- The Kazakh government is moving forward with an old MITM plan that allows internet monitoring.
- The regime is enforcing privacy and security bashing law and has the nation’s ISPs on their side.
- People will either install the certificate on all their devices and browsers or lose access to the internet.
As we reported in June, when Kazakhstan elected a new president, the situation didn’t look very promising for the netizens of the country. A massive blocking of local news outlets, live video streaming services, and social media platforms signified an upcoming “internet censorship age” for Kazakhstan. Going a step further from blocking what they don’t like, the Kazakh government is now imposing unprecedented privacy-defiling measures. More specifically, all of the country’s ISPs (internet service providers) have been instructed to enforce the installation of a government-issued “man-in-the-middle” certificate to their customers, who are expected to use it on all of their devices and browsers. This happens according to a new law “On Communications”, paragraph 11 of the “Rules for Issuing and Applying a Security Certificate”.
This “Qaznet” certificate will enable government agencies to decrypt the HTTPS traffic on their citizens’ devices so that they know what they're doing online. Now, ISPs are publishing web pages with detailed instructions for the people, as the certificate needs to be installed on a wide range of different devices, and there’s a different way to do it on each one. Besides the confusion and complexity, the main problem is the certificate itself, as it undermines all notions of user privacy.
Of course, both the government and the ISPs present the need for installing the “security certificate” as a crucial safety measure for the citizens, conveniently leaving out all details about HTTPS traffic monitoring and what its installation would entail for the privacy of the users. They tout this as a measure to help people stay protected against hacker attacks, fraudsters, and all types of cyber threats. The ISPs leave no margin for disobedience to their subscribers anyway, as the internet is blocked for all of those who haven’t installed the Qaznet certificate yet.
This is not a novel move by the Kazakh government, in the same way that the current regime is not a fresh one either. In fact, the rulers of the country tried to impose the installation of a similar certificate back in 2015, but the fact that several ISPs, banks, and foreign agencies sued the government back then put a brake on the plans. Even Mozilla was approached and asked to bundle the certificate in Firefox by default, but of course, the internet company denied to do such a thing. Now, however, it seems that the latest elections empowered the government even more, so no one could stop them this time.