Kazakh Officials Delay Suspicious Internet Security Requirement

The Kazakh National Security Committee has put off a requirement that citizens install a tool on devices on their electronics designed to protect against cyberattacks in the face of suspicion that the devices actually allow surveillance by government and outsiders.

Screenshot of a blocked internet connection without the security certificateScreenshot of a blocked internet connection without the security certificateLocal media reported Tuesday that the committee acted after testing of the national security certificate - a tool that encrypts Internet data - exposed thousands of cyberattacks and cyberspying efforts against the government and private companies. Starting Aug. 7 anyone who has installed the certificate may delete it.  

This does not put the idea of national security certificates to rest forever. Authorities see them as a way to stop cyber attacks, infowars, and other threats to national security. However, researchers from the Censored Planet - an international organization monitoring Internet disruptions - said government surveillance was the real intention of the certificate. 

The certificates were introduced in early July by mobile providers who urged their customers - especially those in the capital of Nur-Sultan - to install them on all devices with an Internet connection. They were described as a tool “to protect the country’s information space from hackers, online fraud and other types of cyber threats,” in an official statement from the Kcell mobile company.

Meanwhile cybersecurity experts detected that electronics with the certificate installed on them could be intercepted -- in other words, developers and anyone who knew how to decrypt the certificate could read, manipulate, and record personal data on them.

Censored Planet’s findings showed that the certificate attacked social networks and communication tools like Facebook, Instagram, Youtube, Gmail and other Google products. Third party observers  who had accessed the certificate could see what citizens were doing on these platforms.

According to the monitoring organization, most attacks went through Kazakhtelecom, the biggest telecommunication provider in Kazakhstan, which the government partially owns. Kazakhtelecom owns several of the most popular mobile providers in Kazakhstan, such as Tele2, Kcell, Altel.

Nur-Sultan residents who did not have the certificate installed on their devices complained that they began experiencing problems while accessing social media, and suffered from poor internet connection, even when using a VPN.

On Aug. 6 officials declared that the national security certificate was part of the “Cybershield of Kazakhstan,” a governmental strategy to strengthen information security in the country.

This is not the first attempt to control internet access in the country. Authorities created a similar certificate in 2015 but later gave up on it without explaining why. In addition, social media blackouts and website blockages have become regular occurrences, especially during political events.