Metadata about what sites you visit over HTTPS is already sent in the clear because of SNI and DNS (and incidentally, IP as well).
The situation is actually about as bad as it can be already, where multiple countries, not just the United States and Kazakhstan, can MITM Kazakhstani traffic (and other traffic).
Similar to the Dell root debacle, at some point some hacker will get their hands on a CA’s cert, whether it be VeriSign or Kazakhstan Central, and they will also have the power to MITM all your HTTPS traffic. If they are generous like Dell, they’ll give that power to everyone else as well.
So, people really shouldn’t be all that worried about this situation (as opposed to being worried about our current one) simply because it’s nothing new. We’re already f*cked.
This is not a good precedent.
OK, several reasons why this is not as scary as you might think:
So, people really shouldn’t be all that worried about this situation (as opposed to being worried about our current one) simply because it’s nothing new. We’re already f*cked.
They basically get the same ability as the NSA/GHCQ, but don’t need programs like PRISM to get to the data. [/cynicism]
The link gives 404 and I couldn’t find anything clear about this on the page, so I dug up an Archive link
http://web.archive.org/web/20151202203337/http://telecom.kz/en/news/view/18729