Cybersecurity

How governments can use cyber tools to preserve power

Employees, mostly veterans of military computing units, use keyboards as they work at a cyber hotline facility at Israel's Computer Emergency Response Centre (CERT) in Beersheba, southern Israel February 14, 2019. Picture taken February 14, 2019. REUTERS/Amir Cohen - RC1E423B2710

Social media sites provide an outlet for dissident commentary in countries where traditional media is targeted by government Image: REUTERS

This August, Google, Apple, and Mozilla moved to have their web browsers block the Kazakhstan root Certificate Authority (CA) certificate—just one of only a handful of times that tech companies have decided to block a CA because of the risk it might be enabling surveillance of internet users.

A CA is an entity responsible for issuing digital certificates that permit websites, devices, and users to assert their online identity. The use of these digital certificates helps enable secure communication on the web. If User A wants to connect to Website B, the certificate issued by a CA allows Website B to make a verifiable claim about their identity. This claim is used to establish an encrypted tunnel between User A and Website B, permitting secure and encrypted communication between users and websites. This encrypted tunnel is run through a secure version of the old hyper-text transfer protocol (HTTPS).

Have you read?
  • If two countries fought a cyber war, what might it look like?
  • Why we need to improve global cyber governance
  • What is the future of cyber governance?

As nation-states acquire new cyber tools and capabilities, they will need to decide how they will utilize this new technology and where along the spectrum between permissive approaches and more aggressive control they choose to place themselves.

If used haphazardly, new technology and capabilities may compromise the personal privacy of their citizens or the legitimacy of government, but also could facilitate the achievement of certain political, economic, or security goals.

Statecraft in the cyber domain is ultimately a balancing act where governments have to balance the opportunities of new technologies with the risk that these technologies will have negative impacts on domestic politics, international relations, the rights of their citizens, and more. In this case, the Kazakh government made a decision to create an explicitly government-controlled Certificate Authority, enabling the interception of what should have been secure communication between Kazakhtelecom users and websites.

This decision by Mozilla and the others followed reports that Kazakhtelecom, Kazakhstan’s largest Internet Service Provider (ISP), required users to install these government-issued HTTPS certificates.

Message interception

This meant that Kazakhtelecom could intercept communication between users and websites, facilitating the surveillance of users’ activity on social media sites including Facebook, Twitter, Instagram, Vkontakte, and more. After internet users were forced to install the fake root CA, HTTPS communication between users and websites were intercepted on 7% of Kazakhstan’s HTTPS servers, concentrated amongst social media services.

When the technology companies acted, amid outcry from the domestic legal community, the Kazakh government argued that the certificate was being used as part of a programme to improve the nation’s cybersecurity. Since then, the Kazakh National Security Committee has backtracked, claiming the programme was simply a test and then provided instructions on how to uninstall the certificate.

Why now?

Just this March, Nursultan Nazerbayev, Kazakhstan’s president for nearly thirty years, resigned and was succeeded by interim President Kassym-Jomart Tokayev. While Nazerbayev stepped down as president, he continues to serve as chair of the country’s influential security council and leader of his political party. Tokayev subsequently won popular elections in June with roughly 70% of the vote, amid allegations of vote rigging and large protests and arrests in multiple cities.

Tokayev inherited a country with a growing youth population and sluggish economy that relies heavily on energy exports.

Complicating things further, the ethnic makeup of the country includes a small, but dwindling, Russian minority whose interests Russian President Vladimir Putin has promised to protect. The June election represents the first non-violent transfer of power from one leader to another in independent Kazakhstan, setting a precedent for succession for other aging authoritarian leaders in the region. It also demonstrated how the strategic use of democratic institutions by authoritarian governments and restrictions on opposition activists and independent journalists can undermine truly free and fair elections.

Nazerbayev practised a softer version of authoritarianism than other Central Asian leaders, but he allowed little room for critics of government policies; and things have improved perhaps only slightly under his successor.

Social media's critical role

So in a country where opposition newspapers and journalists are often targeted by government, social media sites play a critical role in providing an outlet for dissident commentary, challenging trust in governmental institutions, and the legitimacy of political leaders. Facing the resignation of an aging leader, social tensions, and a growing youth population, the Kazakh government made a choice to utilize surveillance technology to monitor communications on the Internet, especially social media sites.

This decision was aimed at preserving authoritarian stability while the Kazakh government experiences daunting challenges—changes in leadership for the first time in almost thirty years, the struggle of economic diversification, and a burgeoning youth population that makes up nearly 40% of its total population.

Governments have the novel opportunity to use technology and cyberspace as a tool to achieve political, security, economic, and social goals

In the digital age, governments have the novel opportunity to use technology and cyberspace as a tool to achieve political, security, economic, and social goals—some governments make the choice to leverage technology to the greatest extent, while other opt to use technology in smaller, varying degrees, depending on their interests and priorities.

In the mid-2000s, the Kazakh government developed an online presence for government ministries and even rolled out digital government services. Since then, internet penetration has increased, and social media sites have become popular in Kazakhstan to provide an outlet for dissent and mobilize citizens.

Adapting to these developments, the Kazakh government reevaluated the role of technology in public affairs, leveraging legislation, cyberspace, and technology to track—and potentially limit—online dissent and criticism of government policies.

The Kazakh case serves as an example of irresponsible cyber statecraft, when governments use cyberspace and technological tools to achieve specific political goals, placing the rights of citizens, as well as their political legitimacy, on the line.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Related topics:
CybersecurityGeo-Economics and Politics
Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

5 ways to achieve effective cyber resilience

Filipe Beato and Jamie Saunders

November 21, 2024

We asked 6 tech strategy leaders how they're promoting security and reliability. Here's what they said

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum