PAC: Government ‘Confused’ About Who Appointed KPISoft For MySejahtera

The PAC says there was no letter of appointment for KPISoft Malaysia Sdn Bhd to develop the MySejahtera app, nor was there a contract signed between the company and the government.

KUALA LUMPUR, April 21 – The government’s appointment of KPISoft Malaysia Sdn Bhd (now Entomo Malaysia Sdn Bhd) as vendor to develop MySejahtera remains a mystery to the health and finance ministers and federal officials who testified to Parliament’s Public Accounts Committee (PAC).

PAC chairman Wong Kah Woh told CodeBlue and The Edge, when met in Parliament after today’s proceedings of over three hours, that the government is “confused” about how KPISoft came to be the developer of the ubiquitous Covid-19 app that was launched in April 2020. 

“What I can say after the two-week proceeding is that the government itself is confused as to who made the decision – who has actually, the body that made the decision for the appointment (of KPISoft).

“And what I can say is the documentation, records for the appointment are (also) not clear – there is no contract. Apart from the non-disclosure agreement (NDA) signed between the government and KPISoft, there is no other contract signed after two years,” Wong said. “There’s no formal agreement entered, apart from the NDA.”

Wong said the NDA was signed between the National Security Council (MKN), on behalf of the government, and the vendor company, KPISoft. “But that is only an NDA of the data but they never, I mean, the proper contract wasn’t signed at all,” Wong said.

Wong, who is Ipoh Timur MP, described government documentation of the MySejahtera deal as “weak” and later confirmed there was not even a letter of appointment for KPISoft to create the national security app that has been used over the past two years to control the Covid-19 pandemic and to host the nation’s personal and medical data.

“Not to say nobody (in government) knows (about KPISoft’s appointment), but everyone was just taking it like, ‘Oh look, now this company came in’. So they have meetings, they endorse, which we think [sic]…

“Okay, to the question on which government body or which government agency actually endorsed the appointment of KPISoft, on this part, I can say the witnesses that came last week and this week, they were unable to ascertain and [were] confused,” Wong said.

Today’s PAC proceeding on MySejahtera saw PAC questioning top officials from three agencies under the Prime Minister’s Department – namely, MKN, the National Cyber Security Agency (NACSA), and the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU).

The PAC last week heard testimonies from Health Minister Khairy Jamaluddin and Finance Minister Tengku Zafrul Aziz, the first to testify in the PAC’s investigation on the procurement and development of MySejahtera.

“When there is a government appointment, definitely, you will need to have a proper contract to lay down the terms – what is the government supposed to do, what is the vendor supposed to do, and what are the costs to be involved – that is the most important thing. 

“And now you can see, the government is still talking about they are in the midst of negotiating the price with the vendor and this is something that shouldn’t happen at all. You want to finalise it, you finalise it from Day One,” Wong said.

He noted, however, that “urgent circumstances” do warrant a quick and fast appointment of government vendors, subject to fulfilment of certain requirements.

Wong said he would need to go through the documents obtained before deciding whether the PAC would next summon the directors and officers of Entomo Malaysia, which is fully owned by Singapore-based Entomo Pte Ltd, and MySJ Sdn Bhd, a separate company that is currently negotiating with the Ministry of Health (MOH) on MySejahtera.

“It depends. I need to go through all the documents that we’ve obtained first lah – quite a lot of things that we have asked for these two weeks,” Wong said.

The MySejahtera app with some 47 million registered users and 29 million active users, according to MySJ chief executive officer designate Aiza Azreen Ahmad, contains not just one’s personal information, but also private medical information including health data, Covid-19 risk status, and Covid-19 vaccination status, as well as visits to public premises from government-mandated check-ins on the app used for contact tracing.

MySejahtera has been engulfed in controversy after the PAC’s report raised last month the lack of a contract between the government and KPISoft Malaysia, and Cabinet’s approval of direct negotiations for a new company, MySJ, for the app. KPISoft Malaysia created MySejahtera for the Malaysian government for free initially in a one-year corporate social responsibility (CSR) initiative until end March 2021.

Although the government claims ownership over the huge MySejahtera database, Aiza’s public Facebook posts and tweets indicate MySJ’s access to the database via MySejahtera user support, and potentially the company’s ability to change records on the MySejahtera database – even though MOH has yet to sign a formal agreement with MySJ for the app. 

MOH also never announced that Aiza’s social media accounts are part of the MySejahtera help desk, despite informally authorising the MySJ representative to approach MySejahtera users to “DM” (direct message) her personal Facebook and Twitter accounts their MySejahtera IDs (phone number or email address) and private medical information like screenshots of Covid-19 vaccine certificates. 

You may also like