Kazakhstan Decides To Break The Internet, Wage All Out War On Encryption

from the mandated-middle-men dept

Starting on January 1, the country of Kazakhstan has formally declared war on privacy, encryption, and a secure Internet. A new law takes effect in the new year that will require all citizens of the country to install a national, government-mandated security certificate allowing the interception of all encrypted citizen communications. In short, the country has decided that it would be a downright nifty idea to break HTTPS and SSL, essentially launching a “man in the middle” attack on every resident of the country.

While it has since been removed, a statement posted to the website of the country’s largest ISP KazakhTelecom (Google cache and rather sloppy translation) stated that the ISP was required to intercept encrypted traffic to “secure protection of Kazakhstan users” who have access to encrypted content from “foreign Internet resources”:

“The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources…Detailed instructions for installation of security certificate will be placed in December 2015 on site www.telecom.kz.

Of course, such an effort will wind up doing the exact opposite of protecting the country’s residents — instead opening the door to rampant surveillance and potential security vulnerabilities should the certificate fall into the wrong hands. Oddly, while the notice states that all Windows, OS X, iOS and Android devices must adhere to the new law, Linux isn’t mentioned, giving privacy conscious residents and journalists ample time to install their Linux distro of choice. Security experts are quick to point out the entire, ham-fisted affair is not only ethically idiotic, but likely impossible to fully implement and enforce:

“There are obvious, myriad ethical issues with this sort of mandated state surveillance,” said (Security researcher Kenneth) White. “But I suspect that the political forces pushing these measures have grossly underestimated the technical hurdles and moral backlash that lay before them.” “The best case scenario is that the regime will seriously weaken the security of only a subset of their citizens,” said White.

Bang up job, team! Last month, Human Rights Watch described Kazakhstan as an authoritarian dictatorship with “few tangible and meaningful human rights.” Freedom House, meanwhile, ranks Kazakhstan poorly when it comes to Internet freedom, noting that the country’s war on religious extremists has resulted in an increase in Internet filters, a total blockade of Live Journal, intensified surveillance at cybercafes, and a spike in “physical assaults on bloggers and online journalists.”

It’s easy to dismiss what Kazakhstan is doing as the drunken stumbling of a tin pot dictatorship, until you remember that the UK is proposing something not entirely dissimilar, and both current leading U.S. Presidential candidates dream of waging their own war on encryption and common sense.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Kazakhstan Decides To Break The Internet, Wage All Out War On Encryption”

Subscribe: RSS Leave a comment
That One Guysays:

Not 'if', 'when'

Of course, such an effort will wind up doing the exact opposite of protecting the country’s residents — instead opening the door to rampant surveillance and potential security vulnerabilities should the certificate fall into the wrong hands.

That someone with less than noble intentions will get their hands on what they need to take advantage of the mandatory malware is a given, there’s no question about that, the only thing up for question is how long it will take. Personally I’d guess a month at most, given you’re talking about something that creates vulnerabilities in the computers of everyone within the country.

Of course with regards to the surveillance aspect falling into the ‘wrong hands’, that will take all of zero days, given the government will be using it in that manner from the get-go.


Re: Not 'if', 'when'

“and potential security vulnerabilities should the certificate fall into the wrong hands.”

No, I can’t sign on to this. At least, it’s no worse than what we have already. Don’t trust the government of Kazakhstan? How about DigiNotar or Comodo or Thawt or NetSol or Synmantec or Microsoft? It’s all exactly the same risk. Not more, not less, exactly the same.


Re: Re: Not 'if', 'when'

Last time I looked, Microsoft did not incarcerate and execute people. I have to admit that I stopped reading EULAs some time after I stopped using Windows, and the trend was clearly going in that direction. But I suppose if they had acted on such provisions already, it would have been in the news.


Re: Re: Not 'if', 'when'

Such a certificate requires a root certificate be given to all ISP’s or whoever is doing the man in the middle attack. This is required so that they can sign certificate for sites that users want to visit. Time to leak for such a certificate will likely be measured in hours or days.

What are the odds that it is also a software signing certificate, to make installing of spyware easier?


What would be interesting to follow but we will probably never hear about is how long it will take residents to learn to create virtual machine images that can spin up without the “mandated” encryption bypass. Then they can spin up an image, do there private business that can be kept private, then delete that session as though nothing happened.



The ‘president’ (completely fake elections where people are forced to vote at gun-point and often they just make up entire villages of voters) Nursultan Nazarbayev took MASSIVE bribes from various anti-internet companies that want to go back to the ‘old way’ of doing things via going to a physical bricks & mortar store, and this is the result, a blatant and obvious attempt to make online banking/purchasing extremely risky.



In later news Australia does the same as the financial donors to the current right wing government are B&M owners who have tried for years to stop internet shopping so they can continue to price gouge the citizens. And to think that this week we have been told we must be innovative to prosper after the mining boom. This new law sure is innovative for the dinosaurs of business, Australia style.



This will not stop terrorists and criminals using their own secure encryption

Actually, Kazakhstan is an edge case where, with regards to encrypted TCP and UDP flows at least, it might.

Kazakhstan is a relatively small country, and their telco’s and ISPs likely have a small number of connections to ISP’s outside Kazakhstan.

The ability to analyze and shut down traffic flows you can’t decrypt is well within the capabilities of most “next-gen” firewalls.

Next-gen firewalls won’t necessarily help with encrypted data that’s transferred over non-encrypted sessions, but there are systems on the market that can catch that in most cases.

It’s unlikely they could actually shut it down 100%, but 95%+ efficiency is probably possible for them. Couple that with period, high-visibility arrests and you could call it “close enough”


the thing i’ll never understand is why wage war and get millions of people killed trying to stop the same sort of thing from encroaching the planet 70 years ago, only to insist that the same thing must happen now to prevent what is happening which is the same as then? do the politicians in charge now think things will be any different? it’s self-interested bullshit expectations if they do!
i still think that what is going on is instigated to get the planet run like a massive corporation, where the only people with rights are the dozen at the top of the tree, the ones who actually want this and have never had a better chance of getting it! these surveillance laws are meant to ensure that the people and/or security forces cant do a damn thing without it being known and measures put in place to either prevent, stop or dispel any counter action to what the dozen want!!

Concerned Citizensays:

A subset of their citizens

And guess which subset that will be?

The very same subset that actually puts their faith and trust in the government.

The jaded, disenfranchised, cynical and downright frustrated citizens will not have faith in this scheme. Those who understand the technological ramifications of this will not have faith in this scheme.

No, it is those the government relies on most. Those that put some measure of faith in the government. Those who are loyal and patriotic. Those the government wants most to keep safe… who are going to be affected, attacked and harmed by this.

Governments wonder why they face rising dissent while simultaneously destroying public trust over and over…

and over…

and over…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it