The Kazakhstan government has started intercepting all HTTPS internet traffic inside its borders with effect from July 17, 2019. All local Internet service providers (ISPs) are instructed by the government to ask their respective users to install a government-issued certificate on all devices and also in every browser.
The certificate after installation will permit the local government agencies to decrypt users’ HTTPS traffic, view the content, encrypt it again with their certificate, and send it to its destination.
All the users in Kazakhstan who access the internet are now redirected to web pages that contained instructions on how to install the government’s root certificate in their respective browsers, even if it is from the desktop or mobile device.
Since the official government announcement has been made, all the local ISPs have started pressurizing their customers to install the government’s root certificate.
The Kazakh Ministry of Digital Development, Innovation and Aerospace has posted a statement on their website, that only internet users in Kazakhstan’s capital of Nur-Sultan will have to install the certificate. But users from all parts of the country are reported to be blocked from accessing the internet as long as they installed the government’s certificate. Some users also received SMS messages on their smartphones to install the certificates.
The Ministry officials stated that they aim to enhance the protection of citizens, government bodies and private companies from hacker attacks, Internet fraudsters and other types of cyber threats.
Earlier in December 2015, the Kazakh government tried to force all their citizens to install a root certificate. But the decision was never implemented because the local government was sued by several organizations, including ISPs, banks, and foreign governments, who feared this would reduce the security of all internet traffic originating from the country.
Also in the same year, the Kazakh government also applied with Mozilla to have its root certificate included in Firefox by default which was declined by the company.
At present, browser makers like Google, Microsoft, and Mozilla are discussing a plan of action on how to deal with sites that have been (re-)encrypted by the Kazakh government’s root certificate. However, no decision has been made still.