UPDATE: The Kazakhstan government announced on 8 August 2019 that the project is being abandoned. Kazakhstan’s State Security Committee said in a statement that the certificate rollout was simply a test which has now been completed. Users can remove the certificate and use internet as usual, it said.
While this is scary for the citizens of Kazakhstan, every computer user in the world also should be concerned. If one government does this and is successful, it won’t be long before all governments will be doing the same. Yes, that includes your government.
On July 17, the government of Kazakhstan began coercing its citizens to install a root certificate on their devices that would allow the authorities to monitor everything they do online. The surveillance affects anyone trying to access certain websites, including Gmail, Facebook, Twitter, and YouTube. Once the certificate is installed, the government could access emails, read private messages, log browsing activity, and store login credentials.
Of course, once the government can access everything, it won’t be long before the instructions for accessing everyone’s computers will leak out and then become used by hackers around the world.
“There is no such thing as a back door (or in this case, online surveillance tool) that can only be used by the good guys. The Shadow Brokers hack and the resulting WannaCry attack show what can happen when hackers get their hands on such tools. By forcing all Kazakh citizens to use the same certificate, the government is introducing a significant vulnerability. If hackers were able to get control of the certificate, they would have the same access to personal data as the government.”
You can read more in the ProtonMail Blog at: https://tinyurl.com/privacy-2019-0801.