Kazakhstan halts rollout of internet surveillance scheme after legal threats

Kazakhstan flag with binary code

The central Asian country of Kazakhstan has a new leader this year, the first time in their 30-year post-Soviet history that this has happened.

But any hopes that Kassym-Jomart Tokayev, who took over from Nursultan Nazarbayev in June, might usher in a new era of freedom for the Kazakh people are looking optimistic at best.

Tokayev is from the same Nur Otan party as Nazarbayev and appears set on continuing the same authoritarian policies as his predecessor. Indeed, when it comes to online freedoms, he appears to be set on making things even harder.

A state-sponsored Man-in-the-Middle attack

Last month, Kazakh mobile phone operators began asking their customers to install an encryption certificate on their devices. They were warned that if they failed to do so, they would lose access to the internet altogether.

This certificate essentially set up the Kazakh authorities as a Man-in-the-Middle. It allowed them to intercept all traffic sent on these devices. And because they could access data before it was encrypted, the Kazakh authorities would be able to bypass encrypted email and messaging services and read everyone’s communications.

In a country where political opposition and human rights campaigners are rarely tolerated, and rely on such secure communications, the move was seen as a significant attack on online rights.

Kazakh state security justified the move in the way that all authoritarian regimes (and increasing numbers of democratic governments) do, by arguing that the move was necessary for security reasons.

The Kazakh people were told that the encryption certificates objective was to protect Kazakh users from “hacker attacks, online fraud and other kinds of cyber threats”.

How the volte-face unfolded

Needless to say, many Kazakh users reluctantly downloaded the certificate, fearful of losing internet access completely. Some others refused to do so. At the same time, Kazakhstan’s legal community swung into action.

Earlier this week, a group of lawyers announced that they had sued Kazakhstan’s three main mobile phone networks over the move. Their argument was that it would be illegal under Kazakh law to block internet access if people refused to download this certificate.

No sooner had this announcement been made than the Kazakh authorities announced a humiliating climbdown.

The country’s State Security Committee released a statement in which it claimed the certificate rollout had simply been “a test” and was never intended to be a permanent arrangement.

Few people were convinced by this rather unbelievable claim. Nevertheless, the statement added that people could now delete the certificate if they had downloaded it and continue to use the internet as usual.

President Kassym-Jomart Tokayev then took to Twitter to claim that the test had been carried out under his personal authorisation. He claimed that the test showed that protective measures “would not inconvenience Kazakh internet users”.

“There are no grounds for concerns,” he said, rather sinisterly.

Major grounds for concern

Contrary to the claims made by President Tokayev, there are still significant grounds for concern for internet users in Kazakhstan.

Firstly, if this was a test, as Kazakh authorities now claim, what was it testing for? Surely the only answer can be a permanent rollout of a similar system which would grant authorities the permanent power to snoop on the content of emails and encrypted messages sent and received by every Kazakh citizen.

Many Kazakh internet users have already downloaded the certificate. They have been told they can now remove it but many either won’t know how to or just won’t bother. This means a sizable proportion of Kazakh’s will already be allowing the regime access to their most sensitive communications even though they don’t have to.

Tokayev claims such a system wouldn’t inconvenience Kazakh internet users. But such a fundamental breach of their basic online rights would clearly be a massive inconvenience to many, especially those who oppose the authoritarian regime that he leads and are routinely oppressed as a result.

Internet interference now the norm

Kazakh internet users are well used to being inconvenienced online. The regime already routinely blocks internet access for periods of a few hours to a few days when it suits it. Often, these periods coincide with public protests or broadcasts by prominent opposition figures.

The most recent example came in June during the deeply flawed elections which saw Tokayev confirmed as President on a full-time basis.

Kazakh’s who want to use the internet without the risk of government surveillance or censorship already use VPNs such as ExpressVPN to keep them secure and safe when going online. For opposition figures, VPNs are now an essential tool in Kazakhstan.

While the regime has backed down on the forced rollout of these encryption certificates for now, it seems inevitable the scheme will return when the government is surer of its legal ground.

The future for online rights in Kazakhstan is looking increasingly bleak.

David Spencer

Author: David Spencer

David is VPNCompare's News Editor. Anything going on in the privacy world and he's got his eye on it. He's also interested in unblocking sports allowing him to watch his favourite football team wherever he is in the world.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.

ExpressVPN deal