Donate
‹ Back
Encryption 23 July 2019

The Internet Society’s Concerns on the Recent Government Action in Kazakhstan Regarding Encrypted Internet Traffic 

The Internet Society and Internet Society Kazakhstan Chapter are deeply concerned about the recent actions taken by the Kazakh government – and how those actions affect the overall security of the Internet.

According to recent news reports and information from our Kazakhstan Chapter, since Thursday, 18 July 2019, users of Kazakh mobile operators trying to access the Internet have received text messages indicating that they need to install government-issued root certificates on their mobile and desktop devices.

Requiring Internet users to install root certificates that belong to the government could give the government the ability to intercept encrypted HTTPS traffic and perform a “machine-in-the-middle” (MITM) attack to break secure communication. This means that the government could see, monitor, record, and even block interactions between Kazakh users and any website, including banks, email providers, social networks – and critical public services like electricity, elections, hospitals, and transportation.

Representatives of the Kazakhstan government have indicated that installing this certificate is voluntary and is intended to help combat phishing attacks. However, once these certificates are installed, users have no way of knowing their communications are no longer secure. Browsers will still show a lock symbol or other indicator that the traffic is “encrypted and secure”.

Traffic that appears secure is not.

Introducing this weakness undermines the security of the Internet and erodes trust in the global public key infrastructure. Encryption technologies help keep people safe online by protecting the integrity and confidentiality of digital data and communications.

Every country has a right and duty to protect its citizens. Undermining the cryptographic systems in a way that could make any transaction vulnerable protects nobody, but puts people at risk. (Read more)

Encryption should be the norm for all Internet traffic, because that is necessary to ensure the Internet is safe and usable for citizens. Any measure taken to weaken that encryption makes us all more vulnerable.

We call on the government of Kazakhstan to stand together with us in ensuring that its citizens have the strong, secure communication mechanisms that allow them to participate in the global Internet.

‹ Back

Related resources

Internet Society Presents First Report Focusing on Internet Development in Central Asia
Domain Name System (DNS)24 November 2015

Internet Society Presents First Report Focusing on Internet Development in Central Asia

Highlighting the discrepancy between levels of Internet access in the country versus rates of adoption, the “Kyrgyz Internet Environment Assessment” provides an analysis of the current Internet environment, focusing on both the opportunities and the potential barriers to further development of the Internet in the region.

Internet Society s'inquiète des récentes mesures prises par les autorités du Kazakhstan concernant le trafic chiffré sur Internet.
Encryption23 July 2019

Internet Society s’inquiète des récentes mesures prises par les autorités du Kazakhstan concernant le trafic chiffré sur Internet.

Internet Society et sa section basée au Kazakhstan sont profondément préoccupées par les récentes mesures prises par le gouvernement kazakh...

Internet Society Highlights Rapid Internet Growth in Asia-Pacific; Points to Growing Online Security Challenge
Domain Name System (DNS)16 November 2016

Internet Society Highlights Rapid Internet Growth in Asia-Pacific; Points to Growing Online Security Challenge

Security issues and the impact on user trust emerging as the existential threat to the future of the Internet. 

Join the conversation with Internet Society members around the world