The Kazakh government has forced internet users since last Wednesday to give them access to their online business.
In order to comply with the law, Internet Service Providers (ISPs) require their customers to install certificates opening the door to spying on their online sessions.
These certificates allow the government to bypass the HTTPS protocol, which is used to encrypt the connections between users and the majority of websites. It is thanks to this protocol – which is not infallible, however – that users can connect to their online accounts, including their bank accounts, without having to constantly be wary of being spied by a hacker.
Mozilla, the organization behind the Firefox browser, told MIT Technology Review that it was thinking about how to respond to the new Kazakh law, but that it did not rule out blocking Kazakhstan’s root certificate, which would have effect of rendering obsolete all the Kazakh web security certificates.
Visitors on a non-certificate site typically receive a warning that they are preparing to establish an unsecure connection. Many firewalls also completely block access to sites that do not have a security certificate.
This new law is not the only initiative of the Government of Kazakhstan to monitor the population further. Kazakh authorities are also clients of NSO Group, an Israeli company selling piracy systems to governments in several countries. In many cases, these governments use these systems to stifle dissent, according to MIT Technology Review.