14 DAY TRIAL // In one of the most stupid things a country's government can ever do, Kazakhstan's elected officials passed a law that says that all Internet users shall install a "national security certificate" starting with January 1, 2016.
All certificates will be distributed through local Kazakh telcos, and the country's biggest ISP has already announced the procedures on their site. Following the intense local and international backlash regarding this update, the Kazakhtelecom page has been taken down (Google Cache version here).
By forcing all Internet users to install their national "security" certificates, the local government effectively has a backdoor on each device, allowing it to sniff encrypted Internet traffic.
Of course, this certificate can also be abused by cyber-criminals, who can use it to perform man-in-the-middle attacks, especially for collecting financial details transmitted via online payments.
Technology firms may force the government to drop its plan
The national security certificates will have to be installed by each user, on all types of devices, including tablets and smartphones, not just desktops and laptops.
If Kazakhstan decides to go through with this plan, users in Kazakhstan will be in the same unfortunate position as Lenovo or Dell clients, who in recent months have been exposed to similar incidents, with Lenovo and Dell shipping devices with root certificates in the famous Superfish and eDellRoot scandals.
Fortunately for Kazakh Internet users, companies like Microsoft, Google, or Apple have the power to block certificates by issuing security updates to disable these certs inside their operating systems (Windows, Android, OS X, or iOS).
Despite all their malicious intentions, the Kazakhstan government may find itself and its users blackballed from the Internet if these companies decide to issue security updates specifically targeting those certificates.
For now, in spite of the huge international criticism, Kazakhstan has not announced if it plans to go through with its initial plan.