![Gossip Lanka News [English]](https://blogger.googleusercontent.com/img/a/AVvXsEhYm2aFFq-bIW1nWX-RrqnPFoIsVos6_VCVz8BpLt0QJi55GNXHXC2fugeRvL0qUStEuCfs7Sfu6ZiSlhrkldxfGuE_wzy5gitY6rMZ2KSi8VBbGvkgXLks37RwZV-4-HKbWiNLRxB8C_r1e4z3mpxFTMPDJPEADoG8E-bZteWFipeD5KNGbjvCfqEfKw=s300 "Gossip Lanka News [English]")
The Cabinet this week instructed the Department of Immigration and Emigration to immediately cancel the ongoing procurement process for the personalization of e-passports. The tender also included the Public Key Infrastructure (PKI), which is the cryptographic security framework that protects data on the microchip of new e-passports, and an issuance system.
Previously, the Ministry of Public Security had recommended awarding this lucrative tender to Thales DIS Finland Oy and Just in Time (JIT), a French and Sri Lankan partnership company. Under this proposed project, 3.15 million e-passports were to be personalized with biometrics and biodata over the next few years. However, the Controller General of Immigration and Emigration informed the relevant tenderers in writing last Friday that, by order of the Cabinet, the procurement process has been terminated with immediate effect without stating any reason. Nevertheless, an analysis of this procurement structure revealed that experts had warned of a "vendor lock-in trap" that could lead to taxpayers losing an enormous amount of money through non-negotiable fees in the future.
According to this proposed tender, Thales was to install and maintain the relevant IT infrastructure at its initial cost, with plans to recover these costs through a fee of EUR 1.04 and a monthly fee of LKR 302.23 for each passport printed. Furthermore, the government had agreed to be contractually bound to pay for a minimum of 60,000 passports per month. After five years or upon reaching the limit of 3.15 million passports, the ownership of this specialized hardware was to be transferred to the Department of Immigration and Emigration.
However, an analysis of this procurement structure previously revealed a serious risk of a vendor lock-in trap. Even if the ownership of the hardware was transferred to the department after the term expired, without the necessary software to operate the PKI system, the machines would become unusable. Specifically, due to the Department of Immigration and Emigration's failure to limit or request pricing for software license renewals after the contract during the competitive bidding phase, the full power to determine prices was to rest with the vendor.
In addition, the government would also have to pay commercial license renewal fees for Oracle, Microsoft, and antivirus software to operate the core servers. Since these long-term software requirements were not included in the initial cost evaluation, an official familiar with the matter pointed out that the actual cost to taxpayers could be millions higher than the initial contract price.
He further emphasized that since this system relied heavily on proprietary software, when purchasing such complex IT systems, it is crucial to secure long-term rights for the software and have a proper exit strategy instead of merely taking over hardware without financial assurance. However, it has not yet been revealed when this tender will be re-issued.