Kazakhstan has issued a notice on July 17 requesting that all browsers of all devices install the Root CA (qca.kz) from the government, otherwise the network will not be accessible, which will allow the country’s ISP to decrypt encrypted traffic. Kazakhstan’s security officials argued that the requirement is to protect Kazakhstan’s users from “hacking, online fraud and other cyber threats”. This approach has led to widespread controversy, with major browser developers discussing whether to add qca.kz CA to the blacklist.
However, this week, the Kazakhstan National Security Council issued a statement saying that the mandatory installation certificate is only a test, the test is over, the user can delete the certificate and use the Internet normally.
Kazakh President Kassym-Jomart Tokayev said in a tweet he had personally ordered the test which showed that protective measures “would not inconvenience Kazakh internet users”. “There are no grounds for concerns,” he said.