Kazakhstan ramps up control of the internet ahead of elections
Kazakh authorities have launched a new online security initiative, which many fear is an attempt to ramp up control over the internet ahead of next month’s parliamentary elections.
On Monday the Ministry of Digital Development, Innovation and Aerospace Industry announced a drive to combat cyber attacks within the country, titled Cyber Security Nur Sultan-2020. According to official statistics, attempted online breaches have almost tripled over the past year, owing to the shift to remote work caused by the coronavirus pandemic.
“During the period of cyber training, various problems may arise with access to some foreign internet resources, which can be eliminated by installing a security certificate,” read a statement by the ministry.
Most major websites use security certificates to prove their authenticity and create secure connections to a server when accessed through a browser. These certificates are generally approved by trusted authorities and protect users against what are known as man-in-the-middle cyber attacks.
In Kazakhstan’s case, the certificate authority becomes the state itself, meaning that the government controls what stands between an internet user and the services they can access. After installation, the certificate is also capable of redirecting users to other websites or reading information exchanged between them and the sites they are visiting.
Why it matters: “The human rights risk here is that you are allowing the government — in this case, to be candid, an authoritarian repressive government, eager to stifle dissent — to have access to the things you do on websites, which you often use to relay sensitive information,” said Noah Buyon, a Freedom House research associate specializing in digital rights in Eurasia.
Arshyn Taizhanov, a web developer and co-founder of the group Internet Freedom Kazakhstan, added that many in the country oppose the certificate. Some also believe that it has been introduced before parliamentary elections, scheduled for January 10, to increase control over internet usage and place pressure on opposition activists.
Buyon said that he considered the move to be a “power play” designed to send the message that “the government has the capability to interfere with people’s right to access independent information.”
The authorities deny that there is any risk. “The mechanism for applying the security certificate is not related to interfering in the private lives and correspondence of citizens, which is strictly regulated by the Constitution of the Republic of Kazakhstan,” Talgat Mustagulov, deputy chairman of the ministry’s Information Security Committee, told me in an email.
The bigger picture: It’s not the first time Kazakh authorities have tried something like this. The ministry launched a similar security certificate last summer, but major tech companies that produce browsers, including Google, Apple and Mozilla, blocked it. Shortly after, the certificate was retracted.
Kazakhstan scores 32 out of 100 and is classified as “not free” in Freedom House’s 2020 Freedom on the Net report. Buyon says the situation has worsened since large-scale anti-government protests last summer, which were met with internet shutdowns and the prosecution of activists under extremism charges.
“The rollout of the national security certificate is part of this counter reaction,” Buyon said. “I think it’s going to be critical to look out for the reaction of tech companies here, because they really were the heroes of last summer’s saga. And they do have a power, in this sort of narrow line of attack that the government is launching, to make a positive difference.”
The story you just read is a small piece of a complex and an ever-changing storyline that Coda covers relentlessly and with singular focus. But we can’t do it without your help. Show your support for journalism that stays on the story by becoming a member today. Coda Story is a 501(c)3 U.S. non-profit. Your contribution to Coda Story is tax deductible.