A new law passed by the Kazakhstani government requires all telecom operators in the country to install a national security certificate on all devises, and will be in effect from January 1. 2016. This certificate will allow the government to monitor all encrypted web traffic going in and out of the country.
The interception of encrypted web content will give government officials an opportunity to not only monitor, but also block digital content, leaving users constrained and surveilled. According to a news release by Kazakhstan’s dominating telecommunications company Kazakhtelecom “telecom operators are obliged to perform traffic pass with using protocols, that support coding using security certificate, except traffic, coded by means of cryptographic information protection on the territory of the Republic of Kazakhstan. The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.”
The government will provide detailed information on how each private person can install the “security certificate” on their stationary and mobile devices, and forcing Kazakhtelecom to monitor and keep a record over those who have not done this by January. They are marketing this move as a way to protect the citizens from foreign internet resources.
Government officials are using a hacking technique called Man-in-the-Middle, which is used by numerous hackers, in order to force the private internet activity to go through another server run by the perpetrators. By using this same technique, the Kazakhstani government are able to store information about people’s passwords, intimate information such as payment details, and they will also have the power to block and censor content before people can access them. This very same technique is often used by corporations and schools, making sure that the workers and pupils do not have access to certain sites.
This new mandate is all part of the Kazakhstani government’s effort to isolate and control the information going in and out of the country, and according to a Human Rights Watch representative, they have been blocking websites, banning newspapers and attacking journalists since 2012.
Many issues can arise from this sort of enforced “security certificate”, and many experts are questioning whether the law is proportionate, and whether it can in fact cause way more problems than it can solve. According to security researcher Kenneth White the privacy of Kazakhstani citizens is at risk. “There are obvious, myriad ethical issues with this sort of mandated state surveillance. But I suspect that the political forces pushing these measures have grossly underestimated the technical hurdles and moral backlash that lay before them.. The best case scenario is that the regime will seriously weaken the security of only a subset of their citizens.”
One of the biggest issues is that this certificate easily can fall into the hands of hackers or other surveilling states, and would in effect give them access to highly private information, and the ability to block communication channels and information. This is something that would put the citizens in great risk, and is therefore a very dangerous step to take in order to deny the citizens access to foreign information and media, and monitor the population.