Last month, the government of Kazakhstan started intercepting all encrypted HTTPS Internet traffic by mandating the use of a government-issued certificate in all Web browsers and Internet-savvy devices inside the country. ISPs enforced the order by blocking Internet traffic if the certificate was missing. The program was halted earlier this month, with the government calling it a “test.”
Regardless, Apple, Google, and Mozilla have all now implemented countermeasures in their respective browsers to block the certificate and prevent future spying by the Kazakhstan government. Microsoft said that the Kazakhstani government was not in the company’s Trusted Root program, suggesting that it too was, in essence, locking the certificate.
On the one hand, kudos to Apple, Google, Microsoft, and Mozilla for preventing their apps from being weaponized and supporting their users’ right to privacy, something Apple has said it believes is a fundamental human right. On the other hand, this move highlights the increasing tension between corporations and governments now that companies have grown large and powerful enough to defy the wishes of governments with whose policies they disagree (and whose markets are small enough to risk). Expect to see more along these lines.