Google and Mozilla have taken the rare step of blocking an untrusted certificate issued by the Kazakhstan government, which critics say it forced its citizens to install as part of an effort to monitor their internet traffic.
The two browser makers said in a joint statement Wednesday it deployed “technical solutions” to block the government-issued certificate.
Citizens had been told to install the government-issued certificate on their computers and devices as part of a domestic surveillance program. In doing so it gave the government ‘root’ access to the network traffic on those devices, allowing the government to intercept and snoop on citizens’ internet browsing activities.
Researchers found that only a few sites were being monitored, like Facebook, Twitter, and Google.
Although the Kazakh government is said to have stopped what it called “system testing” and allowed citizens to delete the certificate, both Google and Mozilla said its measures would stop the data-intercepting certificate from working — even if it’s still installed.
“We don’t take actions like this lightly,” said Marshall Erwin, Mozilla’s senior director of trust and security. But Google browser chief Parisa Tabriz said the company would “never tolerate any attempt, by any organization — government or otherwise — to compromise Chrome users’ data.”