The government in Kazakhstan is preparing to follow in the footsteps of China and Russia. Sandwiched between these two great nations that now represent censorship and loss of freedom, it seems only fitting. The West is not without blame, however, since many so-called free countries have also been spying on their citizens and have begun passing laws that take away their rights to privacy.
An Example to Follow
China has given the world the finest example of content filtering there ever was in the Great Firewall. This system processes a ton of traffic flowing in and out of the country and filters the content that goes around within the country. It is the tightest Internet regulatory system on the planet, blocking most of the world’s websites and much of the chatter at home as well. The people are afraid to speak because it could mean that the police would suddenly come to drag them away to prison. Some of the best VPNs still work in China, but the government has banned these, which means fines and harsh punishment if anyone is caught using one.
Russia has offered an alternative method of dealing with free thinkers. The government there offers a hefty reward for information on an effective way to create a peephole into the Tor network. Russia is hungry for Tor traffic because it is encrypted and therefore the only type of Traffic that the government’s regulators cannot spy on. Tor is free and is therefore also used by most people who are trying to preserve their right to privacy.
The Kazakh government has seen and heard this all, and is now preparing to set up its own system for accessing encrypted Internet traffic. Like most eavesdroppers, they have this paranoid delusion that everyone who uses encryption is plotting against them. They want to know everything that is going on, but breaking encryption is too big an endeavor, as they have learned from the failed attempts of the NSA. So how are they going to gain access to encrypted data without breaking the technology?
Trickery
To be able to access all the traffic that passes over the Internet, there must be no encryption that keeps some data secret. To decrypt encrypted data, a key must be applied. Only those who have encrypted the data have the keys. Therefore, the government of Kazakhstan needs to obtain the decryption keys from the Internet users that they want to spy on. Users who use encryption value security and privacy, and are not likely to hand over their keys to a government that spies on them. So the government has prepared a clever bit of trickery to get people to hand them over.
From next month, all Internet Service Providers in Kazakhstan are going to begin disseminating to their customers something that the government is calling a national security certificate. Some have actually already been sent out to Internet subscribers. The certificate covers all Internet users running any operating system. This so-called certificate is disguised as a helpful security tool that will make sure people who employ its “coded access protocols” to view foreign websites are protected. Roughly translated, the certificate will be able to see and copy the keys of any user who employs security tools. The certificate is really a man-in-the-middle attack. It cracks open all HTTPS traffic, including online account credentials, banking and shopping transactions.
It is surely not the first time that a government has claimed to be taking the people’s interests to heart as it deployed systems that would actually do harm. Users’ security is certainly not being guaranteed by this certificate; rather, it is being violated by the government and put at risk to boot. Governments really are supposed to preserve and uphold citizens’ rights, ensuring that they are protected by the rule of law. But increasingly, governments are throwing the law aside to make way for their personal desires. They are also supposed to hold citizens’ safety as a priority, but they actually only care about extending their rule and expanding their powers while in office. By taking encryption keys and spying on secured traffic, they are putting the people in danger. As they decrypt traffic and data, they expose it and the people who sent it. The result will be a government who is very happy to have access to everything that goes on online, and a citizenry plagued by online theft and fraud.
On top of destroying the real protections that Internet users have, meddling with encryption will in many cases invalidate the data being sent. The data packets will be resealed, so to speak, but the tampering will be obvious. The recipient will therefore likely reject it, meaning that it will never reach its destination. Internet users in Kazakhstan will be left to deal with a bunch of validation errors that they have no idea how to fix, and really can’t. We are not confident that the Kazakh government’s plan will work, but we are sure that it is going to be a giant, crazy mess if it does.
