 2020. The application was rolled out three weeks later.
Among other main clauses in the NDA was that the government had full and exclusive rights to all data collected through the MySejahtera application.
On March 31, 2021, the cabinet decided to maintain the MySejahtera application, setting in motion an attempt to negotiate a deal with MySJ Sdn Bhd (the then owner of the application).
The Finance Ministry finally greenlit the deal in February this year.
The PAC argued that the MySejahtera developers had succeeded in securing a massive government contract, without first having gone through the rigours of a normal procurement process, by pitching a "CSR" initiative.
No commercialisation
The PAC was told that KPISoft set up MySJ Sdn Bhd as a "special purpose vehicle" towards the end of the "CSR" period.
According to National Cyber Security Agency senior principal assistant director Shariffah Rashidah Syed Othman's testimony, a pitch by KPISoft included "exclusive service provision of MySejahtera and the three new commercial components" for the application.
On Nov 10, 2020, KPISoft had written a proposal to the National Security Council in which the firm had proposed that it be allowed to commercialise MySejahtera.
In exchange, the government would not have to pay to continue using MySejahtera.
Among others, KPISoft promised MySejahtera to maintain because of "digital healthcare", "digital commerce" and "digital payments".
Khairy told the PAC that the proposal was rejected by the Malaysian Administrative Modernisation and Management Planning Unit (Mampu), Health Ministry and the Science, Technology and Innovation Ministry (Mosti).
"Initially, they wanted to take the data and commercialise it to pay for their services. However, MOH, Mampu and Mosti said this was sensitive data involving the rakyat and could not be commercialised.
"Therefore, this proposal died there," Khairy said.
The PAC said in its report that the proposal by KPISoft indicated that the data collected by MySejahtera was very valuable.
"The government's decision to reject the proposal was appropriate to protect the data privacy of the users," said the PAC. - Mkini

---