Kazakhstan Decides To Break The Internet, Wage All Out War On Encryption

from the mandated-middle-men dept

Starting on January 1, the country of Kazakhstan has formally declared war on privacy, encryption, and a secure Internet. A new law takes effect in the new year that will require all citizens of the country to install a national, government-mandated security certificate allowing the interception of all encrypted citizen communications. In short, the country has decided that it would be a downright nifty idea to break HTTPS and SSL, essentially launching a "man in the middle" attack on every resident of the country.

While it has since been removed, a statement posted to the website of the country's largest ISP KazakhTelecom (Google cache and rather sloppy translation) stated that the ISP was required to intercept encrypted traffic to "secure protection of Kazakhstan users" who have access to encrypted content from "foreign Internet resources":
"The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources...Detailed instructions for installation of security certificate will be placed in December 2015 on site www.telecom.kz.
Of course, such an effort will wind up doing the exact opposite of protecting the country's residents -- instead opening the door to rampant surveillance and potential security vulnerabilities should the certificate fall into the wrong hands. Oddly, while the notice states that all Windows, OS X, iOS and Android devices must adhere to the new law, Linux isn't mentioned, giving privacy conscious residents and journalists ample time to install their Linux distro of choice. Security experts are quick to point out the entire, ham-fisted affair is not only ethically idiotic, but likely impossible to fully implement and enforce:
"There are obvious, myriad ethical issues with this sort of mandated state surveillance," said (Security researcher Kenneth) White. "But I suspect that the political forces pushing these measures have grossly underestimated the technical hurdles and moral backlash that lay before them." "The best case scenario is that the regime will seriously weaken the security of only a subset of their citizens," said White.
Bang up job, team! Last month, Human Rights Watch described Kazakhstan as an authoritarian dictatorship with "few tangible and meaningful human rights." Freedom House, meanwhile, ranks Kazakhstan poorly when it comes to Internet freedom, noting that the country's war on religious extremists has resulted in an increase in Internet filters, a total blockade of Live Journal, intensified surveillance at cybercafes, and a spike in "physical assaults on bloggers and online journalists."

It's easy to dismiss what Kazakhstan is doing as the drunken stumbling of a tin pot dictatorship, until you remember that the UK is proposing something not entirely dissimilar, and both current leading U.S. Presidential candidates dream of waging their own war on encryption and common sense.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, kazakhstan, man in the middle, privacy, security, surveillance

Reader Comments

Subscribe: RSS

View by: Thread

  1. identicon
    Anonymous Coward, 9 Dec 2015 @ 8:26pm


    >BTW, there are easy methods of transmitting one time pad keys in the clear to facilitate such comm.
    Such as?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat

Warning: include(/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_discord_chat.inc): failed to open stream: No such file or directory in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8

Warning: include(): Failed opening '/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_discord_chat.inc' for inclusion (include_path='.:/usr/share/pear:/home/beta6/deploy/itasca_20201215-3691-c395:/home/beta6/deploy/itasca_20201215-3691-c395/..') in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.