Kazakhstan Decides To Break The Internet, Wage All Out War On Encryption
from the mandated-middle-men dept
Starting on January 1, the country of Kazakhstan has formally declared war on privacy, encryption, and a secure Internet. A new law takes effect in the new year that will require all citizens of the country to install a national, government-mandated security certificate allowing the interception of all encrypted citizen communications. In short, the country has decided that it would be a downright nifty idea to break HTTPS and SSL, essentially launching a "man in the middle" attack on every resident of the country.While it has since been removed, a statement posted to the website of the country's largest ISP KazakhTelecom (Google cache and rather sloppy translation) stated that the ISP was required to intercept encrypted traffic to "secure protection of Kazakhstan users" who have access to encrypted content from "foreign Internet resources":
"The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources...Detailed instructions for installation of security certificate will be placed in December 2015 on site www.telecom.kz.Of course, such an effort will wind up doing the exact opposite of protecting the country's residents -- instead opening the door to rampant surveillance and potential security vulnerabilities should the certificate fall into the wrong hands. Oddly, while the notice states that all Windows, OS X, iOS and Android devices must adhere to the new law, Linux isn't mentioned, giving privacy conscious residents and journalists ample time to install their Linux distro of choice. Security experts are quick to point out the entire, ham-fisted affair is not only ethically idiotic, but likely impossible to fully implement and enforce:
"There are obvious, myriad ethical issues with this sort of mandated state surveillance," said (Security researcher Kenneth) White. "But I suspect that the political forces pushing these measures have grossly underestimated the technical hurdles and moral backlash that lay before them." "The best case scenario is that the regime will seriously weaken the security of only a subset of their citizens," said White.Bang up job, team! Last month, Human Rights Watch described Kazakhstan as an authoritarian dictatorship with "few tangible and meaningful human rights." Freedom House, meanwhile, ranks Kazakhstan poorly when it comes to Internet freedom, noting that the country's war on religious extremists has resulted in an increase in Internet filters, a total blockade of Live Journal, intensified surveillance at cybercafes, and a spike in "physical assaults on bloggers and online journalists."
It's easy to dismiss what Kazakhstan is doing as the drunken stumbling of a tin pot dictatorship, until you remember that the UK is proposing something not entirely dissimilar, and both current leading U.S. Presidential candidates dream of waging their own war on encryption and common sense.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, kazakhstan, man in the middle, privacy, security, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
Not 'if', 'when'
That someone with less than noble intentions will get their hands on what they need to take advantage of the mandatory malware is a given, there's no question about that, the only thing up for question is how long it will take. Personally I'd guess a month at most, given you're talking about something that creates vulnerabilities in the computers of everyone within the country.
Of course with regards to the surveillance aspect falling into the 'wrong hands', that will take all of zero days, given the government will be using it in that manner from the get-go.
[ link to this | view in chronology ]
Re: Not 'if', 'when'
No, I can't sign on to this. At least, it's no worse than what we have already. Don't trust the government of Kazakhstan? How about DigiNotar or Comodo or Thawt or NetSol or Synmantec or Microsoft? It's all exactly the same risk. Not more, not less, exactly the same.
[ link to this | view in chronology ]
Re: Re: Not 'if', 'when'
[ link to this | view in chronology ]
Re: Re: Re: Not 'if', 'when'
you are right
Microsoft does not murder and torture people,
THE US GOVERNMENT does.
[ link to this | view in chronology ]
Re: Re: Re: Not 'if', 'when'
Reading: It's fundamental!
[ link to this | view in chronology ]
Re: Re: Not 'if', 'when'
What are the odds that it is also a software signing certificate, to make installing of spyware easier?
[ link to this | view in chronology ]
Re: Re: Not 'if', 'when'
[ link to this | view in chronology ]
Re: Not 'if', 'when'
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The 'president' (completely fake elections where people are forced to vote at gun-point and often they just make up entire villages of voters) Nursultan Nazarbayev took MASSIVE bribes from various anti-internet companies that want to go back to the 'old way' of doing things via going to a physical bricks & mortar store, and this is the result, a blatant and obvious attempt to make online banking/purchasing extremely risky.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Actually, Kazakhstan is an edge case where, with regards to encrypted TCP and UDP flows at least, it might.
Kazakhstan is a relatively small country, and their telco's and ISPs likely have a small number of connections to ISP's outside Kazakhstan.
The ability to analyze and shut down traffic flows you can't decrypt is well within the capabilities of most "next-gen" firewalls.
Next-gen firewalls won't necessarily help with encrypted data that's transferred over non-encrypted sessions, but there are systems on the market that can catch that in most cases.
It's unlikely they could actually shut it down 100%, but 95%+ efficiency is probably possible for them. Couple that with period, high-visibility arrests and you could call it "close enough"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
i still think that what is going on is instigated to get the planet run like a massive corporation, where the only people with rights are the dozen at the top of the tree, the ones who actually want this and have never had a better chance of getting it! these surveillance laws are meant to ensure that the people and/or security forces cant do a damn thing without it being known and measures put in place to either prevent, stop or dispel any counter action to what the dozen want!!
[ link to this | view in chronology ]
"If Kazakhstan, China or Russia do that, why aren't we doing it, too?!"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
A subset of their citizens
The very same subset that actually puts their faith and trust in the government.
The jaded, disenfranchised, cynical and downright frustrated citizens will not have faith in this scheme. Those who understand the technological ramifications of this will not have faith in this scheme.
No, it is those the government relies on most. Those that put some measure of faith in the government. Those who are loyal and patriotic. Those the government wants most to keep safe... who are going to be affected, attacked and harmed by this.
Governments wonder why they face rising dissent while simultaneously destroying public trust over and over...
and over...
and over...
[ link to this | view in chronology ]
BTW, there are easy methods of transmitting one time pad keys in the clear to facilitate such comm.
[ link to this | view in chronology ]
Re:
Such as?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Good News
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]