Local internet service providers (ISPs) have been instructed by the government to force their citizens to install a state-authorized certificate on all devices, and all browsers.
Hard Fork!Hard Fork?
Hard ForkThis certificate allows the Kazakhstan government to decrypt HTTPS internet traffic, view its contents, and then re-encrypt it with the certificate once again before it is sent to its destination, making it easy for the Kazakhstan government to surveil its citizens’ online activities.
While the government says only internet users in Kazakhstan‘s capital of Nur-Sultan will have to install the certificate, it appears users from across the nation are said to be blocked from accessing the internet until they they installed the certificate. Local ISP Kcell, for example, has put up a new page instructing users on how to install the Qaznet Trust Certificate, stating “it will help protect the information systems and data, as well as detect hacker and cyber-attacks of the Internet fraudsters on the country’s information space, private and banking sector, before they can cause damage.” “Customers failing to install Security Certificate on their mobile devices may face technical limitations when accessing certain websites,” it adds.
The Kazakhstan government and local ISPs are positioning the certificate as beneficial to citizens, government agencies and companies by protecting them from cyber threats. But the development has raised privacy concerns about man-in-the-middle (MITM) certificate schemes.
This isn’t the first time the Kazakhstan government has attempted to force its citizens to install a government-issued root certificate which decrypts their HTTPS internet traffic.
In 2015, the country’s government ordered its citizens to install a certificate but ultimately had to go back on its plans after multiple organizations sued the Kazakhstan government, citing fears that the certificates would weaken the security of the country’s internet traffic.
If its citizens want to avoid being spied on, they’ll have to rally similar efforts to push back against this ruling right quick.
Read next: Over 100 Chinese loan apps are leaking millions of users' financial data