Google and Mozilla have taken the rare step of blocking an untrusted certificate issued by the Kazakhstan government, which critics say it forced its citizens to install as part of an effort to monitor their internet traffic.
The two browser makers said in a joint statement Wednesday it deployed “technical solutions” to block the government-issued certificate.
Citizens had been told to install the government-issued certificate on their computers and devices as part of a domestic surveillance program. In doing so it gave the government ‘root’ access to the network traffic on those devices, allowing the government to intercept and snoop on citizens’ internet browsing activities.
Researchers found that only a few sites were being monitored, like Facebook, Twitter, and Google.
Although the Kazakh government is said to have stopped what it called “system testing” and allowed citizens to delete the certificate, both Google and Mozilla said its measures would stop the data-intercepting certificate from working — even if it’s still installed.
“We don’t take actions like this lightly,” said Marshall Erwin, Mozilla’s senior director of trust and security. But Google browser chief Parisa Tabriz said the company would “never tolerate any attempt, by any organization — government or otherwise — to compromise Chrome users’ data.”
The block went into effect invisibly and no action is needed by users.
Kazakhstan has a population of 18 million. Researchers said that the Kazakh government’s efforts to intercept the country’s internet traffic only hit a “fraction” of the connections passing through the country’s largest internet provider.
The Central-Asian country currently ranks as one of the least free countries on the internet freedom score, based off data collected by watchdog Freedom House, trailing just behind Russia and Iran.
A spokesperson for the Kazakhstan consulate in New York did not respond to a request for comment.