Auditor-General Karen Hogan will deliver her much anticipated audit report Monday into the behind-the-scenes events surrounding ArriveCan, providing the most detailed look yet into how the cost of the federal government’s smartphone app for international travellers grew from an initial $80,000 to in excess of $54-million.
Since the price was first reported by The Globe and Mail 16 months ago, numerous reviews and committee hearings have raised broader questions about how Ottawa oversees the billions of dollars it spends each year on technology-related outsourcing.
The fallout has included dramatic scenes in which senior federal public servants have publicly accused each other of lying over how a two-person home-based business called GCStrategies was selected as the main company to receive millions of dollars in outsourcing contracts to build the app.
On Wednesday, Liberal, Bloc Québécois and NDP MPs suddenly suspended parliamentary hearings related to ArriveCan and contracting misconduct allegations after reading what one Liberal described as a “scary” secret preliminary report by a federal investigator about allegations involving people with connections to the app.
The debate has also focused on the government’s heavy use of three IT staffing firms – GCStrategies, Coradix and Dalian – that have collectively won nearly half a billion dollars in federal IT contracts over the past decade, but do little or no work themselves. Instead, they hire private subcontractors to do the work in exchange for substantial commissions.
Aaron Snow, the former chief executive of a federal government team called the Canadian Digital Service that aims to promote in-house capacity on IT matters, told The Globe that he hopes the report promotes discussion about the broader issues in how Ottawa buys outside technological help.
Mr. Snow is now a faculty fellow at Georgetown University’s Beeck Center for Social Impact and Innovation. In an interview, he said that in his view, Ottawa should increase the share of IT work performed by government employees and reduce its reliance on outside contractors.
“The balance is off,” he said, adding that there’s a role for outsourcing to address short-term needs, but software should be viewed as a core competency of the federal government. “We’ve been, in my opinion, way too comfortable handing way too much of that off to outside parties.”
He also said the federal government needs to do a better job through training and hiring to ensure that senior decision makers have the technological knowledge required to know when they are getting a fair deal from suppliers.
“I think there’s still a fair amount of acceptance of, I think, a broken idea, which is that it’s okay for people to rise to the top of government service without having an understanding of how technology and software work and are developed and maintained. I think that’s dangerous.”
Ahead of Monday’s report, here is a breakdown of the key issues at play.
What is ArriveCan?
ArriveCan is a federal government smartphone app that was quickly developed and launched in early 2020 at the onset of the COVID-19 pandemic. It could be used to upload vaccination status and other information in an effort to streamline processing at border crossings.
The project was led by the Canada Border Services Agency. The CBSA has said the app initially cost $80,000 to create, but the price escalated in step with numerous updates connected to evolving health restrictions.
The app is no longer mandatory as of Sept. 30, 2022, but remains a voluntary option.
What were the issues with ArriveCan?
During the summer of 2022, technical problems led the app to send erroneous orders to more than 10,000 Canadians to quarantine under threat of heavy fines. An investigation by Privacy Commissioner Philippe Dufresne concluded last year that the situation violated the Privacy Act.
After The Globe reported on the cost of the app in October, 2022, private-sector technology leaders strongly condemned the amount as excessive and outrageous. Two Canadian tech companies went as far as organizing hackathons to recreate clones of the app over a weekend to illustrate their point.
As the media and MPs asked for more information about ArriveCan spending and related contracts, the CBSA provided Parliament with erroneous information. For instance, the president of Canadian technology company ThinkOn was surprised to see the agency report that his company had received $1.2-million to work on the app, when it did not. The agency later corrected the information.
What are the allegations related to contracting misconduct?
On Oct. 4, 2023, the Globe reported the RCMP is investigating allegations of contracting-related misconduct involving an outsourced IT project at the Canada Border Services Agency.
Ritika Dutt and Amir Morv, the two co-founders of Montreal software company Botler, who had performed work for the agency, submitted a detailed written report to the agency leadership in November, 2022, warning about improper contracting practices, inflated résumés and cozy relationships between the public service and private consultants.
In response, the CBSA launched internal investigations and audits and referred the allegations to the RCMP.
Botler did not work on ArriveCan, but the co-founders interacted with private contractors and public servants who did. The Botler project was funded through layers of subcontracting that ultimately trace back to a large contract for IT services that was also used for ArriveCan. The RCMP has said it is investigating the Botler-related allegations. It has not said it is investigating ArriveCan.
Botler was first approached to work with the CBSA by Kristian Firth, the managing partner of GCStrategies.
When called to appear before the Commons government operations committee, Mr. Firth told MPs that he personally submitted inflated work experience records as part of the contracting application process. He called it a “regrettable mistake.”
Which companies received the most contract work on ArriveCan?
Members of Parliament on the government operations committee have been focusing on the layers of contracting and subcontracting that were used on the app project.
There has been particular scrutiny on GCStrategies, which received about $11-million to work on the app – more than any other company.
The CBSA’s ArriveCan team also relied on Coradix and Dalian, two Ottawa-based IT staffing companies that regularly work together as a joint venture. Dalian has also said it has just two employees, while Coradix has said it has more than 40 employees.
Since 2017, GCStrategies has received $59-million in federal funding. And over the past 10 years, Coradix and Dalian have received a combined $411-million.
In November, the CBSA announced that it was temporarily suspending all agency contracts with three IT staffing firms that are the subject of contracting misconduct complaints.
What can be expected from Monday’s Auditor-General’s report?
Shortly after The Globe’s October, 2022, report on the cost of the app, the House of Commons voted in favour of a motion from Conservative Leader Pierre Poilievre – over the objections of Liberal and Green Party MPs – that called on the Auditor-General “to conduct a performance audit, including the payments, contracts and sub-contracts for all aspects of the ArriveCAN app, and to prioritize this investigation.”
Ms. Hogan agreed to the request and that is the report that will be tabled Monday.
The Auditor-General was on the verge of wrapping up her report late last year, but extended the study after The Globe published the new information in October, 2023, about Botler’s contracting misconduct allegations and the related RCMP investigation.
Ms. Hogan told MPs in October that she only learned of the RCMP investigation by reading about it in The Globe.
“Through the course of our audit, we always ask questions linked to actual, suspected or alleged fraud. And we would expect that there’s an ongoing responsibility for officials to keep us informed of any matters that are relevant to the subject that we are auditing. And so I am disappointed that they did not tell us,” she said.
CBSA president Erin O’Gorman told MPs last month that she should have told the Auditor-General’s team about the police investigation.
“That was my decision not to provide that to the Auditor-General at the time, because the allegations related to another contract. In hindsight, I recognize that they were the same individuals and they were the same company. I probably ought to have informed them of that, including the caveat that we knew nothing further,” she said.
What has been discovered to date?
Late last month, Procurement Ombudsman Alexander Jeglic released a report into ArriveCan. He found that outsourcing companies repeatedly won contracts by listing subcontractors who ultimately did no work.
The report also said the government used criteria that “were overly restrictive and favoured” GCStrategies, resulting in the company winning a competition for a $25-million general IT services contract after no other bids were submitted.
Mr. Jeglic told MPs that the state of the federal procurement system is such that it has created a market for such intermediaries.
“The complexity of the procurement animal is so great that you do have entities that exist only for helping other firms comply with the set of regulations,” he said.
Meanwhile, CBSA internal investigator Michel Lafleur provided Ms. O’Gorman with a preliminary statement of fact on Dec. 19 related to his unfinished review into the allegations first raised by Botler. Ms. O’Gorman has told MPs that she shared that report with the heads of Health Canada and the Canada Revenue Agency.
Ms. O’Gorman told MPs that the preliminary review has found e-mails that show efforts to circumvent or ignore procurement rules.
“It’s not clear to me that what was happening was appropriate. In fact, it appears to be inappropriate,” she said.
Then in January, Health Canada assistant deputy minister Cameron MacDonald and Canada Revenue Agency director-general Antonio Utano were suspended without pay in connection with the CBSA’s review of misconduct allegations.
The two men previously worked together on ArriveCan at the CBSA and interacted with Mr. Firth of GCStrategies. Documents show Mr. Firth invited them to a virtual whiskey tasting to celebrate the app’s one-year anniversary. They deny any wrongdoing. Through their lawyer, they say they are being targeted because they publicly criticized their former superiors at the CBSA.
At a committee appearance in November, Mr. MacDonald told MPs that former CBSA vice-president Minh Doan had lied to them about how the agency selected GCStrategies to work on ArriveCan. He also accused Mr. Doan, who is now the chief technology officer for the federal government, of threatening him. Mr. Doan has rejected Mr. MacDonald’s version of events.
MPs on the government operations committee were provided confidential copies of the CBSA’s preliminary report, which has not been made public.
On Wednesday, Liberal, Bloc Québécois and NDP MPs voted to suspend any further questioning of Mr. Lafleur and said additional hearings may not be appropriate in light of what they read in the report.
Liberal MP and committee vice-chair Majid Jowhari described the report’s contents as “scary” and said further hearings would be a disservice to justice.
Chris Spiteri, a lawyer representing Mr. MacDonald and Mr. Utano, said in an e-mail that Mr. Lafleur’s preliminary report is “nothing but a heap of baseless accusations supported by manipulated cherry picked emails and calendar entries.”
Donald Savoie, the Canada Research Chair in public administration and governance at the University of Moncton, said the ArriveCan case and the related hearings have spurred a much-needed discussion about the role and size of the federal public service and the appropriate use of outsourcing.
“Finally we’re going to be talking about an issue that we should have been talking about over the past 20 years,” he said.