Kazakh Authorities Say Testing Of Web Traffic Spy Tool Near Completion
Kazakhstan’s main security service said it will finish testing an encryptionbusting root certificate on August 7 that critics say allows it to spy on Internet user activity.
Kazakhstan’s National Security Committee (KNB) insists that testing the Qaznet Trust Certificate in the nation’s capital NurSultan has created a system to prevent cyberthreats, according to an August 6 statement.
The KNB said it intends to use the system in the future in the event of a threat to national security in the form of cyber and information attacks.
Citizens of the country would then receive prior notice.
The KNB also vowed to post on its website instructions for removing the security certificate from personal devices.
Since July, Internet users across Kazakhstan have been receiving messages from telecom operators asking them to install the security certificate called Qaznet on their smartphones, computers, and other devices connected to the Internet.
Users who refused to install the root certificate reported difficulties with access, in particular to social networks and instant messengers.
Tech websites and human rights defenders have been sounding the alarm over Qaznet, which the government said was intended to limit access to banned content, combat cyberattacks, and protect personal data.
Critics described the initiative as an attempt by authorities to spy on the web communications of citizens, access their personal data, increase censorship, and essentially control the Internet.
According to a report published on July 23 by Censored Planet, a project at the University of Michigan, users should not install the root certificates because it opens them up to having their otherwise secure communication intercepted or modified without their knowledge.
The interception targeted connections to 37 domains, according to the research, which was carried out on July 1720, including Facebook, Twitter, and YouTube as well as email and messaging tools and Google services including Docs, Hangouts, and News.
Internet service providers telling users to install the Kazakhstan root certificate claim that it can help protect against fraudsters, hacking attempts, and illegal content. However, this list of domains suggests that the actual intention is instead to surveil users on social networking and communication sites.
According to Shavkat Sabirov, president of the Internet Association of Kazakhstan, root certificates are not foolproof and their use could backfire.
He said on a global level, it is already recognized that this is an unsuccessful and even a terrible attempt to work in a safe mode because if the certificate is stolen or hacked, the attackers will get absolutely all the information about users’ data.
Copyright (c) 2015. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave NW, Ste 400, Washington DC 20036.