Kazakhstan has passed a law that would require citizens to install a certificate on all their personal devices allowing the government to capture all the web traffic, passwords and financial details of the population.

According to a law that was passed, the government is going to require that citizens install a certificate on their personal computers and mobile devices. The rationale here is a ham-fisted attempt to roll out government surveillance to the country. This came to light when the company Telecom.kz posted this to their website on November 30, 2015. However, by December 4th the press release was removed from the website.From Telecom.kz:

By words of Nurlan Meirmanov, Managing director on innovations of Kazakhtelecom JSC, Internet users shall install national security certificate, which will be available through Kazakhtelecom JSC internet resources. «User shall enter the site www.telecom.kz and install this certificate following step by step installation instructions”- underlined N.Meirmanov.

Kazakhtelecom JSC pays special attention that installation of security certificate can be performed from each device of a subscriber, from which Internet access will be performed (mobile telephones and tabs on base of iOS/Android, PC and notebooks on base of Windows/MacOS).

This will allow the government to snoop and capture web traffic, passwords, financial details…OK, basically anything. This is an example of abject stupidity at it’s finest. I’m reminded of the nonsensical attempt by the UK government to roll out “porn filters” as a ruse to control Internet access.

This attempt by the Kazakh government is by no means unique. Governments have been doing this sort of thing for years. More recently we’ve seen the Turkish government attempt to block access to social media sites. As well, Thailand is also attempting to roll out their own MitM implementation.

These aforementioned are bizarre attempts by governments to try and control the message as well as their own populace. This always strikes me as a government that is afraid, not of adversaries but, of their own populace. Further to that end it occurs to me that so many governments are attempting to control Internet access long after the fact. This is a system that has long been available around the world and only now are they trying to do something to control it. A failure in planning.

The need to find ways to skirt these implementations is real. There have been projects like this for years such as Hacktivismo’s Peekabooty all the way up to the Tor Project. Hopefully Tor or a new solution will be able to route around these controls so that people are not subjected to these measures.

Someone forgot to tell them that the Internet doesn’t forget. This posting was still available in Google cache as of this writing.

Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016

From 1 January 2016 pursuant to the Law of the Republic of Kazakhstan «On communication» Committee on Communication, Informatization and Information, Ministry for investments and development of the Republic of Kazakhstan introduces the national security certificate for Internet users.

According to the Law telecom operators are obliged to perform traffic pass with using protocols, that support coding using security certificate, except traffic, coded by means of cryptographic information protection on the territory of the Republic of Kazakhstan.

The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.

By words of Nurlan Meirmanov, Managing director on innovations of Kazakhtelecom JSC, Internet users shall install national security certificate, which will be available through Kazakhtelecom JSC internet resources. «User shall enter the site www.telecom.kz and install this certificate following step by step installation instructions”- underlined N.Meirmanov.

Kazakhtelecom JSC pays special attention that installation of security certificate can be performed from each device of a subscriber, from which Internet access will be performed (mobile telephones and tabs on base of iOS/Android, PC and notebooks on base of Windows/MacOS).

Detailed instructions for installation of security certificate will be placed in December 2015 on site www.telecom.kz.

PR department
Kazakhtelecom JSC

30.11.2015″
TheWatchTowers.org
Translate »