Google and Mozilla halt Kazakhstan’s plan to monitor citizens through browsers

21 Aug 2019

Bayterek Tower in Astana, Kazakhstan. Image: © steba/Stock.adobe.com

Kazakhstan’s government wants to track its citizens through its own security certificate, but Google and Mozilla are fighting back.

Google and Mozilla have announced new efforts to specifically combat plans by the government of Kazakhstan to get its citizens to install a security certificate that could give it greater powers over what people look at online.

Privacy advocates warned last month that by installing the certificate on Google Chrome or Mozilla Firefox browsers, the user would leave themselves open to the state being able to intercept, decrypt, analyse and reanalyse all encrypted HTTPS traffic.

However, Google and Firefox said that they have now deployed ‘technical solutions’ specifically designed to counter the state-sanctioned certificate.

“We will never tolerate any attempt, by any organisation – government or otherwise – to compromise Chrome users’ data. We have implemented protections from this specific issue and will always take action to secure our users around the world,” said Parisa Tabriz, senior engineering director for Chrome.

‘Don’t take actions like this lightly’

Mozilla’s senior director of trust and safety, Marshall Erwin, added that the company doesn’t “take actions like this lightly”.

Following news of the certificate last month, the government said the move is “aimed at enhancing the protection of citizens, government bodies and private companies from hacker attacks, internet fraudsters and other types of cyberthreats”.

It added that downloading the certificate was completely voluntary and was not needed to access the internet. However, Google and Mozilla – owners of two of the most used browsers – have made this call after saying they were going to investigate the government’s plan.

Internet users in the country had reported being redirected to pages asking them to install this new certificate and, in some cases, were prompted via text messages. This was the country’s second attempt after previously trying to bring in a security certificate that never materialised, largely due to pressure from major tech companies.

Privacy advocate Caleb Chen has said that if major browsers banned the certificate, the Kazakh government could either back down and pull back the certificate, or it could encourage internet users to use a state-run browser.

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com