East Europe

Russia has said that it has successfully tested its sovereign internet, a country-wide alternative to the global internet.

RuNet, as the internet service is known , was tested on Monday to ensure the security of its internet infrastructure in case the country would like to cut itself off from the global internet.

Deputy communications minister Alexei Sokolov said the results of the tests would be presented to President Vladimir Putin, and added that the drills would continue in the future.

Four telecoms operators took part, with 18 different scenarios tested.

Internet rights activists have noted that the measures could tighten censorship and lead to online isolation. Russian authorities also tried to ensure that it was possible to intercept mobile phone traffic and text messages, Sokolov said.

In late July, mobile network providers in Kazakhstan started sending out SMS messages demanding that their clients install a 'national security certificate' on all personal digital devices with internet access. These messages claimed that the certificate would protect citizens from cyberattacks. They also assured users who did not install the application that they would encounter problems accessing certain websites (particularly those with HTTPS encryption.)

This news came one and a half months after Kazakhstan's government blocked access to internet and streaming services on June 9, when the country held presidential elections. The victory of Kassym-Zhomart Tokayev came amid mass protests calling for fair elections. Meanwhile, an internet blackout prevented protesters from coordinating their actions, helping police to arrest them.

These moves led some observers to fear the beginning of a wider crackdown on digital rights in Kazakhstan. So while Tokayev called off the introduction of the controversial national security certificates on August 6, there are grounds to doubt that this will be the government's last attempt to intrude on cyberspace. Fear and suspicion on social media

In the first days [after receiving the SMS messages] we faced lots of panic. People were afraid that they would indeed be deprived of access to certain websites without installing the security certificate, Gulmira Birzhanova, a lawyer at the North Kazakhstan Legal Media Centre told GV:

However, few users rushed to obey the SMS messages. I didn't install [the application]. I don't even know if any of my acquaintances dida.

Nevertheless, the demands to install an unknown security tool caused a wave of distrust and outrage on social media.

Daniil Vartanov, an IT expert from neighbouring Kyrgyzstan, was one of the first people to react to the launch of the certificate and confirmed users' suspicions.

Now they can read and replace everything you look at online. Your personal information can be accessed by anybody in the state security services, ministry of internal affairs, or even the illicitly hired nephew of some top official. This isn't an exaggeration; this is really how bad it is.

On August 1, Kazakhstan's prosecutor general issued a statement reassuring citizens that the national security certificate was aimed to protect internet users from illicit content and cyberattacks, stressing that the state guaranteed their right to privacy.

IT experts proved otherwise. Censored Planet, a project at the University of Michigan which monitors network interference in over 170 countries, warned that the Kazakh authorities had started attempting to intercept encrypted traffic using man in the middle attacks on July 17. At least 37 domains were affected, including social media networks.

Man in the middle or HTTPS interception attacks are attempts to replace genuine online security certificates with fake ones. Normally, a security certificate helps a browser or application (for example, Instagram or Snapchat) to ensure that it connects to the real server. If a state, [internet] provider or illegal intruder tries to intercept traffic, the application will stop working and the browser will display a certificate error. The Kazakh authorities push citizens to install this certificate so that the browser and application continue to work after the interception is spotted, explained Vartanov in an interview to GV in early August.

This was the authorities' third attempt to enforce the use of a national security certificate. The first came in late November 2015, right after certificate-related amendments were made to Kazakhstan's law on communication. The law obliges telecom operators to apply a national security certificate to all encrypted traffic except in cases where the encryption originates from Kazakhstan.

That same month, service providers announced that a national security certificate would come into force by January 2016. The announcement was soon taken down, and the issue remained forgotten for three years.

The second attempt came in March 2019, and was barely noticed by the public until they started to receive the aforementioned SMS messages in July.

After two weeks of turmoil on social media, Tokayev called off the certificate on August 6.

Why did Tokayev put the initiative on hold? Dmitry Doroshenko, an expert with over 15 years of experience in Central Asia's telecommunications sector, believes that concern about the security of online transactions played a major role:

In case of a man in the middle attack, an illegal intruder or state can use any decrypted data at their own discretion. That compromises all participants in any exchange of information. Most players in online markets would not be able to guarantee data privacy and security, said Doroshenko. It's obvious that neither internet giants nor banks or international payment systems are ready to take this blow to their reputation. If information were leaked, users would hold them to account rather than the state, which would not be unable to conduct any objective investigation, the IT specialist told Global Voices.

Citizens of Kazakhstan also appealed to tech giants to intervene and prevent the government from setting a dangerous precedent. On August 21, Mozilla, Google, and Apple agreed to block the Kazakh government's encryption certificate. In its statement, Mozilla noted that the country's authorities had already tried to have a certificate included in Mozilla's trusted root store program in 2015. After it was discovered that they were intending to use the certificate to intercept user data, Mozilla denied the request.

Kazakhstan is hardly the only country where the right to digital privacy is under threat. The British government wants to create a backdoor to access encrypted communications, as do its partners in the US. The Kremlin wants to make social media companies store data on servers located in Russia.

The Prime Minister of New Zealand Jacinda Ardern has contacted Ukraine's Government after Bellingcat investigative journalists revealed that Brenton Tarrent's manifesto was offered for sale in hardcopies via messengers in Ukraine.

New Zealand has made the request through diplomatic channels. News source MFA Ukraine reports on a response from a Ukrainian diplomat saying that Ukraine is concerned by the emerging reports about the distribution of such material in Ukraine:

We are convinced that there must be no place for racism, neo-Nazism and religious hatred in Ukrainian society.

The diplomats also said that they had already approached the Ministry of Internal Affairs and the Security Service of Ukraine with a request to confirm or deny the fact of the distribution of hardcopies of the manifesto translated into Ukrainian.