The authorities of Kazakhstan have once again made an attempt to establish total control over the citizens. The country again started talking about the need to install a security certificate on mobile devices. As in the previous year, the new attempt is carried out under the guise of exercises.
For two days, Kazakh publics have been strained on social networks. Users, without hesitation in expressions, speak out about another attempt by the authorities to force them to install some security certificates on their mobile devices.
The first reports of another attempt to impose security certificates appeared on December 5.
As the Ministry of Digital Development, Innovation and Aerospace Industry reported, since December 6, the city of Nur-Sultan has been conducting the “Cyber Security Nur-Sultan-2020” exercise. The exercise is a joint initiative of the Ministry of Digital Development, Innovation and Aerospace Industry and the National Security Committee.
“This year, in connection with the pandemic and the transfer to online forms of work, cyberattacks on the country’s digital space have become more frequent. In particular, in 2020, compared to the same period last year, the number of cyberattacks in the Kazakh segment of the Internet increased almost 2.7 times. The National Coordination Center for Information Security and the system “Cyber shield of Kazakhstan”, the Center for analysis and investigation of cyberattacks, as well as the forces and means of the operational information security centers of the Information Security Committee under the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan and communication operators, information security units of government agencies and private companies will be involved in protection against cyber threats,” was noted in the official message of the Ministry of Digital Development, Innovation and Aerospace Industry.
The Ministry also clarified that during the exercise, the users of Kazakhstan may have problems with access to various Internet resources.
“These problems can be eliminated by installing a security certificate. To obtain detailed information on its installation, you must contact the telecom operators on their official Internet resources and technical support services,” the message noted.
Already on December 6, the residents of Nur-Sultan began to actively complain about problems with access to Internet resources.
On the same day, some Kazakh media published instructions for mobile subscribers how to install the security certificate.
“In accordance with the Rules for the issuance and application of the security certificate, the telecom operators ensure the distribution of the security certificate among their subscribers in order to be able to install the security certificate on technical equipment that has access to the Internet. The security certificate is a set of electronic numeric characters used to pass traffic containing protocols that support data encryption. The purpose of using the security certificate is to restrict the dissemination of information prohibited by legislation over the telecommunications network,” the instructions of the mobile operators noted.
On December 7, Ruslan Abdikalikov, the chairman of the Information Security Committee under the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan, apologized to users for the inconvenience:
“Why we started it on the weekend, because it was due to the fact that at this time a person is as free as possible, there are no working moments. At this time, we probably caused a minimum of inconvenience to our citizens,” he said.
Abdikalikov also explained why the security certificate, which has been recommended to be installed by users, is needed:
“Why is the security certificate involved in the current cyber exercises? We would like to clarify, as experience has shown, during a pandemic, the amount of inaccurate information that violates the country’s legislation, that is disseminated in social media, has increased. In this regard, these channels of information dissemination will also be used by potential religious extremists to get as close to reality as possible. For these purposes, the certificate will be used. Moreover, if we refuse to use it, it will be technically impossible to preserve the functioning of foreign resources, on which illegal information will be disseminated by a potential violator,” the head of the Committee noted.
For the first time the authorities of Kazakhstan attempted to force users to install this certificate in December 2015. However, the experts in the information and communication industry said at that time that this “know-how” was intended not so much for protection as for control, since it would allow the authorities to “listen the encrypted traffic”. Then the public managed to force the authorities to abandon this compulsion.
Despite the fierce resistance of citizens, the authorities continued to work in this direction.
So, in January 2016, the by-laws, which were necessary for the implementation of this idea, were developed and approved. In June 2017, in accordance with the instructions of the first President Nursultan Nazarbaev, the Cybersecurity Concept “Cyber shield of Kazakhstan” was developed. It prescribed the introduction of security certificates. By the way, everything was done secretly so as not to arouse criticism from the population.
The last time, when the authorities of Kazakhstan attempted to force Kazakh citizens to install this security certificate, was in July 2019. Then the Ministry of Digital Development, Innovation and Aerospace Industry warned about possible interruptions in the work of the Internet in the capital and advised users to install security certificates.
However, tech giants such as Apple, Microsoft, Google, Mozilla said that the Kazakh security certificate had nothing to do with security itself and simply blocked Kazakh know-how.
“People around the world trust Firefox to keep them safe when they browse the Internet, especially when it comes to defending against such attacks that undermine their security. We don’t take these actions flippantly, but protecting our users and the integrity of the network is the reason why Firefox exists,” said Marshall Erwin, the senior director of trust and security of Mozilla.
“We will never tolerate attempts by any organization, government or otherwise, to compromise Chrome user data. We have implemented protection against this particular problem and will always take action to protect our users around the world,” said in turn, the senior technical director of Chrome Parisa Tabriz.
Apple expressed a similar position:
“Apple believes that personal information is a fundamental human right and we design our products to protect personal information. We marked the Kazakh certificate in Safari as insecure to prevent interception of traffic,” the company said in its statement.
After that, the authorities of Kazakhstan backed off. On August 6, 2019, the National Security Committee spread the message that the security certificate is no longer needed and users can delete it.
“The National Security Committee has successfully completed testing the application of the security certificate. As a result, the system has been created to prevent cyber threats both in cyber and information space,” the message noted.
However, on the same day, a message from the President of Kazakhstan, Kasym-Zhomart Tokayev, was published on Twitter, stating that the safety certificate had proven its effectiveness.
Based on this statement, the ACCA experts suggested that the authorities of Kazakhstan did not abandon their attempt to establish total control over citizens and would try to impose this security certificate. As recent events show, they were right.
Leave feedback about this