While those of us in the UK worry about risks to our internet security posed by the Snooper’s Charter and the calls for removing or weakening encryption in the wake of the recent terrorist attacks, Kazakhstan is one step ahead of the west. After January 1st 2016, every internet capable device in the country will be required to install a “national security certificate”, which will allow the government to gain access to its communications, whether they are encrypted or not. In order to help enforce the requirement, ISPs and network carriers must keep records of users that do and don’t install the certificate code, making it almost impossible to avoid it if you want to access the internet.
There are many risks with implementing such a backdoor on a nationwide level. As well as allowing the government to potentially keep tabs on those who would challenge the current government, the backdoor could also be misused by unscrupulous parties for the own ends, whether it is criminals finding a way to misuse the backdoor to access sensitive date or even opening its citizens up to surveillance or cyber attacks from other nations.
The requirement of using the certificate is shaky too, as while it is designed to work on Windows, Mac OSX, Android and iOS, it has no provision for users of Linux. And there could be problems if the certificate were to be revoked, or become incompatible with future versions of operating systems. Were someone wishing not to play by the rules, they could find ways to encrypt data that the backdoor won’t reveal or spoof their usage of it.
In this day and age, where internet security is a topic of hot debate, it will be interesting to see how well these backdoors work for Kazakhstan or whether they do more harm than good.