April 14, 2022
Parliament’s Public Accounts Committee (PAC) today heard testimony, on its first day of investigations into MySejahtera, about the development, ownership, and security of personal data on the Covid-19 app.
Today’s proceedings of over three hours, which saw PAC questioning Health Minister Khairy Jamaluddin and Finance Minister Tengku Zafrul Aziz, also discussed the status of the government’s directly awarded contract without open tender to MySJ Sdn Bhd over MySejahtera.
“A few questions were raised. [Firstly], on the development of MySejahtera by way of CSR (corporate social responsibility), the background and so on. Number two, touching on the question of ownership of the app – who actually owns ownership [of] the IP (intellectual property), modules, source code, data, everything,” PAC chairman Wong Kah Woh told CodeBlue, when met in Parliament after the PAC’s proceedings.
“Number three, the facts divulged from the court cases filed by the respective [MySJ] shareholders – some fact-checking, the time chronology. The most important part is the protection of the data – what is the commitment of the government?
“And finally, the status of the award of the contract to MySJ Sdn Bhd.”
Wong said in a media statement later that the PAC today touched on the award of the MySejahtera app development “contract” to KPISoft Sdn Bhd (now Entomo Malaysia Sdn Bhd) and the companies involved in MySejahtera — MySJ, KPISoft, and other entities in court disputes between MySJ shareholders.
All of PAC’s proceedings, including the Dewan Rakyat committee’s current inquiry into MySejahtera, are closed-door and protected under the Official Secrets Act (OSA) 1972, unlike the United Kingdom’s Parliament that broadcasts its parliamentary committee hearings.
Wong also told CodeBlue that the Ministry of Health (MOH) cooperated in furnishing the PAC with all the documents requested in its MySejahtera investigation. Khairy previously cited an April 1, 2020 non-disclosure agreement (NDA) between the National Security Council (MKN) and KPISoft Malaysia.
The Ipoh Timur MP said the PAC will next summon officials from MKN, the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU), and the National Cyber Security Agency (NACSA) on April 21 for their testimony in the MySejahtera inquiry. All three government agencies are under the Prime Minister’s Department.
“That will be particularly on the appointment of KPISoft Sdn Bhd back in March 2020 by way of CSR,” Wong said.
“At that time, everything was still under MKN. So we’ll find out from there and we’ll see whether to conclude or to call all witnesses.”
Most of today’s PAC proceedings of over three hours heard testimony from Khairy, as Zafrul left earlier after about an hour for another meeting, according to Wong, who said that the hearing was also attended by Treasury secretary-general Asri Hamidon, MOH secretary-general Harjeet Singh Hardev Singh, and senior officials from MOH and the Ministry of Finance.
Khairy said the PAC had asked “everything related to MySejahtera”, and that he had also briefed the committee about MOH’s future plans for the Covid-19 app with 38 million registered users.
He added that after Zafrul left, he took the rest of the meeting together with Asri.
“I was transparent with my testimony. I didn’t hide anything. All the documents were shared with them,” Khairy told CodeBlue and The Edge when met after the PAC’s hearing.
MySejahtera check-ins across the country fell 30 per cent from March 25 to April 9, amid public distrust and concerns over ownership of the app that was developed without a contract with the government, its links to a Singaporean company that fully owns Entomo Malaysia, and security of the massive amounts of personal data, including medical and health information and check-ins to public premises, collected by the Covid-19 app.