Kazakhstan’s Internet Spying Likely To Flop
This post is also available in: 
עברית (Hebrew)
While Western powers are deeply engaged in debating the merits and dangers of encryption, Kazakhstan is leading the charge in bypassing the security mechanism altogether. The Asian country announced that starting in January 2016 it plans to monitor all internet traffic, encrypted or not. It will do so by mandating the installation of a “national Internet safety certificate” on all computers and mobile devices connected to the internet.
“The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources,” read the announcement of the government-backed ISP in a press release that has now been removed.
The implementation of such invasive spying on its citizenry could grant the Kazakhstan ruling regime the powers “snoop on, impersonate, and alter the online communications of anyone within their borders—effectively performing a Man in the Middle attack on its entire population,” the Electronic Frontier Foundation said in an analysis of the proposed measure.
As the statement regarding the proposal has been removed, it is now unclear whether Kazakhstan still intends to carry the plan forward. If it does, however, the implications for both privacy and security could be adverse.
“This will make the collection and storage of communications much easier by removing the encryption on the data. It is a concern from a security perspective and for the technological naivety of the proposal,” said Matthew Rice, Privacy International advocacy officer.
The proposed certificate could be easily defeated by employing a number of tools designed specifically for such purpose. They include the Tor network, that provides anonymous browsing over the so-called dark web. Service providers such as Google and Twitter could refuse to acknowledge the certificate’s validity, which could lead to poor user experience. And if enough of the country’s users simply refuse to install this certificate, the whole scheme could fall apart.
As far as internet-monitoring projects go, this does not seem like the best thought out solution. If the much better planned and executed Great Firewall of China is faulty at its purpose, allowing resourceful users to bypass it completely, this project stands little chance of success.
