GOVERNMENT SURVEILLANCE IN KAZAKHSTAN – IN-DEPTH ‘QUESTIONS AND ANSWERS’ ON STATE IMPOSED SECURITY CERTIFICATE


July 25, 2019

  • “Who registered the domain qca.kz, used to distribute the certificate in the country?”
  • “What kind of equipment can do the interception?”
  • “Can I see the tampering in action?”

The Kazakh government is imposing a digital certificate for all online devices, arguing that it will protect them from digital attacks. Questions about its purpose and security have been raised. Is the certificate threatening the privacy of the users? Will it give powers to the government to read Gmail or block Facebook groups?

Some governments are using Internet to expand their powers to control not only dissenting minds but also the general public. That is the case of Kazakhstan, where the authorities are forcing the population to install a certificate that allow them to spy on them. Qurium Media Foundation has created a FAQ, answering to questions regarding the certificate and its threat to the population.

The government says it is a security certificate that will protect me against digital attacks, is it true?”

Will it give powers to the government to read messages in Facebook or closed chats in Telegram?”

Is it dangerous to install the certificate?”

The answers to these questions are Yes. The certificate seems to be targeting web services, so if you chat or check email using a webservice, such as Gmail or Facebook, the messages can be read by the government. Additionally, the certificate allows the authorities to alter the content of the communication.

Since July 17 Kazakh mobile providers request their users to install a so called “security certificate”, on every device connected to the Internet. The official statement explains that the certificate is necessity to protect the device from digital attacks and harmful content. The mobile providers informs that “customers failing to install Security Certificate on their mobile devices may face technical limitations when accessing certain websites”.

Qurium’s recommendation is clear: “Once you have installed the certificate, any web connection can direct you to a fake website which can lure you to install malicious software or record your conversations and credentials. If you have installed the certificate, un-install it and change your passwords.”

Please visit Qurium’s FAQ report to get an updated and deep insight into what is happening in Kazakhstan: https://www.qurium.org/alerts/kazakhstan/kazakhstan-imposes-users-to-install-government-controlled-certificate

Do not hesitate to reach out if you need more information.