Kazakhstan Decides To Break The Internet, Wage All Out War On Encryption
from the mandated-middle-men dept
Starting on January 1, the country of Kazakhstan has formally declared war on privacy, encryption, and a secure Internet. A new law takes effect in the new year that will require all citizens of the country to install a national, government-mandated security certificate allowing the interception of all encrypted citizen communications. In short, the country has decided that it would be a downright nifty idea to break HTTPS and SSL, essentially launching a “man in the middle” attack on every resident of the country.
While it has since been removed, a statement posted to the website of the country’s largest ISP KazakhTelecom (Google cache and rather sloppy translation) stated that the ISP was required to intercept encrypted traffic to “secure protection of Kazakhstan users” who have access to encrypted content from “foreign Internet resources”:
“The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources…Detailed instructions for installation of security certificate will be placed in December 2015 on site www.telecom.kz.
Of course, such an effort will wind up doing the exact opposite of protecting the country’s residents — instead opening the door to rampant surveillance and potential security vulnerabilities should the certificate fall into the wrong hands. Oddly, while the notice states that all Windows, OS X, iOS and Android devices must adhere to the new law, Linux isn’t mentioned, giving privacy conscious residents and journalists ample time to install their Linux distro of choice. Security experts are quick to point out the entire, ham-fisted affair is not only ethically idiotic, but likely impossible to fully implement and enforce:
“There are obvious, myriad ethical issues with this sort of mandated state surveillance,” said (Security researcher Kenneth) White. “But I suspect that the political forces pushing these measures have grossly underestimated the technical hurdles and moral backlash that lay before them.” “The best case scenario is that the regime will seriously weaken the security of only a subset of their citizens,” said White.
Bang up job, team! Last month, Human Rights Watch described Kazakhstan as an authoritarian dictatorship with “few tangible and meaningful human rights.” Freedom House, meanwhile, ranks Kazakhstan poorly when it comes to Internet freedom, noting that the country’s war on religious extremists has resulted in an increase in Internet filters, a total blockade of Live Journal, intensified surveillance at cybercafes, and a spike in “physical assaults on bloggers and online journalists.”
It’s easy to dismiss what Kazakhstan is doing as the drunken stumbling of a tin pot dictatorship, until you remember that the UK is proposing something not entirely dissimilar, and both current leading U.S. Presidential candidates dream of waging their own war on encryption and common sense.