Kazakhstan: As election beckons, authorities tighten control on internet

Authorities accuse critics of the measure of being NATO stooges.

Almaz Kumenov Dec 7, 2020

Authorities in Kazakhstan have in the run-up to next month’s parliamentary election mounted another drive to snoop on the public’s internet usage and limit access to online resources they deem suspect.

This control measure has been sold as a digital security initiative.

The National Security Committee, or KNB, announced that it was from December 6, together with the Digital Development, Innovation and Aerospace Industry Ministry, undertaking something dubbed the Cyber Security Nur-Sultan 2020 exercise.

This has been cast as a test of the country’s cyber-defenses in a year that authorities say has seen almost three times as many hacking attacks against Kazakhstan as were launched in 2019. Officials say the reason for the spike is that many people have switched to remote working, leading to an increase in online activity.

"During this period of cyber-training, various problems may arise with access to some foreign internet resources. These can be avoided by installing a security certificate," the KNB said in a statement on December 5.

It is unclear how long this purported exercise is due to last.

Sure enough, residents of the capital, Nur-Sultan, have begun complaining about problems with their internet connections and that they are unable to access popular social media websites.

Suspicious-minded internet users are doubtful of the security exercise story, however.

This is only the government’s latest run at trying to steer internet users toward installing digital security certificates designed to generate detailed logs of what they are doing online. The last attempt came last year following a wave of unusually large anti-government protests in the wake of a much-contested presidential election, but it fizzled out amid much confusion and public indignation.

Officials claim these efforts are intended to protect personal data and limit access to banned content. But critics are skeptical and contend it is merely a covert means to enable universal snooping and give prying state agents access to that same personal data.

Last year’s snooping attempt also failed because of the reluctance of foreign tech giants to play ball. Google and Mozilla, for example, stated at the time that they had deployed technical solutions within their respective browsers to thwart the Kazakh government’s attempts to intercept traffic.

The government-issued certificate “is not trusted by either of the companies, and once installed, allowed the government to decrypt and read anything a user types or posts, including intercepting their account information and passwords,” Mozilla said in an August 2019 statement.

The senior engineering director for Google’s Chrome browser, Parisa Tabriz, adopted a similarly combative line.

“We will never tolerate any attempt, by any organization – government or otherwise – to compromise Chrome users’ data. We have implemented protections [for] this specific issue,” Tabriz said.

Yelzhan Kabyshev, an activist with the Internet Freedom Kazakhstan project, told RFE/RL’s Kazakhstan service, Radio Azattyk, that the new-look security certificate is to all intents and purposes similar to the 2019 version in that, once installed, it will potentially make sensitive data available to third parties – most notably, security service bodies. Kabyshev added that it was particularly problematic that personal data has been stolen from government bodies in Kazakhstan and that nobody has been brought to justice for those hacks, making it even more inadvisable to make that information accessible to those same entities.

Despite the suspicious timing of this latest attempt to force the security certificate onto the internet-using public, the government has denied any of this has been motivated by a desire to keep tabs on online speech ahead of the January 10 election, which is set to be dominated by the ruling Nur Otan party.

Ruslan Abdikalikov, the head of the Information Security department at the Digital Development Ministry, insisted that installing the certificate was in any event entirely voluntary. Objections to the measure coming out of NATO countries is entirely attributable, he said, to the fact that Kazakhstan is a member of the Moscow-led Collective Security Treaty Organization.

“These are double standards. Some can do it and it is right and democratic, and when some other country does it, fully realizing that it has every right to do it, they immediately say: ‘you may not do this,’” Abdikalikov said.

Almaz Kumenov is an Almaty-based journalist.