Wednesday, June 17, 2020

ACCA

Analytical Center for Central Asia

Censorship Censorship Kazakhstan Kazakhstan 

Total Internet Control in Kazakhstan

195
ACCA

The Kazakh authorities intend to fully control access to the Internet by forcing citizens to establish a security certificate. The Committee for National Security (CNS) and even the President of the country, Kasym-Zhomart Tokayev, have already supported this know-how. Meanwhile, ordinary citizens are trying through a court to force providers to stop this lawlessness.

 For the first time in Kazakhstan, they started talking about security certificates that should be installed on all devices with Internet access in December 2015. Then the national operator “Kazakhtelecom” issued a press release informing about the introduction of a “national security certificate” that users would have to install on their devices. It was noted that this certificate in accordance with the Law “On Communications” is introduced from January 1, 2016 by the authorized body for Internet regulation – the Committee on Communications, Informatization and Information of the Ministry of Investment and Development. Allegedly, this certificate should protect Kazakh users when using encrypted access protocols to foreign Internet resources. However, the news caused a negative reaction both from users and from experts in the information and communication industry. They immediately stated that this “know-how” was intended not only for protection but for control, as it would allow the authorities to “listen to encrypted traffic”. It is not surprising that after a surge of negativity against Kazakhtelecom, the message about the introduction of a national security certificate was deleted from the official website of the company.

In January 2016, the issue of introducing the certificate again surfaced. It turned out that the authorities developed and approved by-laws necessary for the implementation of this idea. Of course, the most compelling reasons were cited as a justification for the need to install a certificate on user devices – improving the security of Kazakh Internet users when using foreign resources, the fight against international terrorism, child pornography and transnational crime.

At the same time, the authorities said that the innovation will in no way affect users of social networks, e-commerce and the banking sector.

As Konstantin Gorozhankin, President of the Kazakh Internet Business Association, noted in the interview with the media, the introduction of such certificate means that “Kazakhstan through the operators represented by the government, such as “Kazakhtelecom”, is gaining access to all encrypted information”.

“And I hope that this human concern, which now exists, will “cool” some heads, and we will not turn into China with Firewalls and so on, we would not want to,” Gorozhankin said.

In June 2017, in Kazakhstan, in accordance with the instructions of the first President Nursultan Nazarbaev, the concept of cybersecurity “Cyber ​​shield of Kazakhstan” was developed, in which the implementation of security certificates was prescribed. Moreover, it was predicted that the share of using domestic security certificates for encrypted data transmission by Internet resources with .KZ and .ҚAZ domain would reach 100 percent by 2022. At the same time, everything was done quite slowly so as not to cause criticism from the population.

In July of this year, the certificate again became one of the hottest topics. The fact is that on July 17, the Ministry of Digital Development, Innovation and the Aerospace Industry of Kazakhstan warned of possible Internet interruptions in the capital. Allegedly, this is due to preventive work to enhance protection against hackers. The department also advised users to install security certificates.

Following this, Kazakh mobile operators sent SMS to their clients concerning the need to install a security certificate.

On July 19, Ablaykhan Ospanov, Vice-Minister of Digital Development, said that installing a certificate is strictly voluntary.

On July 26, Askar Zhumagaliyev, Minister of Digital Development, Innovation and Aerospace Industry, said that a certificate was installed on computers in government agencies a year and a half ago and has shown high efficiency over the past time. For example, over the last month, it has revealed up to 8 million facts of virus activity and about 130 thousand attempts of cyberattacks.

In his turn, the Vice Minister of Information and Public Development Nurgul Mauberlinova said that with the help of the certificate in 2016 more than 140 thousand illegal materials were revealed, in 2017 – more than 300 thousand.

“Last year, a decrease was noted – 130 thousand of such materials, in 2019 more than 45 thousand were revealed. About 90 percent of all identified violations are related to the propaganda of terrorism, the rest is to the propaganda and distribution of drugs, the cult of cruelty, violence, suicide and pornography,” said Mauberlinova.

Moreover, officials from the Digital Ministry said they had installed a security certificate on their personal devices immediately after its appearance.

However, experts did not believe these assurances. In almost all Kazakh mass media, except the state, there were negative responses to the introduction of the certificate.

For example, a software developer Eldar Kurmangaliev said in the interview with the portal “The village” that installing such certificate will allow you to listen to or replace any traffic of citizens of Kazakhstan – visit history, logins, passwords, banking data”.

The lawyer Kozhakhmet Ruslan, in his turn, noted that the authorities, taking advantage of the fact that the population is little informed or unfamiliar with the mechanisms of operation of these communication devices, under “good intentions” call on people to restrict themselves from information that would contradict officially permitted.

On July 26, there was another statement about the certificates. It was from the Deputy Director of the State Technical Service of the National Security Committee Zeken Ismailov. He assured that all personal information of Kazakh citizens would remain protected after installing the Kazakh security certificate on devices.

“Your correspondence, history of visits, page on social networks, passwords and so on, no one is going to store and is not going to do that in future. There is the list of illegal content. It is determined by the requirements of the authorized bodies, determined by court decisions. Traffic opens when there are messages regarding ISIS or “Blue Whale”. This is first of all necessary for us, our children, so that we do not see all this. Your usernames and passwords are not collected,” Ismailov explained.

However, on August 5, it became known that one of the providers, Beeline, posted on its website a message stating that subscribers must install the certificate on their devices. This was posted on Facebook by the lawyer Zhangeldy Suleymanov.

“They tried to convince us that the installation of certificates is voluntary, but based on the message on Beeline website, this is not so.

The certificate must be installed on each device from which Internet access will be provided (mobile phones and tablets based on iOS / Android, personal computers and laptops based on Windows / MacOS). We sued these certificates,” he wrote.

On August 6, the lawyer Stanislav Lopatin said that providers are trying their best to drag out the process for this lawsuit.

“We have received feedback on the statement of claim. Beeline says “We will not turn off anything. This is not us. If they turn off, it will be somewhere there, at the level of the Ministry.” According to the law, even ministries are not authorized to disconnect sites or block access. This is only by court decision,” said the lawyer.

On the evening of August 6, the National Security Committee issued a message stating that the security certificate is no longer needed and users can delete it.

“The National Security Committee has successfully completed testing the application of the security certificate. As a result, a system has been created to prevent cyber threats in both cyber and the information space,” the report says.

The lawyer Zhangeldy Suleymanov called it a “victory”.

“Certificates have been canceled! But we will continue to sue for the court to decide on the non-installation of certificates,” he wrote in social networks.

It would seem possible to relax on this … But literally at the same time as the National Security Committee reported, Kazakh President Kassym-Zhomart Tokayev tweeted the following post:

“On my behalf, the National Security Committee tested the security certificate as part of the program “Cyber ​​shield”. The security of the information space of Kazakhstan and the possibility of using the certificate only in cases of invasion from the outside is proved. There is no inconvenience to Internet users. Thank the National Security Committee”.

Based on this statement by the President of the country, we can safely assume that the mandatory universal installation of security certificates in Kazakhstan, and therefore total control over citizens, is just round the corner.

You may also be interested

In Kazakhstan, police bribe taker received 6 years in prison

ACCA 0

In Kazakhstan, judge was convicted for receiving bribe

ACCA 0

In Kazakhstan, corruption has reached a cosmic scale

ACCA 0

Subscribe to our Facebook page

Analytical Center for Central Asia