Encryption 23 July 2019

The Internet Society’s Concerns on the Recent Government Action in Kazakhstan Regarding Encrypted Internet Traffic 

The Internet Society and Internet Society Kazakhstan Chapter are deeply concerned about the recent actions taken by the Kazakh government – and how those actions affect the overall security of the Internet.

According to recent news reports and information from our Kazakhstan Chapter, since Thursday, 18 July 2019, users of Kazakh mobile operators trying to access the Internet have received text messages indicating that they need to install government-issued root certificates on their mobile and desktop devices.

Requiring Internet users to install root certificates that belong to the government could give the government the ability to intercept encrypted HTTPS traffic and perform a “machine-in-the-middle” (MITM) attack to break secure communication. This means that the government could see, monitor, record, and even block interactions between Kazakh users and any website, including banks, email providers, social networks – and critical public services like electricity, elections, hospitals, and transportation.

Representatives of the Kazakhstan government have indicated that installing this certificate is voluntary and is intended to help combat phishing attacks. However, once these certificates are installed, users have no way of knowing their communications are no longer secure. Browsers will still show a lock symbol or other indicator that the traffic is “encrypted and secure”.

Traffic that appears secure is not.

Introducing this weakness undermines the security of the Internet and erodes trust in the global public key infrastructure. Encryption technologies help keep people safe online by protecting the integrity and confidentiality of digital data and communications.

Every country has a right and duty to protect its citizens. Undermining the cryptographic systems in a way that could make any transaction vulnerable protects nobody, but puts people at risk. (Read more)

Encryption should be the norm for all Internet traffic, because that is necessary to ensure the Internet is safe and usable for citizens. Any measure taken to weaken that encryption makes us all more vulnerable.

We call on the government of Kazakhstan to stand together with us in ensuring that its citizens have the strong, secure communication mechanisms that allow them to participate in the global Internet.

Related resources

Strengthening the Internet 4 February 2022

Internet Society Statement on EARN IT Act 2022

The Internet Society calls on senators to protect strong encryption by opposing the re-introduced EARN IT Act.

Encryption 12 May 2021

Internet Society: UK Online Public Safety Bill is trying to legislate the impossible – a safe Internet without strong encryption

In the Queen’s Speech on 11 May 2021, the UK Government said it wants to “harness the benefits of...

Encryption 1 March 2021

Internet Society Statement regarding the Indian Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021

The new requirements in the the Indian Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021...