<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc version (Ruby 3.1.2) --><!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"><!ENTITY RFC7687 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7687.xml"> <!ENTITY RFC7258 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7258.xml"> <!ENTITY RFC8446 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"> <!ENTITY I-D.ietf-tls-esni SYSTEM "https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-tls-esni.xml"> <!ENTITY RFC7858 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7858.xml"> <!ENTITY RFC8484 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8484.xml"> <!ENTITY RFC7540 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7540.xml"> <!ENTITY RFC9000 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9000.xml"> <!ENTITY I-D.farrelll-mpls-opportunistic-encrypt SYSTEM "https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.farrelll-mpls-opportunistic-encrypt.xml"> <!ENTITY RFC8461 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8461.xml"> <!ENTITY RFC7217 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7217.xml"> <!ENTITY RFC8064 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8064.xml"> <!ENTITY RFC8981 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8981.xml"> <!ENTITY RFC1984 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1984.xml"> <!ENTITY RFC6462 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6462.xml"> <!ENTITY RFC7480 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7480.xml"> <!ENTITY RFC7481 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7481.xml"> <!ENTITY RFC9082 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9082.xml"> <!ENTITY RFC9083 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9083.xml"> <!ENTITY RFC7484 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7484.xml"> <!ENTITY RFC8056 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8056.xml"> <!ENTITY RFC8280 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8280.xml"> <!ENTITY DOI.10.5325_jinfopoli.11.2021.0376 SYSTEM "https://bib.ietf.org/public/rfc/bibxml7/reference.DOI.10.5325/jinfopoli.11.2021.0376.xml?anchor=Badii2021"> <!ENTITY RFC3365 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3365.xml">]> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-farrell-tenyearsafter-05"category="info"number="9446" submissionType="independent" category="info" tocInclude="true" sortRefs="true"symRefs="true">symRefs="true" updates="" obsoletes="" xml:lang="en" version="3"> <front> <title abbrev="Ten Years After">Reflections on Ten Years PastThethe Snowden Revelations</title> <seriesInfo name="RFC" value="9446"/> <author initials="S." surname="Farrell" fullname="Stephen Farrell"> <organization>Trinity College, Dublin</organization> <address> <postal> <country>Ireland</country> </postal> <email>stephen.farrell@cs.tcd.ie</email> </address> </author> <author initials="F." surname="Badii" fullname="Farzaneh Badii"> <organization>Digital Medusa</organization> <address> <email>farzaneh.badii@gmail.com</email> </address> </author> <author initials="B." surname="Schneier" fullname="Bruce Schneier"> <organization>Harvard University</organization> <address> <postal><country>USA</country><country>United States of America</country> </postal> <email>schneier@schneier.com</email> </address> </author> <author initials="S. M." surname="Bellovin" fullname="Steven M. Bellovin"> <organization>Columbia University</organization> <address> <postal><country>USA</country><country>United States of America</country> </postal> <email>smb@cs.columbia.edu</email> </address> </author> <date year="2023"month="June" day="20"/> <keyword>Internet-Draft</keyword>month="July"/> <keyword>pervasive monitoring</keyword> <keyword>privacy</keyword> <keyword>security</keyword> <abstract> <t>This memo contains the thoughts and recountings of events that transpired during and after the release of information about theNSAUnited States National Security Agency (NSA) by Edward Snowden in 2013. There are four perspectives: that of someone who was involved with sifting through the information to responsibly inform the public, that of a security area director of the IETF, that of a human rights expert, and that of a computer science and affiliate law professor. The purpose of this memo is to provide some historical perspective, while at the same time offering a view as to what security and privacy challenges the technical community shouldconsider.</t>consider. These essays do not represent a consensus view, but that of the individual authors. </t> </abstract> </front> <middle> <sectionanchor="introduction"><name>Introduction</name>anchor="introduction"> <name>Introduction</name> <t>On June 6th, 2013, an article appeared in <em>The Guardian</em> <xreftarget="guard2013"/>target="Guard2013"/> that was the beginning of a series of what have come to be known as the SnowdenRevelations,revelations, describing certain activities of the United States National Security Agency (NSA). These activities included, amongstothers;others: secret court orders; secret agreements for the receipt of so-called "meta-information" that includes source, destination, and timing of communications; and tapping of communications lines. The breathtaking scope of the operations shocked the Internet technical communitythat was reflectedand resulted in a sea change within the IETF, IAB, and other standards organizations.</t> <t>Now that some years have passed, it seems appropriate to reflect on that period oftime,time and to consider what effect the community's actions had, where security has improved, how the threat surface has evolved, what areas haven't improved, and where the community might invest future efforts.</t> <t>Bruce Schneier begins this compendium of individual essays by bringing us back to 2013, recalling how it was for him and others to report what was happening, and the mindset of those involved. Next, Stephen Farrell reviews the technical community's reactions and in particular the reactions of the IETF community, technical advances, and where threats remain. Then Farzaneh Badii discusses the impact of those advances–-- or lack thereof–-- on human rights. Finally Steven M. Bellovin puts the Snowden revelations into an ever-evolving historical context of secrets and secret stealing that spans centuries, closing with some suggestions for IETF.</t> <t>Readers are invited to consider what impact we as a community have had, what challenges remain, and what positive contribution the technical community can and should make to address security and privacy of citizens of the world.</t> <t>-- Eliot Lear, Independent Submissions Editor for the RFC Series</t> </section> <sectionanchor="bruce-schneier-snowden-ten-years-later"><name>Bruceanchor="bruce-schneier-snowden-ten-years-later"> <name>Bruce Schneier: Snowden Ten Years Later</name> <t>In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well.</t> <t>I wrote the essay below in September 2013.The <em>New<em>The New Yorker</em> agreed to publish it, butthe <em>Guardian</em><em>The Guardian</em> asked me not to. It was scared of UK lawenforcement,enforcement and worried that this essay would reflect badly on it. And given that the UK police would raid its offices in July 2014, it had legitimate cause to be worried.</t> <t>Now, ten years later, I offer this as a time capsule of what those early months of Snowden were like.</t><t>**********</t> <t>It’s<blockquote> <t>It's a surreal experience, paging through hundreds of top-secret NSA documents.You’reYou're peering into a forbidden world: strange, confusing, and fascinating all at the same time.</t> <t>I had flown down to Rio de Janeiro in late August at the request of Glenn Greenwald. He had been working on the Edward Snowden archive for a couple of months, and had a pile of more technical documents that he wanted help interpreting. According to Greenwald, Snowden also thought that bringing me down was a good idea.</t> <t>It made sense. I didn't know either of them, but I have been writing about cryptography, security, and privacy for decades. I could decipher some of the technical language that Greenwald had difficulty with, and understand the context and importance of various document. And I have long been publicly critical of theNSA’sNSA's eavesdropping capabilities. My knowledge and expertise could help figure out which stories needed to be reported.</t> <t>I thought about it a lot before agreeing. This was before David Miranda,Greenwald’sGreenwald's partner, was detained at Heathrow airport by the UK authorities; but even without that, I knew there was a risk. I fly alot—alot -- a quarter of a million miles peryear—andyear -- and being put on a TSA list, or being detained at the US border and having my electronics confiscated, would be a major problem. So would the FBI breaking into my home and seizing my personal electronics. But in the end, that made me more determined to do it.</t> <t>I did spend some time on the phone with the attorneys recommended to me by the ACLU and the EFF. And I talked about it with my partner, especially when Miranda was detained three days before my departure. Both Greenwald and his employer,the <em>Guardian</em>,<em>The Guardian</em>, are careful about whom they show the documents to. They publish only those portions essential to getting the story out. It was important to them that I be a co-author, not a source. Ididn’tdidn't follow the legal reasoning, but the point is thatthe <em>Guardian</em> doesn’t<em>The Guardian</em> doesn't want to leak the documents to random people. It will, however, write stories in the public interest, and I would be allowed to review the documents as part of that process. So after a Skype conversation with someone atthe <em>Guardian</em>,<em>The Guardian</em>, I signed a letter of engagement.</t> <t>And then I flew to Brazil.</t> <t>I saw only a tiny slice of the documents, and most of what I saw was surprisingly banal. The concerns of the top-secret world are largely tactical: system upgrades, operational problems owing to weather, delays because of work backlogs, and so on. I paged through weekly reports, presentation slides from status meetings, and general briefings to educate visitors. Management is management, even inside theNSANSA. Reading the documents, I felt as though I were sitting through some of those endless meetings.</t> <t>The meeting presenters try to spice things up. Presentations regularly include intelligence success stories. There weredetails—whatdetails -- what had been found, and how, and where ithelped—andhelped -- and sometimes there were attaboys from“customers”"customers" who used the intelligence.I’mI'm sure these are intended to remind NSA employees thatthey’rethey're doing good. It definitely had an effect on me. Those were all things I want the NSA to be doing.</t> <t>There were so many code names. Everything has one: every program, every piece of equipment, every piece of software. Sometimes code names had their own code names. The biggest secrets seem to be the underlying real-world information: which particular company MONEYROCKET is; what software vulnerabilityEGOTISTICALGIRAFFE—really,EGOTISTICALGIRAFFE -- really, I am not making that oneup—is;up -- is; how TURBINE works. Those secrets collectively have a codename—ECI,name -- ECI, for exceptionally compartmentedinformation—andinformation -- and almost never appear in the documents. Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. His response:“Trust"Trust me when I say you have noidea.”</t>idea."</t> <t>Those code names all come with logos, most of them amateurish and a lot of them dumb. Note to the NSA: take some of that more than ten-billion-dollar annual budget and hire yourself a design firm. Really;it’llit'll pay off in morale.</t> <t>Once in a while, though, I would see something that made me stop, stand up, and pace around in circles. Itwasn’twasn't that what I read was particularly exciting, or important. It was just that it was startling. Itchanged—everchanged -- ever soslightly—howslightly -- how I thought about the world.</t> <t>Greenwald said that that reaction was normal when people started reading through the documents.</t> <t>Intelligence professionals talk about how disorienting it is living on the inside. You read so much classified information about theworld’sworld's geopolitical events that you start seeing the world differently. You become convinced that only the insiders knowwhat’swhat's really going on, because the news media is so often wrong. Your family is ignorant. Your friends are ignorant. The world is ignorant. The only thing keeping you from ignorance is that constant stream of classified knowledge.It’sIt's hard not to feel superior, not to say things like“If"If you only knew what weknow”know" all the time. I can understand how General Keith Alexander, the director of the NSA, comes across as so supercilious; I only saw a minute fraction of that secret world, and I started feeling it.</t> <t>It turned out to be a terrible week to visit Greenwald, as he was still dealing with the fallout fromMiranda’sMiranda's detention. Two other journalists, one fromthe Nation<em>The Nation</em> and the other fromthe <em>Hindu</em>,<em>The Hindu</em>, were also in town working with him. A lot of my week involved Greenwald rushing into my hotel room, giving me a thumb drive of new stuff to look through, and rushing out again.</t> <t>A technician fromthe <em>Guardian</em><em>The Guardian</em> got a search capability working while I was there, and I spent some time with it. Question: whenyou’reyou're given the capability to search through a database of NSA secrets,what’swhat's the first thing you look for? Answer: your name.</t> <t>Itwasn’twasn't there. Neither were any of the algorithm names I knew, not even algorithms I knew that the US government used.</t> <t>I tried to talk to Greenwald about his own operational security. It had been incredibly stupid for Miranda to be traveling with NSA documents on the thumb drive. Transferring files electronically is what encryption is for. I told Greenwald that he and Laura Poitras should be sending large encrypted files of dummy documents back and forth every day.</t> <t>Once, atGreenwald’sGreenwald's home, I walked into the backyard and looked for TEMPEST receivers hiding in the trees. Ididn’tdidn't find any, but thatdoesn’tdoesn't mean theyweren’tweren't there. Greenwald has a lot of dogs, but Idon’tdon't think that would hinder professionals.I’mI'm sure that a bunch of major governments have a complete copy of everything Greenwald has. Maybe the black bag teams bumped into each other in those early weeks.</t> <t>I started doubting my own security procedures. Reading about theNSA’sNSA's hacking abilities will do that to you. Can it break the encryption on my hard drive? Probably not. Has the company that makes my encryption software deliberately weakened the implementation for it? Probably. Are NSA agents listening in on my calls back to the US? Very probably. Could agents take control of my computer over the Internet if they wanted to? Definitely. In the end, I decided to do my best and stop worrying about it. It was theagency’sagency's documents, after all. And what I was working on would become public in a few weeks.</t> <t>I wasn't sleeping well, either. A lot of it was the sheer magnitude of what I saw. It's not that any of it was a real surprise. Those of us in the information security community had long assumed that the NSA was doing things like this. But we never really sat down and figured out the details, and to have the details confirmed made a big difference. Maybe I can make it clearer with an analogy. Everyone knows that death is inevitable; there's absolutely no surprise about that. Yet it arrives as a surprise, because we spend most of our lives refusing to think about it. The NSA documents were a bit like that. Knowing that it is surely true that the NSA is eavesdropping on the world, and doing it in such a methodical and robust manner, is very different from coming face-to-face with the reality that it is and the details of how it is doing it.</t> <t>I also found it incredibly difficult to keep the secrets.The <em>Guardian</em>’s<em>The Guardian</em>'s process is slow and methodical. I move much faster. I drafted stories based on what I found. Then I wrote essays about those stories, and essays about the essays. Writing was therapy; I would wake up in the wee hours of the morning, and write an essay. But that put me at least three levels beyond what was published.</t> <t>Now that my involvement is out, and my first essays are out, I feel a lot better. I'm sure it will get worse again when I find another monumental revelation; there are still more documents to go through.</t><t>I’ve<t>I've heard it said that Snowden wants to damage America. I can say with certainty that he does not. So far, everyone involved in this incident has been incredibly careful about what is released to the public. There are many documents that could be immensely harmful to the US, and no one has any intention of releasing them. The documents the reporters release are carefully redacted. Greenwald and I repeatedly debated with<em>Guardian</em><em>The Guardian</em> editors the newsworthiness of story ideas, stressing that we would not expose government secrets simply becausethey’rethey're interesting.</t> <t>The NSA got incredibly lucky; this could have ended with a massive public dump like ChelseaManning’sManning's State Department cables. I suppose it still could. Despite that, I can imagine how this feels to the NSA.It’sIt's used to keeping this stuff behind multiple levels of security: gates with alarms, armed guards, safe doors, and military-grade cryptography.It’sIt's not supposed to be on a bunch of thumb drives in Brazil, Germany, the UK, the US, and who knows where else, protected largely by some randompeople’speople's opinions about what should or should not remain secret. This is easily the greatest intelligence failure in the history of ever.It’sIt's amazing that one person could have had so much access with so little accountability, and could sneak all of this data out without raising any alarms. The odds are close to zero that Snowden is the first person to do this;he’she's just the first person to make public that he did.It’sIt's a testament to GeneralAlexander’sAlexander's power that hehasn’thasn't been forced to resign.</t><t>It’s<t>It's not that weweren’tweren't being careful about security,it’sit's that our standards of care are so different. From theNSA’sNSA's point of view,we’rewe're all major security risks, myself included. I was taking notes about classified material, crumpling them up, and throwing them into the wastebasket. I was printing documents marked“TOP SECRET/COMINT/NOFORN”"TOP SECRET/COMINT/NOFORN" in a hotel lobby. And once, I took the wrong thumb drive with me to dinner, accidentally leaving the unencrypted one filled with top-secret documents in my hotel room. It was an honest mistake; they were both blue.</t> <t>If I were an NSA employee, the policy would be to fire me for that alone.</t> <t>Many have written about how being under constant surveillance changes a person. When you knowyou’reyou're being watched, you censor yourself. You become less open, less spontaneous. You look at what you write on your computer and dwell on whatyou’veyou've said on the telephone, wonder how it would sound taken out of context, from the perspective of a hypothetical observer.You’reYou're more likely to conform. You suppress your individuality. Even though I have worked in privacy for decades, and already knew a lot about the NSA and what it does, the change was palpable. That feelinghasn’thasn't faded. I am now more careful about what I say and write. I am less trusting of communications technology. I am less trusting of the computer industry.</t> <t>After much discussion, Greenwald and I agreed to write three stories together to start. All of those are still in progress. In addition, I wrote two commentaries on the Snowden documents that were recently made public.There’sThere's a lot more to come; even Greenwaldhasn’thasn't looked through everything.</t> <t>Since my trip to Brazil[one(one monthbefore], I’vebefore), I've flown back to the US once and domestically seventimes—alltimes -- all without incident.I’mI'm not on any list yet. At least, none that I know about.</t><t>**********</t></blockquote> <t>As it happened, Ididn’tdidn't write much more with Greenwald orthe <em>Guardian</em>.<em>The Guardian</em>. Those two had a falling out, and by the time everything settled and both began writing about the documentsindependently—Greenwaldindependently -- Greenwald at the newly formed websitethe <em>Intercept</em>—I<em>The Intercept</em> -- I got cut out of the process somehow. I remember hearing that Greenwald was annoyed with me, but I never learned the reason. Wehaven’thaven't spoken since.</t> <t>Still, I was happy with the one story I was part of: how the NSA hacks Tor. I consider it a personal success that I pushedthe <em>Guardian</em><em>The Guardian</em> to publish NSA documents detailing QUANTUM. Idon’tdon't think that would have gotten out any other way. And I still use those pages today when I teach cybersecurity to policymakers at the Harvard Kennedy School.</t> <t>Other people wrote about the Snowden files, and wrote a lot. It was a slow trickle at first, and then a more consistent flow. Between Greenwald, Bart Gellman, andthe <em>Guardian</em><em>The Guardian</em> reporters, there ended up being steady stream of news. (Bart brought in Ashkan Soltani to help him with the technical aspects, which was a great move on his part, even if it cost Ashkan a government job later.) More stories were covered by other publications.</t> <t>It started getting weird. Both Greenwald and Gellman held documents back so they could publish them in their books. Jake Appelbaum, who had not yet been accused of sexual assault by multiple women, was working with Poitras. He partnered withSpiegel<em>Der Spiegel</em> to release an implant catalog from theNSA’sNSA's Tailored Access Operations group. To this day, I am convinced thatthatthe document was not in the Snowden archives: that Jake got it somehow, and it was released with the implication that it was from Edward Snowden. I thought it was important enough that I started writing about each item in that document in my blog:”NSA"NSA Exploit of theWeek.”Week." That got my website blocked by the DoD: I keep a framed print of thecensor’scensor's message on my wall.</t> <t>Perhaps the most surreal document disclosures were when artists started writing fiction based on the documents. This was in 2016, when Laura Poitras built a secure room in New York to house the documents. By then, the documents were years out of date. And nowthey’rethey're over a decade out of date. (They were leaked in 2013, but most of them were from 2012 or before.)</t> <t>I ended up being something of a public ambassador for the documents. When I got back from Rio, I gave talks at a private conference in Woods Hole, the Berkman Center at Harvard, something called the Congressandon Privacy and Surveillance in Geneva, events at both CATO and New America in DC, an event at the University of Pennsylvania, an event atEPIC andEPIC, a“Stop"Stop WatchingUs”Us" rally in DC, the RISCS conference in London, the ISF in Paris, and...then...at the IETF meeting in Vancouver in November 2013. (I remember little of this; I am reconstructing it all from my calendar.)</t> <t>What struck me at the IETF was the indignation in the room, and the calls to action. And there was action, across many fronts. We technologists did a lot to help secure the Internet, for example.</t> <t>The governmentdidn’tdidn't do its part, though. Despite the public outcry, investigations by Congress, pronouncements by President Obama, and federal court rulings, Idon’tdon't think much has changed. The NSA canceled a program here and a program there, and it is now more public about defense. But Idon’tdon't think it is any less aggressive about either bulk or targeted surveillance. Certainly its government authoritieshaven’thaven't been restricted in any way. And surveillance capitalism is still the business model of the Internet.</t> <t>And Edward Snowden? We were in contact for a while on Signal. I visited him once in Moscow, in 2016. And I had him doana guest lecture to my class at Harvard for a few years, remotely by Jitsi. Afterwards, I would hold a session where I promised to answer every question he would evade or not answer, explain every response he did give, and be candid in a way that someone with an outstanding arrest warrant simply cannot. Sometimes I thought I could channel Snowden better than he could.</t> <t>But nowit’sit's been a decade. Everything he knows is old and out of date. Everything we know is old and out of date. The NSA suffered an even worse leak of its secrets by the Russians, under the guise of the Shadow Brokers, in 2016 and 2017. The NSA has rebuilt. It again has capabilities we can only surmise.</t> </section> <sectionanchor="stephen-farrell-ietf-and-internet-technical-community-reaction"><name>Stephenanchor="stephen-farrell-ietf-and-internet-technical-community-reaction"> <name>Stephen Farrell: IETF and Internet Technicalcommunity reaction</name>Community Reaction</name> <t>In 2013, the IETF and, more broadly, the Internet technical,securitysecurity, and privacy research communities, were surprised by the surveillance and attack efforts exposed by the Snowdenrevelations.revelations <xreftarget="timeline"/>target="Timeline"/>. While the potential for such was known, it was the scale and pervasiveness of the activities disclosed that was alarming and, I think it fair to say, quite annoying, for very many Internet engineers.</t> <t>As for the IETF's reaction, informal meetings during the July 2013 IETF meeting in Berlin indicated that IETF participants considered that these revelations showed that we needed to do more to improve the security and privacy properties of IETF protocols, and to help ensure deployments made better use of the security and privacy mechanisms that already existed. In August, the IETF set up a new mailing list <xreftarget="perpass"/> that ended up beingtarget="Perpass"/>, which became a useful venue for triaging proposals for work on these topics. At the November 2013 IETF meeting, there was a lively and very well attended plenary session <xreftarget="plenary-video"/>target="Plenary-video"/> on "hardening the Internet" against such attacks, followed by a "birds of a feather" session <xref target="Perpass-BoF"/> devoted to more detailed discussion of possible actions in terms of new working groups,protocolsprotocols, andbest-current-practiceBest Current Practice (BCP) documents that could help improve matters. This was followed in February/March 2014 by a joint IAB/W3C workshop on "strengthening the Internet against pervasive monitoring" <xref target="STRINT"/> held in London and attended by 150 engineers (still the only IAB workshop in my experience where we needed await-listwaiting list for people after capacity for the venue was reached!). The STRINT workshop report was eventually published as <xref target="RFC7687"/> in 2015, but in themeantimemeantime, work proceeded on aBest Current Practice (BCP)BCP document codifying that the IETF community considered that "pervasive monitoring is an attack" <xref target="RFC7258"/> (akaBCP188).BCP 188). The IETFlast-callLast Call discussion for that short document included more than 1000 emails--- while there was broad agreement on the overall message, a number of IETF participants considered enshrining that message in the RFCseriesSeries and IETF processeswascontroversial. In anycasecase, the BCP was published in May 2014. The key statement on which rough consensus was reached is in the abstract ofRFC7258RFC 7258 and says "Pervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible." That document has since been referenced <xreftarget="refs-to-7258"/>target="Refs-to-7258"/> by many IETF working groups and RFCs as justifying additional work on security and privacy. Throughout that period and beyond, the repercussions of the Snowden revelations remained a major and ongoing agenda item for both of the IETF's main technical managementbodies -bodies, the IAB and the IESG (on which I served at the time).</t> <t>So far, I'vereallyonly described the processes with which the IETF dealt with the attacks, but therewaswas, ofcoursecourse, also much technical work started by IETF participants that was at least partly motivated by the Snowden revelations.</t> <t>In November20132013, a working group was established to document better practices for using TLS in applications <xref target="UTA"/> so that deployments would be less at risk in the face of some of the attacks related to stripping TLS or having applicationsmis-usemisuse TLS APIs or parameters. Similar work was done later to update recommendations for use of cryptography in other protocols in the CURDLE Working Group <xreftarget="CURDLE"/> working group later.target="CURDLE"/>. The CURDLEworking group wasWorking Group was, to anextentextent, created to enable use of a set of new elliptic curves that had been documented by the IRTFcrypto forum research group.Crypto Forum Research Group <xreftarget="CFRG"/>target="CFRG"/>. That work in turn had been partly motivated by (perhaps ultimately unfounded) concerns about elliptic curves defined in NIST standards, following the DUAL_EC_DRBG debacle <xreftarget="dual-ec"/>target="Dual-EC"/> (described further below) where a NIST random number generator had been deliberately engineered to produce output that could be vulnerable to NSA attack.</t> <t>Work to develop a new version of TLS was started in 2014, mainly due to concerns thatTLSv1.2TLS 1.2 and earlier version implementations had been shown to be vulnerable to a range of attacks over the years. The work to developTLSv1.3TLS 1.3 <xref target="RFC8446"/> alsohoweveraimed to encrypt more of the handshake so as to expose less information to network observers--- a fairly direct result of the Snowden revelations. Work to further improve TLS in this respect continues today using the so-calledencrypted client helloEncrypted Client Hello (ECH) mechanism <xref target="I-D.ietf-tls-esni"/>mechanismto remove one of the last privacy leaks present in current TLS.</t> <t>Work on ECH was enabled by significant developments to encrypt DNS traffic, using DNS over TLS (DoT) <xref target="RFC7858"/> or DNS Queries over HTTPS (DoH) <xreftarget="RFC8484"/>target="RFC8484"/>, which also started as a result of the Snowden revelations. Prior to that, privacy hadn't really been considered when it came to DNS data or (more importantly) the act of accessing DNS data. The trend towards encrypting DNS traffic represents a significant change for the Internet, both in terms of reducing cleartext, but also in terms of moving points-of-control. The latter aspect was, and remains, controversial, but the IETF did its job of defining new protocols that can enable better DNS privacy. Work on HTTP version 2 <xreftarget="RFC7540"/>target="RFC9113"/> and QUIC <xref target="RFC9000"/> further demonstrates the trend in the IETF towardsalways-encryptingalways encrypting protocols as the new norm, at least at and above the transport layer.</t> <t>Of course, not all such initiatives borefruit,fruit; forexampleexample, attempts to define a new MPLS encryption mechanism <xreftarget="I-D.farrelll-mpls-opportunistic-encrypt"/>target="I-D.ietf-mpls-opportunistic-encrypt"/> foundered due to a lack of interest and the existence of the already deployed IEEEMACSECMedia Access Control Security (MACsec) scheme. But there has been a fairly clear trend towards trying to remove cleartext from the Internet as a precursor to provide improved privacy when considering network observers as attackers.</t> <t>The IETF, of course, forms only one part of the broader Internet technical community, and there were many non-IETF activities triggered by the Snowden revelations, a number of which also eventually resulted in new IETF work to standardise better security and privacy mechanisms developed elsewhere.</t> <t>In 2013, the web was largely unencrypted despite HTTPS being relativelyusableusable, and that was partly due to problems using theWebPKIWeb PKI at scale. The Let's Encrypt initiative <xref target="LE"/>initiativeissued its first certificates in 2015 as part of its aim to try to move the web towards being fully encrypted, and it has been extremely successful in helping achieve that goal. Subsequently, the automation protocols developed for Let's Encrypt were standardised in the IETF's ACME Working Group <xreftarget="ACME"/> working group.</t>target="ACME"/>.</t> <t>In 2013, most email transport between mail servers was cleartext, directly enabling some of the attacks documented in the Snowden documents. Significant effort by major mail services and MTA software developers since then have resulted in more than 90% of email being encrypted between mailserversservers, and various IETF protocols have been defined in order to improve that situation, e.g., SMTP MTA Strict Transport Security(MTA-STS).(MTA-STS) <xreftarget="RFC8461"/></t>target="RFC8461"/>.</t> <t>Lastly, MAC addresses have historically been long-term fixed values visible to local networks (and beyond), which enabled some tracking attacks that were documented in the Snowdendocuments.documents <xreftarget="Toronto"/> Implementers/vendorstarget="Toronto"/>. Implementers, vendors, and the IEEE 802 standards group recognised this weakness and started work on MAC address randomisation that in turnleadled to the IETF's MADINAS Working Group <xreftarget="MADINAS"/> working group thattarget="MADINAS"/>, which aims to ensure randomised MAC addresses can be used on the Internet without causing unintentional harm. There is also a history of IETF work on deprecatingMAC-address basedMAC-address-based IPv6 interfaceidentifiers,identifiers and advocatingpseudo-randompseudorandom identifiers and temporary addresses, some of which pre-datesSnowden.Snowden <xref target="RFC7217"/> <xref target="RFC8064"/> <xreftarget="RFC8981"/></t>target="RFC8981"/>.</t> <t>In summary, the significantly large volume of technical work pursued in the IETF and elsewhere as a result of the Snowden revelations has focussed on two main things: decreasing the amount of plaintext that remains visible to network observers and secondly reducing the number of long-term identifiers that enable unexpected identification or re-identification of devices or users. This work is not by any means complete, nor is deployment universal, but significant progress has beenmademade, and the work continues even if the level of annoyance at the attack has faded somewhat over time.</t> <t>One should also note that there has beenpush-backpushback against these improvements in security and privacy and the changes they cause for deployments. That has come from more or less twocamps -camps: those on whom these improvements force change tend to react badly, but later figure out how toadjust. The second camp beingadjust, and those who seemingly prefer not to strengthen security so astoto, forexampleexample, continue to achieve what they call "visibility" even in the face of the many engineers who correctly argue that such an anti-encryption approach inevitably leads to worse security overall. The recurring nature of this kind ofpush-backpushback is nicely illustrated by <xref target="RFC1984"/>. That informational document was published in 1996 as an IETF response to an early iteration of the perennial "encryption is bad" argument. In 2015, the unmodified 1996 text was upgraded to aBest Current Practice (BCP200)BCP (BCP 200) as the underlying arguments have not changed, and will not change.</t> <t>Looking back on all the above from a 2023 vantage point, I think that, as a community of Internet engineers, we got a lot right, but that today there's way more that needs to be done to better protect the security and privacy of people who use the Internet. In particular, we (the technical community) haven't done nearly as good a job at countering surveillance capitalism <xreftarget="zubhoff2019"/>target="Zubhoff2019"/>, which has exploded in the last decade. In part, that's because many of the problems are outside of the scope of bodies such as the IETF. For example, intrusiveback-endbackend sharing of people's data for advertising purposes can't really be mitigated via Internet protocols.</t> <t>However, I also think that the real annoyance felt with respect to the Snowden revelations is (in general) not felt nearly as much when it comes to the legal but hugely privacy-invasive activities of major employers of Internet engineers.</t> <t>It's noteworthy thatRFC7258RFC 7258 doesn't consider that bad actors are limited to governments, and personally, I think many advertising industry schemes for collecting data are egregious examples of pervasive monitoring and hence ought also be considered an attack on the Internet that ought be mitigated where possible. However, the Internet technical community clearly hasn't acted in that way over the last decade.</t> <t>Perhaps that indicates that Internet engineers and the bodies in which they congregate need to place much more emphasis on standards for ethical behaviour than has been the case for the first half-century of the Internet. And while it would be good to see the current leaders of Internet bodies work to make progress in that regard, at the time of writing, it sadly seems more likely that government regulators will be the ones to try force better behaviour. That of course comes with a significant risk of having regulations that stymie the kind of permissionless innovation that characterised many earlier Internet successes.</t> <t>So while we got a lot right in our reaction to Snowden's revelations, currently, we have a "worse" Internet. Nonetheless, I do still hope to see asea-changesea change there, as the importance of real Internet security and privacy for people becomes utterly obvious to all, even the mosthard corehard-core capitalists and government signals intelligence agencies. That may seem naive, but I remain optimisticthatthat, as a fact-basedcommunitycommunity, we (and eventually our employers) will recognise that the lesser risk is to honestly aim to provide the best security and privacy practically possible.</t> </section> <sectionanchor="farzaneh-badii-did-snowdens-revelations-help-with-protecting-human-rights-on-the-internet"><name>Farzanehanchor="farzaneh-badii-did-snowdens-revelations-help-with-protecting-human-rights-on-the-internet"> <name>Farzaneh Badii: DidSnowden’s revelations helpSnowden's Revelations Help withprotecting human rightsProtecting Human Rights on the Internet?</name> <t>It is very difficult to empirically measure the effect of Snowden's revelations on human rights and the Internet. Anecdotally, we have been witnessing dominant regulatory and policy approaches that impact technologies and services that are at the core of protecting human rights on the Internet. (A range of European Union lawsthataims to address online safety or concentration of data. There are many more regulations that have an impact on theInternet.<xref target="Masnick2023"/>)Internet <xref target="Masnick2023"/>.) There has been little progress in fixing technical and policy issues that help enable human rights. The Snowden revelations did nothave a revolutionary effect on our approach towards not using policiesrevolutionize the Internet governance and technicalmeans that have an effect onapproaches to support humanrights,rights such as freedom of expression, freedom of association andassemblyassembly, and privacy. It did not decrease the number of Internetshutdowns,shutdowns nor the eagerness of authoritarian (and even to some extent democratic) countries to territorialize the Internet. In some cases, the governments argued that they should have more data sovereignty or Internet sovereignty. Perhaps the revelations helped with the evolution of some technical and policy aspects.</t> <t>AfterSnowden’sSnowden's revelations 10 years ago, engineers and advocates at theInternet Engineering Task Force (IETF)IETF responded in a few ways. One prominent response was the issuance of aBest Current PracticeBCP document,“Pervasive"Pervasive Monitoring Is anAttack”Attack" <xref target="RFC7258"/> by Farrell and Tschofenig. The responses to the Snowden revelations did not mean that IETF had lost sight of issues such as privacy and surveillance. There were instances of resistance to surveillance in the past by engineers (we do not delve into how successful that was in protecting human rights).ButHowever, historically, many engineers believed that widespread and habitual surveillance was too expensive to be practical. The revelations proved them wrong.</t> <t>Rights-centered activists were also involved with the IETF before the revelations. For example, staff from Center for Democracy and Technology (CDT) was undertaking work at the IETF (and was a member of the Internet Architecture Board) and held workshops about the challenges of creatingprivacy protectiveprivacy-protective protocols and systems. The technical shortcomings that were exploited by the National Security Agency to carry out mass-scale surveillance were recognized by the IETF before the Snowden revelations <xreftarget="Garfinkel1995"/>,<xreftarget="Garfinkel1995"/> <xref target="RFC6462"/>. In 2012, Joy Liddicoat and Avri Doria wrote a reportatfor the Internet Societywhichthat extensively discussed the processes and principles of human rights and Internet protocols <xref target="Doria2012"/>.</t> <t>Perhaps the Snowden revelations brought more attention to the IETF and its work as it related to important issues, such as privacy and freedom of expression. It might have also expedited and helped with more easily convening the Human Rights Protocol Considerationsresearch groupResearch Group (HRPC) in the Internet Research Task Force(IRTF). Co-chaired(IRTF) in July 2015. The HRPC RG was originally co-chaired by Niels ten Oever (who worked at Article 19 at the time) and Internet governance activist AvriDoria, the Internet Research Task Force in July 2015 chartered a Research Group on “Human Rights Protocol Considerations” (the HRPC RG).Doria. The charter of the HRPC RGstatedstates that the group was established:“to"to research whether standards and protocols can enable, strengthen or threaten human rights, as defined in theUDHRUniversal Declaration of Human Rights (UDHR) and the International Covenant on Civil and Political Rights(ICCPR).”</t>(ICCPR)."</t> <t>During the pastdecades,decade, a few successful strides were made to create protocols that, when and if implemented, aim at protecting privacy of the users, as well as help with reducing pervasive surveillance. These efforts were in keeping with the consensus of the IETF found in RFC 7258. Sometimes these protocols have anti-censorship qualities as well. A few examples immediately come to mind: 1)Encryptionthe encryption of DNS queries (forexampleexample, DNS overHTTPS);HTTPS), 2) ACME protocol underpinning the Let's Encryptinitiativeinitiative, and 3) Registration Data Access Protocol(RDAP)<xref target="RFC7480"/>,<xref target="RFC7481"/>,<xref target="RFC9082"/>,<xref target="RFC9083"/>,<xref target="RFC7484"/>,(RDAP) <xref target="RFC7480"/> <xref target="RFC7481"/> <xref target="RFC8056"/> <xref target="RFC9082"/> <xreftarget="RFC8056"/>.target="RFC9083"/> <xref target="RFC9224"/>. (It is debatable that RDAP had anything to do with the Snowdenrevelationsrevelations, but it is still a good example and is finally being implemented.)</t><t>DNS<t>The DNS Queries over HTTPS protocol aimed to encrypt DNS queries. Four years after RFC 7258, DoH was developed to tackle both active and passive monitoring of DNS queries. It is also a tool that can help with combatting censorship. Before the revelations, DNS query privacy would have been controversial due to being expensive orunnecessaryunnecessary, but the Snowden revelations made it more plausible. Let's Encrypt was not an Internet protocol, but it was an initiative that aimed to encrypt thewebweb, and later on some of the automation protocols were standardized in the IETF ACMEworking group. The Registration Data Access ProtocolWorking Group. RDAP could solve along termlong-term problem: redacting the domain nameregistrantsregistrants' (and IP addressholders)holders') sensitive, personal data but at the same time enabling legitimate access to the information. As to the work of HRPCresearch group,Research Group, it has so far issued <xref target="RFC8280"/> by ten Oever andCath)Cath and a number of informational Internet-Drafts.</t> <t>While we cannot really argue that all the movements andprivacy preservingprivacy-preserving protocols and initiatives that enable protecting human rights at the infrastructure layer solely or directly result from the Snowden revelations, I think it is safe to say that the revelations helped with expediting the resolution of some of the“technical”"technical" hesitations that had an effect on fixing Internet protocols that enabled protection of human rights.</t> <t>Unfortunately, the Snowden revelations have not yet helped us meaningfully with adopting a human rights approach. Wecan’tcan't agree on prioritizing human rights in our Internet communities for a host of reasons. This could be due to: 1) human rights are sometimes in conflict with eachotherother; 2) it is simply not possible to mitigate the human right violation through the Internetprotocolprotocol; 3) it is not obvious for the engineersbefore-the-factin advance how the Internet protocol contributes to enabling human rights protections, or precisely what they ought tododo; 4) the protocol is alreadytherethere, but market,lawlaw, and a host of other societal and political issues do not allow for widespread implementation.</t> <t>IETF did not purposefully take a long time to adopt and implement protocols that enabled human rights. There were technical and political issues that created barriers. For example, as WHOIS was not capable of accommodating atiered accesstiered-access option, the IETF community attempted a few times before to create a protocol that would disclose the necessary information of IP holders and domain name registrants while at the same time protecting their data(CRISP(Cross Registry Internet Service Protocol (CRISP) and later onIRISInternet Registry Information Service (IRIS) are the examples). However, IRIS was technically very difficult to implement. It was not until RDAP was developed and the General Data Protection Regulation (GDPR) was enacted that Internet Corporation for Assigned Names and Numbers had to consider instructing registries and registrars to implement RDAP and its community had to come up with aprivacy compliantprivacy-compliant policy. Overall, a host of regulatory and market incentives can halt or slow down the implementation ofhuman rights enablinghuman-rights-enabling protocols and implementation could depend on other organizations with their own political and stakeholder conflicts. Sometimes the protocol is available, but the regulatory framework and the market do not allow for implementation. Sometimes the surrounding context includes practical dimensions that are easy to overlook in a purely engineering-focusedargument.<br />argument.</t> <t> A curious example of this is sanctions regimes that target transactions involvingeconomically-valuableeconomically valuable assets. As a result, sanctions might limit sanctioned nations' and entities' access to IPv4 resources (because the existence of a resale market for these addresses causes acquiring them to be interpreted as buying something of value), though the same consideration may not apply to IPv6 address resources. But IPv6 adoption itself depends on a host of complex factors that are by no means limited to technical comparisons of the properties of IPv4 and IPv6. Someone focused only on technical features of protocols may devise an elegant solution but be surprised both by deployment challenges and unintended downstream effects. Sometimes there are arguments over implementation of a protocol because as it is perceived, while it can protect freedom of expression and reduce surveillance, it can hamper other human rights. For instance,wethe technical community and some network operators still have doubts aboutimplementingthe implementation of DNS overHTTPS without seriously consideringHTTPS, despite itscontributionspotential tofight withcircumvent censorship andbring encryptionits ability to encrypt DNS queries. The arguments against implementation of DoH include protection of children online and lack of law enforcement access to data.</t> <t>We must acknowledge that sometimes the technical solutions that we use that protect one right (forexampleexample, encryption to protect the right to privacy or to prevent surveillance) could potentially affect technical and policy solutions that try to protect other human rights (forexampleexample, encryption could prevent financial institutions from monitoring employees' network activities to detect fraudulent behavior). Acknowledging and identifying these conflicts can help us come up with alternative techniques that could protect human rights while not hampering other technical solutions such as encryption. Where such alternative techniques are not possible, acknowledging the shortcoming could clarify and bring to light the trade-offs that we have accepted in our Internet system.</t> <t>Ironically, we advocate for connectivity and believe expressing oneself on the Internet is a human right, but when a war erupts, we resort to tools that impact that very concept. For example, some believeviathat, by imposing sanctions on critical properties of the Internet, we can punish the perpetrators of a war. The Regional Internet Registries that are in charge of registration of IP addresses have shown resilience to these requests. However, sometech-companies, for exampletech companies (for example, Cogent <xreftarget="Roth2022"/>,target="Roth2022"/>) decided not to serve sanctioned countries andover-complyovercomplied with sanctions.Over-complianceOvercompliance with sanctions could hamper ordinary people's access to theInternet.Internet <xreftarget="Badii2023"/></t>target="Badii2023"/>.</t> <t>Perhaps we can solve some of these problems by undertaking a thorough impact assessment and contextualization to reveal how and why Internet protocols affect human rights (something Fidler and I argued for <xref target="Badii2021"/>). Contextualization and impact assessment can reveal how each Internet protocol or each line of code, in which systems, have an impact on which and whose human rights.</t> <t>The HRPC RG (which I am a part of) and the larger human rights and policy analyst communities are still struggling to analyze legal,socialsocial, and market factors alongside the protocols to have a good understanding of what has an impact and what has to be changed. It is hard, but it is not impossible. If we thoroughly document and research the lifecycle of an Internet protocol and contextualize it, we might have a better understanding ofhow and if we can actually fixwhich parts of the protocol to fix and how to fix them in order to protect human rights.</t> <t>Overall, the revelations did, to some extent, contribute to the evolution of our ideas and perspectives. Our next step should be to undertake research on the impact of Internet systems (including Internet protocols) on human rights, promote the implementation of protocols good for human rights through policy andadvocacyadvocacy, and focus on which technical parts we can standardize to help with more widespread implementation ofhuman rights enablinghuman-rights-enabling Internet protocols.</t> </section> <sectionanchor="steven-m-bellovin-governments-and-cryptography-the-crypto-wars"><name>Stevenanchor="steven-m-bellovin-governments-and-cryptography-the-crypto-wars"> <name>Steven M. Bellovin: Governments and Cryptography: The Crypto Wars</name> <sectionanchor="historical-background"><name>Historicalanchor="historical-background"> <name>Historical Background</name><t>It’s<t>It's not a secret: many governments in the worlddon’tdon't like it when people encrypt their traffic. More precisely, they like strong cryptography for themselves but not for others, whether those others are private citizens or other countries. But the history is longer and more complex than that.</t> <t>For much of written history, both governments and individuals used cryptography to protect their messages. To cite just one famous example, Julius Caesar is said to have encrypted messages by shifting letters in the alphabet by 3 <xref target="Kahn1996"/>. In modern parlance, 3 was the key, and each letter was encrypted with</t><ul empty="true"><li> <t>C[i]<t indent="6"> C[i] = (P[i] + 3) mod23</t> </li></ul>23 </t> <t>(The Latin alphabet of his time had only 23 letters.) Known Arabic writings on cryptanalysis go back to at least the 8th century; their sophistication shows that encryption was reasonably commonly used. In the 9th century,Abu Yusuf Ya’qubAbū Yūsuf Yaʻqūb ibn‘Ishaq aṣ-Ṣabbah al-KindiʼIsḥāq aṣ-Ṣabbāḥ al-Kindī developed and wrote about frequency analysis as a way to crack ciphers <xreftarget="Borda2011"/>,<xreftarget="Borda2011"/> <xref target="Kahn1996"/>.</t> <t>In an era of minimal literacy, though, therewasn’twasn't that much use of encryption, simply because most people could neither read nor write. Governments used encryption for diplomatic messages, and cryptanalysts followed close behind. The famed Black Chambers of the Renaissance era read messages from many different governments, while early cryptographers devised stronger and stronger ciphers <xref target="Kahn1996"/>. In Elizabethan times in England, Sir FrancisWalsingham’sWalsingham's intelligence agency intercepted and decrypted messages from Mary, Queen of Scots; these messages formed some of the strongest evidence against her and eventually led to her execution <xref target="Kahn1996"/>.</t> <t>This pattern continued for centuries. In the United States, Thomas Jefferson invented the so-called wheel cipher in the late 18th century; it was reinvented about 100 years later byEtienneÉtienne Bazeries and used as a standard American military cipher well into World War II <xref target="Kahn1996"/>. Jefferson and other statesmen ofthat erathe late 18th and early 19th centuries regularly used cryptography when communicating with each other. An encrypted message was even part of the evidence introduced in AaronBurr’sBurr's 1807 trial for treason <xreftarget="Kerr2020"/>,<xreftarget="Kerr2020"/> <xref target="Kahn1996"/>. Edgar Allan Poe claimed that he could cryptanalyze any message sent to him <xref target="Kahn1996"/>.</t> <t>The telegraph era upped the ante. In theU.S.,US, just a year after Samuel Morse deployed his first telegraph line between Baltimore and Washington, his business partner, Francis Smith, published a codebook to help customers protect their traffic from prying eyes <xref target="Smith1845"/>. In 1870, Britain nationalized its domestic telegraph network; in response, Robert Slater published a more sophisticated codebook <xref target="Slater1870"/>. On the government side, Britain took advantage of its position as the central node in theworld’sworld's international telegraphic networks to read a great deal of traffic passing through the country <xreftarget="Headrick1991"/>,<xreftarget="Headrick1991"/> <xref target="Kennedy1971"/>. They used this ability strategically,too—whentoo -- when war broke out in 1914, the British Navy cutGermany’sGermany's undersea telegraph cables, forcing them to use radio; an intercept of the so-called Zimmermann telegram, when cryptanalyzed, arguably led to American entry into the war and thence toGermany’sGermany's defeat. Once theU.S.US entered the war, it required users of international telegraph lines to deposit copies of the codebooks they used for compression, so that censors could check messages for prohibited content <xref target="Kahn1996"/>.</t> <t>In Victorian Britain, private citizens, often lovers, used encryption innewspapers’ Personalnewspapers' personal columns to communicate without theirparents’parents' knowledge. Charles Wheatstone and Charles Babbage used to solve these elementary ciphersroutinely,routinely for their own amusement <xref target="Kahn1996"/>.</t> <t>This pattern continued for many years. Governments regularly used ciphers and codes, while other countries tried to break them; private individuals would sometimes use encryption but not often, and rarely well. But the twoworld warsWorld Wars marked a sea change, one that would soon reverberate into the civilian world.</t> <t>The first World War featured vast troop movements by all parties; this in turn required a lot of encrypted communications, often by telegraph or radio. These messages were often easily intercepted in bulk. Furthermore, the difficulty of encrypting large volumes of plaintext led to the development of a variety of mechanical encryption devices, includingGermany’sGermany's famed Enigma machine. World War II amplified both trends. It also gave rise to machine-assisted cryptanalysis, such as the UnitedKingdom’sKingdom's bombes (derived from an earlier Polish design) and Colossus machine, and theAmerican’sAmerican's device for crackingJapan’sJapan's PURPLE system. TheU.S.US also used punch card-based tabulators to assist in breaking other Japanese codes, such as the Japanese ImperialNavy’sNavy's JN-25 <xreftarget="Kahn1996"/>,<xreftarget="Kahn1996"/> <xref target="Rowlett1998"/>.</t> <t>These developments set the stage for the postwarSIGINT—Signals Intelligence—environment.SIGINT (Signals Intelligence) environment. Manyintra-governmentintragovernmental messages were sent by radio, making them easy to intercept; advanced cryptanalytic machines made cryptanalysis easier. Ciphers were getting stronger, though, and government SIGINT agencies did not want to give up their access to data. While there were undoubtedly many developments, two are well known.</t> <t>The first involved CryptoAG, a Swedish (and later Swiss) manufacturer of encryption devices. The head of that company, Boris Hagelin, was a friend of William F. Friedman, a pioneering American cryptologist. During the 1950s, CryptoAG sold its devices to other governments; apparently atFriedman’sFriedman's behest, Hagelin weakened the encryption in a way that let the NSA read the traffic <xref target="Miller2020"/>.</t> <t>The story involving the British is less well-documented and less clear. When some ofBritain’sBritain's former colonies gained their independence, the British government gave them captured,war surpluswar-surplus Enigma machines to protect their own traffic. Some authors contend that this was deceptive, in that these former colonies did not realize that the British could read Enigma-protected traffic; others claim that this was obvious but that these countriesdidn’tdidn't care: Britain was no longer their enemy; it was neighboring countries they were worried about. Again, though, this concerned governmental use of encryption <xreftarget="Kahn1996"/>,<xreftarget="Kahn1996"/> <xref target="Baldwin2022"/>. There was still little private use.</t> </section> <sectionanchor="the-crypto-wars-begin"><name>Theanchor="the-crypto-wars-begin"> <name>The Crypto Wars Begin</name> <t>The modern era of conflict betweenindividual’san individual's desire for privacy and the government desires to read traffic began around 1972. The grain harvest in theU.S.S.R.USSR had failed; since relations between the Soviet Union and the United States were temporarily comparatively warm, the Soviet graincompany—company -- an arm of the Soviet government, ofcourse—course -- entered into negotiations with private American companies. Unknown to Americans at the time, Soviet intelligence was intercepting the phone calls of the American negotiating teams. In other words, private companies had to deal with state actors as a threat. Eventually,U.S.US intelligence learned ofthis,this and came to a realization: the private sector needed strong cryptography, too, to protect American national interests <xreftarget="Broad1982"/>,<xref target="Johnson1998"/>).target="Broad1982"/> <xref target="Johnson1998"/>. This underscored the need for strong cryptography to protect American civiliantraffic—buttraffic -- but the SIGINT people were unhappy at the thought of more encryption that theycouldn’tcouldn't break.</t> <t>Meanwhile, theU.S.US was concerned about protecting unclassified data <xref target="Landau2014"/>. In 1973 and again in 1974, the National Bureau of Standards (NBS) put out a call for a strong, modern encryption algorithm. IBM submitted Lucifer, an internally developed algorithm based on what has become known as a 16-round Feistel network. The original version used a long key. It seemed quite strong, so NBS sent it off to the NSA to get their take. The eventual design, which was adopted in 1976 as the Data Encryption Standard (DES), differed in some important ways from Lucifer. First, the so-called S-boxes, the source of the cryptologic strength of DES, were changed, and were now demonstrably not composed of random integers. Many researchers alleged that the S-boxes contained an NSA back door. It took nearly 20 years for the truth to come out: the S-boxes were in fact strengthened, not weakened. Most likely, IBM independently discovered the attack now known as differential cryptanalysis, though some scholars suspect that the NSA told them about it. Thenon-randomnonrandom S-boxes protected against this attack. The second change, though, was clearly insisted on by the NSA: the key size was shortened, fromLucifer’sLucifer's 112 bits toDES’sDES's 56 bits. We now know that the NSA wanted a 48-bit key size, while IBM wanted 64 bits; they compromised at 56 bits.</t> <t>Whitfield Diffie and Martin Hellman, at Stanford University, wondered about the 56-bit keys. In 1979, they published a paper demonstrating that theU.S.US government, but few others, could afford to build a brute-force cracking machine, one that could try all 2<sup>56</sup> possible keys to crack a message. NSA denied tampering with the design; a Senate investigating committee found thatthat wasassertion to be correct, but did not discuss the shortened key length issue.</t> <t>This, however, was not Diffie andHellman’sHellman's greatest contribution to cryptology. A few years earlier, they had published a paper inventing what is now known as public key cryptography. (In fact, public key encryption had been invented a few years earlier atGCHQ,UK Government Communications Headquarters (GCHQ), but they kept their discovery classified until 1997.) In 1978, Ronald Rivest, Adi Shamir, and Leonard Adleman devised the RSA algorithm, which made it usable. (An NSA employee, acting on his own, sent a letter warning that academic conferences on cryptology might violateU.S.US export laws.)</t> <t>Around the same time, George Davida at the University of Wisconsin applied for a patent on a stream cipher; the NSA slapped a secrecy order on the application. This barred him from even talking about his invention. The publicity was devastating; the NSA had to back down.</t> <t>The Crypto Wars had thus begun: civilians were inventing strong encryption systems, and the NSA was tampering with them or trying to suppress them. Bobby Inman, the then-director of the NSA, tried creating a voluntary review process for academic papers, but very few researchers were interested in participating <xref target="Landau1988"/>.</t> <t>There were few major public battles during the1980s,1980s because there were few new major use cases for civilian cryptography during that time. There was one notable incident, though: Shamir, Amos Fiat, and Uriel Feige invented zero-knowledge proofs and applied for a US patent. In response, the US Army slapped a secrecy order on the patent. After a great deal of public outrage and intervention by, of all organizations, the NSA, the order was lifted on very narrow grounds: the inventors were not American, and they had been discussing their work all over the world <xref target="Landau1988"/>.</t> <t>In the 1990s, though, everything changed.</t> </section> <sectionanchor="the-battle-is-joined"><name>Theanchor="the-battle-is-joined"> <name>The BattleisIs Joined</name> <t>There were three major developments in cryptography in the early 1990s. First, Phil Zimmermann released PGP (Pretty Good Privacy), a package to encrypt email messages. In 1993, AT&T planned to release the TSD-3600, an easy-to-use phone encryptor aimed at business travelers. Shortly after that, the Netscape Communications Corporation released SSL (Secure Socket Layer) as a way to enable web-based commerce using their browser and web server. All of these were seen as threats by the NSA and the FBI.</t> <t>PGP was, at least arguably, covered by what was known as ITAR, the International Trafficking in ArmsRegulations—underRegulations -- under American law, encryption software was regarded as a weapon, so exports required a license. It was also alleged to infringe the patents on the RSA algorithm. Needless to say, both issues were problematic for what was intended to be open source software. Eventually, the criminal investigation intoZimmermann’sZimmermann's role in the spread of PGP overseas was dropped, but the threat of such investigations remained to deterothers<xrefothers <xref target="Levy2001"/>.</t> <t>The TSD-3600 was another matter. AT&T was a major corporation that did not want to pick a fight with theU.S.US government, but international business travelers were seen as a major market for the device. At thegovernment’s “request”,government's "request", the DES chip was replaced with what was known as the ClipperChip.chip. The Clipper chip used Skipjack, a cipher with 80-bit keys; it was thus much stronger againstbrute forcebrute-force attacks than DES. However, it provided“key escrow”."key escrow". Without going into any details, the key escrow mechanism allowedU.S.US government eavesdroppers to consult a pair of (presumably secure) internal databases and decrypt all communications protected by the chip. The Clipper chip proved to be extremely unpopular with industry; that AT&T BellLabs’Labs' Matt Blaze found a weakness in thedesign<xrefdesign <xref target="Blaze1994"/>, one that let you use Skipjack without the key escrow feature,didn’tdidn't help its reputation.</t> <t>The third major development, SSL, was even trickier. SSL was aimed at e-commerce, and of course Netscape wanted to be able to sell its products outside the US. That would require an export license, so they made a deal with the government: non-American users would receive a version that used 40-bit keys, a key length far shorter than what the NSA had agreed to 20 years earlier. (To get ahead of the story: there was a compromise mode of operation, wherein an export-grade browser could use strong encryption when talking to a financial institution. This hybrid mode led to cryptographic weaknesses discovered some 20 yearslater<xreflater <xref target="Adrian2015"/>.)</t> <t>Technologists and American industry pushed back. The IETF adopted the Danvers Doctrine, described in <xref target="RFC3365"/>:</t><ul empty="true"><li><blockquote> <t>At the32nd32cd [sic] IETF held in Danvers, Massachusetts during April of 1995 the IESG asked the plenary for a consensus on the strength of security that should be provided by IETF standards. Although the immediate issue before the IETF was whether or not to support“export”"export" grade security (which is to say weak security) instandards,standards the question raised the generic issue of security in general.</t></li></ul> <ul empty="true"><li><t>The overwhelming consensus was that the IETF should standardize on the use of the best security available, regardless of national policies. This consensus is often referred to as the“Danvers Doctrine”.</t> </li></ul>"Danvers Doctrine".</t> </blockquote> <t>Then American companies started losing business to their overseas competitors, who did not have to comply withU.S.US export laws. All of this led to what seemed like a happy conclusion: theU.S.US government drastically loosened its export rules for cryptographic software. All waswell—orwell -- or so itseemed…</t>seemed...</t> </section> <sectionanchor="the-hidden-battle"><name>Theanchor="the-hidden-battle"> <name>The Hidden Battle</name> <t>Strong cryptography was here to stay, and it was no longer an American monopoly, if indeed it ever was. The Information Assurance Directorate of the NSA, the part of the agency that is supposed to protectU.S.US data, was pleased by the spread of strong cryptography. When the Advanced Encryption Standard (AES) competition was held, there were no allegations of malign NSA interference; in fact, the winning entry was devised by two Europeans, Joan Daemen and Vincent Rijmen. But the NSA and its SIGINT needs did not goaway—theaway -- the agency merely adopted other techniques.</t> <t>I have often noted that onedoesn’tdoesn't go through strong security, one goes around it. When strong encryption became more common and much more necessary, the NSA started going around it, by targeting computers and the software that they run. And it seems clear that they believe that AES is quite strong;they’vethey've even endorsed its use for protecting TOP SECRET information. But there was an asterisk attached to that endorsement: AES is suitable if and only if properly used and implemented. Therein lies the rub.</t> <t>The first apparent attempt to tamper with outside cryptographic mechanisms was discovered in 2007, when two Microsoft researchers, Dan Shumow and Niels Ferguson, noted an odd property of a NIST-standardized random number generator, DUAL_EC_DRBG. (The NBS had been renamed to NIST, the National Institute of Standards and Technology.) Random numbers are vital for cryptography, but Shumow and Ferguson showed that if certain constants in DUAL_EC_DRBG were chosen in a particular way with a known-but-hidden other number, whoever knew that number could predict all future random numbers from a system given a few sample bytes to start from <xref target="Kostyuk2022"/>. These sample bytes could come from known keys, nonces, or anything else. Where did the constants in DUAL_EC_DRBG come from and how were they chosen or generated? No one who knows is talking. But although cryptographers and security specialists were verysuspicious—Brucesuspicious -- Bruce Schneier wrote in 2007, before more facts came out, that“both"both NIST and the NSA have some explaining todo”;do"; I assigned my students reading on thetopic—thetopic -- the issuedidn’tdidn't really get any traction until six years later, when among the papers that Edward Snowden disclosed was the information that the NSA had indeed tampered with a major cryptographic standard, though published reports did not specifically name DUAL_EC_DRBG or explain what the purpose was.</t> <t>The revelationsdidn’tdidn't stop there. There have been allegations that the NSA paid some companies to use DUAL_EC_DRBG in their products. Some people have claimed that there were attempts to modify some IETF standards to make enough random bytes visible, to aid in exploiting the random number generator. A major vendor of networking gear, Juniper, did use DUAL_EC_DRBG in some of its products, but with different constants <xref target="Checkoway2016"/>. Where did these come from? Were they from the NSA or some other government? Could their source tree have been hacked by an intelligence agency? There was a different hack of their code at around the sametime<xreftime <xref target="Moore2015"/>. No one is talking.</t> <t>The Snowden revelations also included data suggesting that the NSA had a worldwide eavesdropping network and a group that tried very specific, targeted hacks on very specifictargets’targets' systems. In retrospect, neither is surprising:“spies"spies gonnaspy”.spy". TheNSA’sNSA's business is signals intelligence; of coursethey’rethey're going to try to intercept traffic. Indeed, the DUAL_EC_DRBG tampering is useless to anyone who has not collected messages to decrypt. And targeted hacks are a natural way around strong encryption: collect the data before it is encrypted or after it is decrypted, anddon’tdon't worry about the strength of the algorithms.</t> <t>The privacy community, worldwide, was appalled, though perhaps theyshouldn’tshouldn't have been. It calls to mind the line that Claude Rains' character uttered in the movie Casablanca <xref target="Curtiz"/>:“I’m"I'm shocked, shocked to find that gambling is going on inhere.”here." The immediate and continuing reaction was to deploy more encryption. The standards have long existed; what was missing was adoption. One barrier was the difficulty and expense of getting certificates to use with TLS, the successor to SSL; that void was filled by Let's Encrypt <xref target="LE"/>, which made free certificates easy to get online. Today, most HTTP traffic is encrypted, so much so thatGoogle’sGoogle's search engine down-ranks sites that do not use it. Major email providers uniformly use TLS to protect all traffic.WiFi,Wi-Fi, though a local area issue, now uses much stronger encryption. (It's important to remember that security and insecurity have economic components. Security doesn't have to be perfect to be very useful, if it raises the attackers' costs by enough.)</t> <t>The news on the software side is less good. Not a day goes by when one does not read of organizations being hit by ransomware. It goes without saying that any threat actor capable of encrypting disks is also capable of stealing the information on them; indeed, that is a frequent accompanying activity, since the threat of disclosure is another incentive to pay for those sites that do have good enough backups. Major vendors have put a lot of effort into securing their software, but bugs and operational errors by end-user sites persist.</t> </section> <sectionanchor="whither-the-ietf"><name>Whitheranchor="whither-the-ietf"> <name>Whither the IETF?</name> <t>Signal intelligence agencies, not just the NSA, but its peers around theglobe—mostglobe -- most major countries have theirown—areown -- are not going to go away. The challenges that have beset the NSA are common to all such agencies, and their solutions are likely the same. The question is what should be done to protect individual privacy. A number of strong democracies, such as Australia and the United Kingdom, are, in a resumption of the Crypto Wars, moving to restrict encryption. Spurred on by complaints from the FBI and other law enforcement agencies, the US Congress frequently considers bills to do the same.</t> <t>The IETF has long had a commitment to strong, ubiquitous encryption. This is a good thing. It needs to continue, with cryptography and other security features designed into protocols from the beginning. But there is also a need for maintenance. Parameters such as key lengths and modulus sizes age; a value that is acceptable today may not be 10 years hence.(We’ve(We've already seen apparent problems from 1024-bit moduli specified in an RFC, an RFC that was not modified when technology improved enough that attacking encryption based on them had becomefeasible.<xref target="Adrian2015"/>)feasible <xref target="Adrian2015"/>.) The IETF can do nothing about the code that vendors ship or that sites use, but it can alert the world that it thinks things have changed.</t> <t>Cryptoagility is of increasing importance. In the next very few years, we will have so-called post-quantum algorithms. Both protocols and key lengths will need to change, perhaps drastically. Is the IETF ready? What will happen to, say, DNSSEC if key lengths become drastically longer? Backwards compatibility will remain important, but that, of course, opens the door to other attacks.We’veWe've long thought about them; we need to be sure that our mechanismswork—we'vework -- we've been surprised in thepast.<xref target="BellovinRescorla2006"/></t>past <xref target="BellovinRescorla2006"/>.</t> <t>We also need to worry more about metadata. General Michael Hayden, former director of both the NSA and the CIA, once remarked,“We"We kill people based onmetadata”metadata" <xref target="Ferran2014"/>. But caution is necessary; attempts to hide metadata can haveside-effects.side effects. To give a trivial example, Tor is quite strong, but if your exit node is in a different country than you are in, web sites that use IP geolocation may present their content in a language foreign to you. Some sites even block connections from known Tor exit nodes. More generally, many attempts to hide metadata involve trusting a different party; that party may turn out to be untrustworthy or it may itself become a target of attack. As another prominent IETFer has remarked,“Insecurity"Insecurity is like entropy; youcan’tcan't destroyitit, but you can move itaround.”around." The IETF has done a lot; it needs to do more. And remember that the risk here is not just governments acting directly, it's also private companies that collect the data and sell it to all comers.</t> <t>Finally, the IETF must remember that its middle name is“Engineering”."Engineering". To me, one of the attributes of engineering is the art of picking the right solution in an over-constrained environment. Intelligence agencieswon’twon't go away, nor will national restrictions on cryptography. We have to pick the right path while staying true to our principles.</t> </section> </section> <sectionanchor="acknowledgments"><name>Acknowledgments</name> <t>Susan Landau added many valuable comments to Steve Bellovin's essay.</t> <t>We thank Carsten Bormann, Brian Carpenter, Wendy Grossman, Kathleen Moriarty, Jan Schaumann, Seth David Schoen, and Paul Wouters for comments and review of this text, though that of course doesn't mean that they necessrily agree with the text.</t> <t>This document was created at the behest of Eliot Lear, who also cat herded and did some editing.</t> </section> <section anchor="security-considerations"><name>Securityanchor="security-considerations"> <name>Security Considerations</name> <t>Each or any of the authors may have forgotten or omitted things or gotten things wrong. We're sorry if that's the case, but that's in the nature of a look-back such as this. Such flaws almost certainly won't worsen security orprivacyprivacy, though.</t> </section> <sectionanchor="iana-considerations"><name>IANAanchor="iana-considerations"> <name>IANA Considerations</name><t>No changes to<t>This document has no IANAprocesses are made by this memo.</t>actions.</t> </section> </middle> <back><references title='Informative References'><displayreference target="I-D.ietf-tls-esni" to="TLS-ECH"/> <displayreference target="I-D.ietf-mpls-opportunistic-encrypt" to="MPLS-OPPORTUNISTIC-ENCRYPT"/> <references> <name>Informative References</name> <referenceanchor="guard2013" >anchor="Guard2013"> <front> <title>NSA collecting phone records of millions of Verizon customers daily</title> <author initials="G." surname="Greenwald" fullname="Glenn Greenwald"> <organization>The Guardian</organization> </author> <date year="2013" month="June"/> </front> <refcontent>The Guardian</refcontent> </reference> <reference anchor="ACME"target="https://datatracker.ietf.org/wg/acme/">target="https://datatracker.ietf.org/wg/acme/about/"> <front> <title>Automated Certificate Management Environment(ACME)</title> <author >(acme)</title> <author> <organization>IETF</organization> </author><date year="2023"/></front> </reference> <reference anchor="Perpass-BoF" target="https://www.ietf.org/proceedings/88/perpass.html"> <front><title>IETF 88 Perpass<title>perpass BoFsession</title> <author >-- Handling Pervasive Monitoring in the IETF</title> <author> <organization>IETF</organization> </author> <date month="November" year="2013"/> </front> <refcontent>IETF 88 Proceedings</refcontent> </reference> <reference anchor="CFRG"target="https://datatracker.ietf.org/rg/cfrg/">target="https://datatracker.ietf.org/rg/cfrg/about/"> <front><title>IRTF Crypto<title>Crypto Forum(CFRG)</title> <author > <organization>IETF</organization>(cfrg)</title> <author> <organization>IRTF</organization> </author><date year="2023"/></front> </reference> <reference anchor="CURDLE"target="https://datatracker.ietf.org/wg/curdle/">target="https://datatracker.ietf.org/wg/curdle/about/"> <front><title>curdle WG</title> <author ><title>CURves, Deprecating and a Little more Encryption (curdle)</title> <author> <organization>IETF</organization> </author><date year="2023"/></front> </reference> <referenceanchor="Curtiz" >anchor="Curtiz"> <front> <title>Casablanca</title> <author initials="M." surname="Curtiz" fullname="Michael Curtiz"><organization></organization><organization/> </author> <author initials="J. J." surname="Epstein" fullname="Julius J. Epstein"><organization></organization><organization/> </author> <author initials="P. G." surname="Epstein" fullname="Philip G. Epstein"><organization></organization><organization/> </author> <author initials="H." surname="Koch" fullname="Howard Koch"><organization></organization><organization/> </author> <date month="November" year="1942"/> </front> <refcontent>Warner Bros. Pictures</refcontent> </reference> <referenceanchor="dual-ec"anchor="Dual-EC" target="https://eprint.iacr.org/2015/767.pdf"> <front> <title>DualEC,EC: Astandardized back door</title>Standardized Back Door</title> <author initials="D." surname="Bernstein" fullname="Daniel Bernstein"><organization></organization><organization/> </author> <author initials="T." surname="Lange" fullname="Tanja Lange"><organization></organization><organization/> </author> <author initials="R." surname="Niederhagen" fullname="Ruben Niederhagen"><organization></organization><organization/> </author> <date month="July" year="2016"/> </front> </reference> <reference anchor="LE" target="https://dl.acm.org/doi/pdf/10.1145/3319535.3363192"> <front> <title>Let'sEncrypt - an automated certificate authorityEncrypt: An Automated Certificate Authority toencryptEncrypt theentire web</title>Entire Web</title> <author initials="J." surname="Aas" fullname="Josh Aas"><organization></organization><organization/> </author> <author initials="R." surname="Barnes" fullname="Richard Barnes"><organization></organization><organization/> </author> <author initials="B." surname="Case" fullname="Benton Case"><organization></organization><organization/> </author> <author initials="Z." surname="Durumeric" fullname="Zakir Durumeric"><organization></organization><organization/> </author> <author initials="P." surname="Eckersley" fullname="Peter Eckersley"><organization></organization><organization/> </author> <author initials="A." surname="Flores-López" fullname="Alan Flores-López"><organization></organization><organization/> </author> <author initials="A." surname="Halderman" fullname="Alex Halderman"><organization></organization><organization/> </author> <author initials="J." surname="Hoffman-Andrews" fullname="Jacob Hoffman-Andrews"><organization></organization><organization/> </author> <author initials="J." surname="Kasten" fullname="James Kasten"><organization></organization><organization/> </author> <author initials="E." surname="Rescorla" fullname="Eric Rescorla"><organization></organization><organization/> </author> <author initials="S. D." surname="Schoen" fullname="Seth David Schoen"><organization></organization><organization/> </author> <author initials="B." surname="Warren" fullname="Brad Warren"><organization></organization><organization/> </author> <date month="November" year="2019"/> </front> <refcontent>CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security</refcontent> </reference> <reference anchor="MADINAS"target="https://datatracker.ietf.org/wg/madinas/">target="https://datatracker.ietf.org/wg/madinas/about"> <front><title>MADINAS WG</title> <author ><title>MAC Address Device Identification for Network and Application Services (madinas)</title> <author> <organization>IETF</organization> </author><date year="2023"/></front> </reference> <referenceanchor="perpass"anchor="Perpass" target="https://mailarchive.ietf.org/arch/browse/perpass/"> <front> <title>perpass mailing list</title><author ><author> <organization>IETF</organization> </author><date year="2023"/></front> </reference> <referenceanchor="plenary-video"anchor="Plenary-video" target="https://www.youtube.com/watch?v=oV71hhEpQ20&pp=ygUQaWV0ZiA4OCBwbGVuYXJ5IA%3D%3D"> <front> <title>IETF 88 Technical Plenary: Hardening The Internet</title><author > <organization>IETF</organization><author> <organization/> </author> <date month="November" year="2013"/> </front> <refcontent>YouTube video, 2:37:28, posted by "IETF - Internet Engineering Task Force"</refcontent> </reference> <referenceanchor="refs-to-7258"anchor="Refs-to-7258" target="https://datatracker.ietf.org/doc/rfc7258/referencedby/"> <front> <title>References to RFC7258</title><author ><author> <organization>IETF</organization> </author><date year="2023"/></front> </reference> <referenceanchor="timeline" target="https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)">anchor="Timeline" target="https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=1161557819"> <front> <title>Global surveillance disclosures(2013–present)</title> <author > <organization>Wikimedia foundation</organization>(2013-present)</title> <author> <organization>Wikipedia</organization> </author> <date month="July" year="2023"/> </front> </reference> <reference anchor="STRINT" target="https://www.w3.org/2014/strint/"> <front> <title>A W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)</title><author > <organization>IETF</organization><author> <organization>W3C</organization> </author> <author> <organization>IAB</organization> </author> <date month="March" year="2014"/> </front> </reference> <reference anchor="Toronto" target="https://www.npr.org/sections/thetwo-way/2014/01/31/269418375/airport-wi-fi-used-to-track-travelers-snowden-leak-alleges"> <front> <title>Canada Used Airport Wi-Fi To Track Travelers, Snowden Leak Alleges</title> <author> <organization>National Public Radio</organization>initials="M." surname="Memmott" fullname="Mark Memmott"> <organization/> </author> <dateyear="n.d."/>month="January" year="2014"/> </front> <refcontent>NPR</refcontent> </reference> <reference anchor="UTA"target="https://datatracker.ietf.org/wg/uta/">target="https://datatracker.ietf.org/wg/uta/about"> <front> <title>Using TLS in Applicationsworking group (UTA) working group</title> <author >(uta)</title> <author> <organization>IETF</organization> </author><date year="2023"/></front> </reference> <referenceanchor="Kahn1996" >anchor="Kahn1996"> <front> <title>TheCode Breakers, 2nd Edition</title>Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet</title> <author initials="D." surname="Kahn" fullname="David Kahn"><organization></organization><organization/> </author> <date year="1996"/> </front><refcontent>Scribner</refcontent></reference><refcontent>2nd Edition</refcontent> <refcontent>Scribner</refcontent> </reference> <referenceanchor="Borda2011" >anchor="Borda2011"> <front> <title>Fundamentals in Information Theory andCoding. Berlin</title>Coding</title> <author initials="M." surname="Borda" fullname="Monica Borda"><organization></organization><organization/> </author> <date month="May" year="2011"/> </front><refcontent>Springer</refcontent></reference><refcontent>Springer-Berlin</refcontent> </reference> <reference anchor="Kerr2020">target="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3533069"> <front> <title>Decryption Originalism: The Lessons ofBurr.</title>Burr</title> <author initials="O. S." surname="Kerr" fullname="Orin S. Kerr"><organization></organization><organization/> </author> <dateyear="2020"/>month="January" year="2021"/> </front><seriesInfo name="Harvard<refcontent>Harvard LawReview" value="134:905"/>Review, 134:905</refcontent> </reference> <reference anchor="Smith1845"target="http://books.google.com/books?id=Z45clCxsF7EC">target="https://books.google.com/books?id=Z45clCxsF7EC"> <front> <title>The Secret CorrespondingVocabulary,Vocabulary: Adapted for Use toMorse’sMorse's Electro-MagneticTelegraph: AndTelegraph, and Also in Conducting Written Correspondence, Transmitted by the Mails, or Otherwise</title> <author initials="F. O." surname="Smith" fullname="Francis O. Smith"><organization></organization><organization/> </author> <date year="1845"/> </front> <refcontent>Thurston, Isley &Co</refcontent></reference>Company</refcontent> </reference> <reference anchor="Slater1870"target="http://books.google.com/books?id=MJYBAAAAQAAJ">target="https://books.google.com/books?id=MJYBAAAAQAAJ"> <front> <title>Telegraphic Code, to Ensure Secresy in the Transmission ofTelegrams, First Edition.</title>Telegrams</title> <author initials="R." surname="Slater" fullname="Robert Slater"><organization></organization><organization/> </author> <date year="1870"/> </front> <refcontent>First Edition</refcontent> <refcontent>W.R.Gray</refcontent></reference>Gray</refcontent> </reference> <referenceanchor="Headrick1991" >anchor="Headrick1991"> <front> <title>The Invisible Weapon: Telecommunications and International Politics,1851–1945</title>1851-1945</title> <author initials="D. R." surname="Headrick" fullname="Daniel R. Headrick"><organization></organization><organization/> </author> <date year="1991"/> </front> <refcontent>Oxford UniversityPress</refcontent></reference>Press</refcontent> </reference> <reference anchor="Kennedy1971"target="http://www.jstor.org/stable/563928">target="https://www.jstor.org/stable/563928"> <front> <title>ImperialCable Communicationscable communications andStrategy,strategy, 1870-1914</title> <author initials="P. M." surname="Kennedy" fullname="Paul M. Kennedy"><organization></organization><organization/> </author> <date month="October" year="1971"/> </front><seriesInfo name="English<refcontent>English HistoricalReview" value="86 (341): 728–52"/>Review, 86:341, pp. 728-752</refcontent> <refcontent>Oxford University Press</refcontent> </reference> <referenceanchor="Rowlett1998" >anchor="Rowlett1998"> <front> <title>The Story ofMAGIC:Magic, Memoirs of an American Cryptologic Pioneer</title> <author initials="F. B." surname="Rowlett" fullname="Frank B. Rowlett"><organization></organization><organization/> </author> <dateyear="1988"/>year="1998"/> </front> <refcontent>Aegean ParkPress</refcontent></reference>Press</refcontent> </reference> <reference anchor="Miller2020" target="https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/"> <front> <title>TheIntelligence Coupintelligence coup of theCentury</title>century</title> <author initials="G." surname="Miller" fullname="Greg Miller"><organization></organization><organization/> </author> <date year="2020" month="February"/> </front> <refcontent>The WashingtonPost</refcontent></reference>Post</refcontent> </reference> <reference anchor="Baldwin2022" target="https://drenigma.org/2022/03/02/did-britain-sell-enigmas-postwar/"> <front> <title>Did BritainSellsell EnigmasPostwar?</title>postwar?</title> <author initials="M." surname="Baldwin" fullname="Mark Baldwin"><organization></organization><organization/> </author> <date month="march" year="2022"/> </front> <refcontent>Dr.Enigma (blog)</refcontent></reference>Enigma</refcontent> </reference> <reference anchor="Broad1982">target="https://www.science.org/doi/abs/10.1126/science.217.4563.910"> <front> <title>Evading the Soviet Ear at Glen Cove</title> <author initials="W. J." surname="Broad" fullname="William J. Broad"><organization></organization><organization/> </author> <date month="September" year="1982"/> </front><seriesInfo name="Science" value="217 (3): 910–11"/><refcontent>Science, 217:4563, pp. 910-911</refcontent> </reference> <reference anchor="Landau1988">target="https://privacyink.org/pdf/Zero_Knowledge.pdf"> <front> <title>Zero Knowledge and the Department of Defense</title> <author initials="S." surname="Landau" fullname="Susan Landau"><organization></organization><organization/> </author> <date month="January" year="1988"/> </front><seriesInfo name="Notices<refcontent>Notices of the American MathematicalSociety [Special Article Series]" value="35 (1): 5–12"/>Society, 35:1, pp. 5-12</refcontent> </reference> <reference anchor="Landau2014">target="https://jnslp.com/wp-content/uploads/2015/03/NSA%E2%80%99s-Efforts-to-Secure-Private-Sector-Telecommunications-Infrastructure_2.pdf"> <front> <title>Under the Radar:NSA’sNSA's Efforts to Secure Private-Sector Telecommunications Infrastructure</title> <author initials="S." surname="Landau" fullname="Susan Landau"><organization></organization><organization/> </author> <date month="September" year="2014"/> </front><seriesInfo name="Journal<refcontent>Journal of National Security Law &Policy" value="Vol 7, No. 3"/>Policy, 7:3</refcontent> </reference> <reference anchor="Johnson1998" target="https://www.nsa.gov/portals/75/documents/news-features/declassified-documents/cryptologic-histories/cold_war_iii.pdf"> <front> <title>American Cryptology During the Cold War, 1945-1989; Book III: Retrenchment andReform</title>Reform, 1972-1980</title> <author initials="T. R." surname="Johnson" fullname="Thomas R. Johnson"><organization></organization><organization/> </author> <date year="1998"/> </front><refcontent>NSA</refcontent></reference><refcontent>Center for Cryptologic History, NSA</refcontent> </reference> <reference anchor="Kostyuk2022" target="https://www.harvardnsj.org/wp-content/uploads/sites/13/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf"> <front> <title>DuelingOverover DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process</title> <author initials="N." surname="Kostyuk" fullname="Nadyia Kostyuk"><organization></organization><organization/> </author> <author initials="S." surname="Landau" fullname="Susan Landau"><organization></organization><organization/> </author> <date month="June" year="2022"/> </front><seriesInfo name="Harvard<refcontent>Harvard National SecurityJournal" value="13 (2): 224–84"/>Journal, 13:2, pp. 224-284</refcontent> </reference> <reference anchor="Ferran2014" target="https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata"> <front> <title>Ex-NSA Chief: "We Kill People Based on Metadata"</title> <author initials="L." surname="Ferran" fullname="Lee Ferran"><organization></organization><organization/> </author> <date year="2014" month="May"/> </front> <refcontent>ABCNews</refcontent></reference>News</refcontent> </reference> <reference anchor="Adrian2015"target="https://weakdh.org/imperfect-forward-secrecy.pdf">target="https://dl.acm.org/doi/10.1145/2810103.2813707"> <front> <title>Imperfect Forward Secrecy: How Diffie-Hellman Fails inPractice.</title>Practice</title> <author initials="D." surname="Adrian" fullname="David Adrian"><organization></organization><organization/> </author> <author initials="K." surname="Bhargavan" fullname="Karthikeyan Bhargavan"><organization></organization><organization/> </author> <author initials="Z." surname="Durumeric" fullname="Zakir Durumeric"><organization></organization><organization/> </author> <author initials="P." surname="Gaudry" fullname="Pierrick Gaudry"><organization></organization><organization/> </author> <author initials="M." surname="Green" fullname="Matthew Green"><organization></organization><organization/> </author> <author initials="J. A." surname="Halderman" fullname="J. Alex Halderman"><organization></organization><organization/> </author> <author initials="N." surname="Heninger" fullname="Nadia Heninger"><organization></organization><organization/> </author> <author initials="D." surname="Springhall" fullname="Drew Springall"> <organization/> </author> <author initials="E." surname="Thomé" fullname="Emmanuel Thomé"> <organization/> </author> <author initials="L." surname="Valenta" fullname="Luke Valenta"> <organization/> </author> <author initials="B." surname="VanderSloot" fullname="Benjamin VanderSloot"> <organization/> </author> <author initials="E." surname="Wustrow" fullname="Eric Wustrow"> <organization/> </author> <author initials="S." surname="Zanella-Béguelin" fullname="Santiago Zanella-Béguelin"> <organization/> </author> <author initials="P." surname="Zimmermann" fullname="Paul Zimmermann"> <organization/> </author> <date month="October" year="2015"/> </front><refcontent>Proceedings<refcontent>CCS '15: Proceedings of the 22th ACM Conference on Computer and CommunicationsSecurity (CCS)</refcontent></reference>Security</refcontent> </reference> <reference anchor="BellovinRescorla2006" target="https://www.cs.columbia.edu/~smb/papers/new-hash.pdf"> <front> <title>Deploying a New Hash Algorithm</title> <author initials="S. M." surname="Bellovin" fullname="Steven M. Bellovin"><organization></organization><organization/> </author> <author initials="E. K." surname="Rescorla" fullname="Eric K. Rescorla"><organization></organization><organization/> </author> <date month="February" year="2006"/> </front> <refcontent>Proceedings of NDSS'06</refcontent></reference>'06</refcontent> </reference> <reference anchor="Blaze1994"target="http://www.mattblaze.org/papers/eesproto.pdf">target="https://dl.acm.org/doi/10.1145/191177.191193"> <front> <title>ProtocolFailuresFailure in the Escrowed Encryption Standard</title> <author initials="M." surname="Blaze" fullname="Matt Blaze"><organization></organization><organization/> </author> <date year="1994"/> </front><refcontent>Proceedings<refcontent>CCS '94: Proceedings of Second ACM Conference on Computer and CommunicationsSecurity</refcontent></reference>Security</refcontent> </reference> <reference anchor="Checkoway2016" target="https://dl.acm.org/citation.cfm?id=2978395"> <front> <title>A Systematic Analysis of the Juniper Dual EC Incident</title> <author initials="S." surname="Checkoway" fullname="Stephen Checkoway"><organization></organization><organization/> </author> <author initials="J." surname="Maskiewicz" fullname="Jacob Maskiewicz"><organization></organization><organization/> </author> <author initials="C." surname="Garman" fullname="Christina Garman"><organization></organization><organization/> </author> <author initials="J." surname="Fried" fullname="Joshua Fried"><organization></organization><organization/> </author> <author initials="S." surname="Cohney" fullname="Shaanan Cohney"><organization></organization><organization/> </author> <author initials="M." surname="Green" fullname="Matthew Green"><organization></organization><organization/> </author> <author initials="N." surname="Heninger" fullname="Nadia Heninger"><organization></organization><organization/> </author> <author initials="R. P." surname="Weinmann" fullname="Ralf-Philipp Weinmann"><organization></organization><organization/> </author> <author initials="E." surname="Rescorla" fullname="Eric Rescorla"><organization></organization><organization/> </author> <author initials="" surname="Hovav Shacham" fullname="Hovav Shacham"><organization></organization><organization/> </author> <date month="October" year="2016"/> </front><seriesInfo name="Proceedings<refcontent>CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and CommunicationsSecurity" value="468–79"/>Security, pp. 468-479</refcontent> </reference> <referenceanchor="Levy2001" >anchor="Levy2001"> <front> <title>Crypto: How the Code Rebels Beat theGovernment—SavingGovernment-Saving Privacy in the Digital Age</title> <author initials="S." surname="Levy" fullname="Steven Levy"><organization></organization><organization/> </author> <date month="January" year="2001"/> </front><refcontent>Viking</refcontent></reference><refcontent>Penguin Publishing Group</refcontent> </reference> <reference anchor="Moore2015" target="https://www.rapid7.com/blog/post/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor/"> <front> <title>CVE-2015-7755: Juniper ScreenOS Authentication Backdoor</title> <author initials="H. D." surname="Moore" fullname="H.D. Moore"><organization></organization><organization/> </author> <date month="December" year="2015"/> </front><refcontent>Rapid7 Blog</refcontent></reference><refcontent>Rapid7</refcontent> </reference> <reference anchor="Doria2012" target="https://www.internetsociety.org/resources/doc/2012/human-rights-and-internet-protocols-comparing-processes-and-principles/"> <front> <title>Human Rights and Internet Protocols: Comparing Processes and Principles</title> <authorinitials="A." surname="Doria" fullname="Avri Doria"> <organization></organization> </author> <authorinitials="J." surname="Liddicoat" fullname="Joy Liddicoat"><organization></organization><organization/> </author> <author initials="A." surname="Doria" fullname="Avri Doria"> <organization/> </author> <date month="December" year="2012"/> </front> <refcontent>The InternetSociety</refcontent></reference>Society</refcontent> </reference> <referenceanchor="Garfinkel1995" >anchor="Garfinkel1995"> <front><title>GPG:<title>PGP: Pretty Good Privacy</title> <author initials="S." surname="Garfinkel" fullname="Simson Garfinkel"><organization></organization><organization/> </author> <date month="January" year="1995"/> </front> <refcontent>O'Reilly andAssociates</refcontent></reference>Associates</refcontent> </reference> <reference anchor="Masnick2023" target="https://copia.is/library/unintended-consequences/"> <front> <title>The Unintended Consequences of Internet Regulation</title> <author initials="M." surname="Masnick" fullname="Mike Masnick"><organization></organization><organization/> </author> <date month="April" year="2023"/> </front> <refcontent>Copia</refcontent> </reference> <reference anchor="Roth2022" target="https://www.theverge.com/2022/3/5/22962822/internet-backbone-provider-cogent-shuts-off-service-russia"> <front> <title>Internet backbone provider shuts off service in Russia</title> <author initials="E." surname="Roth" fullname="Emma Roth"><organization></organization><organization/> </author> <date year="2022" month="March"/> </front> <refcontent>TheVerge</refcontent></reference>Verge</refcontent> </reference> <referenceanchor="zubhoff2019" >anchor="Zubhoff2019"> <front> <title>TheageAge ofsurveillance capitalism,Surveillance Capitalism: ThefightFight for ahuman futureHuman Future at thenew frontierNew Frontier ofpower</title>Power</title> <author initials="S." surname="Zuboff" fullname="Shoshana Zuboff"><organization></organization><organization/> </author> <date month="January" year="2019"/> </front> <seriesInfo name="ISBN" value="9781781256855"/><refcontent>Profile Books</refcontent></reference><refcontent>PublicAffairs</refcontent> </reference> <reference anchor="Badii2023" target="https://digitalmedusa.org/wp-content/uploads/2023/05/SanctionsandtheInternet-DigitalMedusa.pdf"> <front> <title>Sanctions and the Internet</title> <author initials="F."surname="Badii"surname="Badiei" fullname="FarzanehBadii"> <organization></organization>Badiei"> <organization/> </author> <date year="2023"/> </front> <refcontent>Digital Medusa</refcontent> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7687.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7258.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-tls-esni.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7858.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8484.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9113.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9000.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-mpls-opportunistic-encrypt.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8461.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7217.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8064.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8981.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1984.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6462.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7480.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7481.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9082.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9083.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9224.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8056.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8280.xml"/> <reference anchor="Badii2021" target="https://doi.org/10.5325/jinfopoli.11.2021.0376"> <front> <title>The Would-Be Technocracy: Evaluating Efforts to Direct and Control Social Change with Internet Protocol Design</title> <author fullname="Farzaneh Badiei" surname="Badiei"> <organization>Yale Law School, New Haven, US</organization> </author> <author fullname="Bradley Fidler" surname="Fidler"> <organization>Stevens Institute of Technology, Hoboken, US</organization> </author> <author> <organization>The Pennsylvania State University Press</organization> </author> <date month="December" year="2021"/> <abstract> <t>This article discusses the shortcomings of value in design approach to protect human rights on the Internet. It argues that Internet protocols do not single handedly mitigate human rights on the Internet and in order to measure their impact, they need to be put in context. In other words, instead of design determinism, contextual analysis of Internet technologies that involve Internet protocols should take place.</t> </abstract> </front> <refcontent>Journal of Information Policy, vol. 11, pp. 376-402</refcontent> <seriesInfo name="DOI" value="10.5325/jinfopoli.11.2021.0376"/> </reference>&RFC7687; &RFC7258; &RFC8446; &I-D.ietf-tls-esni; &RFC7858; &RFC8484; &RFC7540; &RFC9000; &I-D.farrelll-mpls-opportunistic-encrypt; &RFC8461; &RFC7217; &RFC8064; &RFC8981; &RFC1984; &RFC6462; &RFC7480; &RFC7481; &RFC9082; &RFC9083; &RFC7484; &RFC8056; &RFC8280; &DOI.10.5325_jinfopoli.11.2021.0376; &RFC3365;<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3365.xml"/> </references> <sectionanchor="changes-from-earlier-versions"><name>Changes from Earlier Versions</name> <t>RFC editor: please removeanchor="acknowledgments" numbered="false"> <name>Acknowledgments</name> <t><contact fullname="Susan Landau"/> added many valuable comments to <contact fullname="Steve Bellovin"/>'s essay.</t> <t>We thank <contact fullname="Carsten Bormann"/>, <contact fullname="Brian Carpenter"/>, <contact fullname="Wendy Grossman"/>, <contact fullname="Kathleen Moriarty"/>, <contact fullname="Jan Schaumann"/>, <contact fullname="Seth David Schoen"/>, and <contact fullname="Paul Wouters"/> for comments and review of thissection.</t> <t>Draft -05:</t> <t><list style="symbols"> <t>minor tweaks</t> </list></t> <t>Drafts -03 and -04:</t> <t><list style="symbols"> <t>(mostly) Changes based on Schoen review</t> </list></t> <t>Draft -02:</t> <t><list style="symbols"> <t>A bunchtext, though that of course doesn't mean that they necessarily agree with the text.</t> <t>This document was created at the behest oftypo fixes<contact fullname="Eliot Lear"/>, who also cat herded andadded acks.</t> </list></t> <t>Draft -01:</t> <t><list style="symbols"> <t>Changes based on ISE review</t> </list></t> <t>Draft -00:</t> <t><list style="symbols"> <t>Initial revision</t> </list></t>did some editing.</t> </section> </back><!-- ##markdown-source: H4sIAAAAAAAAA7y925Ib2ZUl+O5f4UOzqoyYARAXMnhtdVbcSILJIEOBoDhS qSztAH4AeIbDHfJLIEFajukfuh5mzGZeZj5hnvp5vqT1JbPX3vscPw4gmKlq WaurpcwA4H4u+7L2vd/vR3VaZ/ZlfGOnmZ3UaZFXcZHHtzaP/2hNWcXXpqrj 27mNR3mxSujPN/beZoa/GZnxuLT3L4Ovn05rW0ZJMcnNgh6blGZa96emLG2W 9Wubr/Etgy/1D0+iiantrCjXL+M0nxZR1YwXaVXRo2/XS4s/JnZp6b/yOorS Zfkyrsumqo8PD18cHkd3dr0qyuRlPMzpcbmt+xd4WxQt05fxv9bFpBdXRVmX dlrRP60X+Id/iyLT1POifBnF/Sim/6R59TIeDeLXskb+m6x9VNvlnDYWflKU M9ptmeZpvY7PiyyzM9uLL5pxlub8hUnR5DU2NKTfmDzhP9qFSbOXcSUPHOhx /MukGtSTZJDazlpeD+Izk6RpsBJawReT23nwAS/kIp2ltcniK5s0lQlfNdVf DMb4xb/M8NfBpFh03nQ2iEeTeW5TurH2ZWdlM7HdD/hlb015b8ok/pSn97as 6AC6G/40Ou1sVh/wL+4ftl5Ph35Fe6WTKO719PzB39O5b37Iq6Azbxbj1Pzm ZSzGOOeJ/mxAJxVFeVEuiILv7UsiKyI8/2/44ayhXR4fHj2Wf8V/lEc+jE7p PRnzST6Ll/Mit3FpJ0SExDTTeJFmmTDQNP6DLdMvxEgTotdiQQuNE1rP2j/S U6H/j+z9TWbzPH5TWpuvTJYEn9P2TZ5+Yc57yRz5BitNTe6/lBA7vYyfxu+a PMYO+IPT86vLra2cNrQq+nYSn9uyTqcpODG+MrmZ2QWxW3yZ36dlkfM/7+ER ++0jTDmz9ct4XtfL6uXBAb3V1KWZ3NEdp7aeDmilB6vZgZks7ME3Nry5peHl 7euNrRwfHssmrm25NFXVPyteb+0Fv4ufP3ffiek7cWVZjDy45tVq1a51WRYT axO60+rg+fODpTxnMK8X2X/v8vUOzl/fvNle9w2t+7xcL+sifl2UzSLew/f+ zoOm/5tM6b/+QQd9/unm4v02vUyaMsls/PnN300F8st/2PIaotYvW8s7N5UZ k7idmAff0++8UZjtKp3Mjc30qd/86rsmS5sqfjeIL5ckx9P8m9++nqdZuozf /LZvvy1WEKw/FJP5xr6PXjw5jvhvSWOyvp28fPD87ZK0Uj1IzaTkoyfaOzl4 9vTZYJlMN4/rgh4WX5734lPSSaSkIEa+kCwY0/XFSVGU37yt7hbabVzQHdJh npEu7u75Wz+6NflPJn5v8pn9Td+/acakGj6kNrHlnITVpvCjbT/lP3WIeJNW swEJJz6mpEgP6IQOjg4HR0dPTg4ePz56cfL4ZPD48VP6p+PNk3tv6+8qEo4T sG3cj02OI1JROglEqRwcUAJxt9Xv1yS0SaCmpY1XdvwfOuR3RTWPT0312w4L 9E2UdWYIHv22n5zR+khtEUP9tvv4k7lLSyIoEl+k8Sa/6TfXlvBafAlRUWV2 /Zt+c0rcHb/OitJW/ff/3/+7tF9+48/sz4RcMqKWhfltFPnOTIox8eR0Sr/o n+ZJaVe/7eze0X9X8Q8EmO1ve9UlnRjh6YoQRGZ+0y9Gtp4To92nCRBa8Rvf c1aaJP4M1LmDXV7wn65OL4YfTkdbklX//h+R/AuCnrmp/lGiX9Xy1gr17zHw HmBZllb1g2vFl0w5mRPaa9eKPxyMy2JVWaf8/2GLJjhnynWfLswWW0v/z8FT HYq5tYSXSYZk8bX8lpE3mUDYG1Cfs3a+iW3WRVOTpATmPliZejL//v53xR+e Hc3nl8vfHx/+83L5u/Xs0+/N5z8c/ik9ffLx/Gw1fvOH5o//67uT4ek/Pb6g //sHQR9YXf266D87Pnm+dQBkdVoiygmxDYnJm9fn+NbfR2hkah6U0wl+eFC6 xyXj9T/qBut0YYmu7Nba32TFmG6pasp7S8CfwIeNk7SaZAX9iTa0hyP421// y5L+hYTqw7COLMJVepcuCYEa4R36twN5/I/h438MHv8jP/6fLo//6fnhP714 vPWSX9/0Z3rLAu+Mp2Q7JfzXhw5hdHsz/HC7bUXEnx+fHwxPz2IyxO+qebGE 72BEJnc+I13HJFsHJBufzgyZfjWg+r2piAnjq4JMaVKU9M09ecvDBwXCXj12 6ObJQVUD8vx3X/TRE/7TbUH2Tr3NpOdkFCVkb1ak4U/TclmUNZ1d/3VKv4hv QY7473ubkTbreS/Je2vuSPvAP1D9HQv8wP8L5odLgZQDydDimweSLwXvVeq9 OaADr1dFf2XWckqHRwePjw6On754cvT88bOTAyN76K/S/jTtN7QtsCfzFf5b NtKvZB/9jPbRN8E+Pt2ebh3Rp4qF0/sRGfbx6XKZAQOxJQy6wGezsmiW8R79 eL/7t38Ql+46nYf0UlMboZkfzDw/evHi6dZ+IGbPi8SS4qTt870e50l8maQd Jtm1ZPZsXAz42TugvqjuzocO6b946v9UTjoPfTSalOk4t+Uj/utZUSaGrvZo a92vwccw2U1W4SqGzrcBj97cFuWaAGuCrdH5w7tSZuk3t8O7gR8Grww/UPup gKba+NSz1dFD+xnBVJmpb+kHW5Z0jYdbm3l0YRk1Y/Efy3RGWIJU+0Ju5z3Z 9+ppOWvKcvDo1y/l4wAeJ7xux73QC/LuZ57ADv2fKkK4toLDqPv4R8419t6s 4B5N7eoRrf/o8ZOXLw5PZGmjRVrPj54/OfkmCBBHK+2bZOV5QXitWhY5Liv+ QzEx44awy5qstsQsYW/Q5UIskeoMH3FVlJX921//DzJT4Kkqi/6VmZHwJWly S7w9K81yTqKb6OA0qwqQyTm9o2GfVvicz2S9EJAN1gHN2oOwy6sFPiODcc3y /YpQFfEILecj/Wu5SgPj4SGqej3AheBUtunqNb1iklbx1jc2GeN23pQV2Su9 eAhLIv5nWu2jTc6iQ98pI0hEjIvirhrMimKWCVbiP3yfJr/705OTSXb+c/X6 2eW5XGBGTyuPnj/bptTuDbozpvOGDOkB2VzmUNpys9UaZ45j05NkTxVR8o6n LOhUX6e0RSd7Br96rjcDXer2sd4UY7JQNz92p/Ts8MFj/jygp74pzfrR33+Q V+/+eHZK//n96ek7/vVbaxKye+5I4m1LsC1mGOb3aZWO4XuyZsmeTzoaesOi yb2WgVATjKHqM3zKdZHR0U3oJI+enxwRIDt6ERDEQ8dIIpz27Na6fZbq7Nj1 HS/QHxSAjz7+TLwbutLjayKM6pFKxDy3yfroxbNfOZ/hgqyVlMDCucEBnW8f CkExRFjWPb7f/tELxTrf2vn14Grg1rC972vTZPGOLzwgGx9d5jOS2vP4LVll BPNg17QS8vnTeO/xk6P9l/Gz4+d0MyfHW8xLh/AQzQH9/ISnCv6pcQgHJ08f vzgWE+KmWGW2rukitg2PbaFbQzuSOrk6fTM8J9VmFwUxHv5iCNOwc4P+Qdy1 WTEj7r6mY7b2m74yH9AZuNXsFnZ3u76xSTSnhMFoCdemvAvJJTys57LzKzIY 7G6t6izILEtnkOdENQTMaJcQSOcEHZryW0EK2dGbgb5iezdvSjvb/FBW99qO y4b0V3x01Ovq1Y2NQqwTu5tqThoJzqjroqp3Sx5vFfgvL+m7LIBUBlcHeNUB Yc4sOXDioU9guYFz7mCSmj6jjKKvTjr6Qn9hJvQ4W/VJ7+EHM/Vfn5ksWaU5 PfHYr9i5VAnWndEjyb4hMZ9lJPLT2cJUvPiVKb93398+Uw+y5OnBJ4qycOEb H3aP7NFFOdAXxntjos59f1xboJhsM3xPrajj44PDxweHxwdJmvTHsn46nSzr y9eq/lLW760sj4vEN3pWFiYhwts6kMt7kzj7b1QQx5MOM2Vsag5xEdnd2185 ks8DuNv5BVtn8hmhNrPY+sJuMTSapKB1kjjHR89I5JDAeXF0CFVw9Ki7L+yE //IebvEGHLW5sT/Zsoh/yMGsycyymMUeL+zSlDXHy4ibLuzU5tWv7ZDwqLxn a3+jpiJW7364e2+PPhSk3WzleNiLqitD/wrwD5k7KugISM3862hpJ1AZpyV9 kAGS4KH/Bmn8+CTegyw+wcEcbx/M8+BgYFluHkwoUz8RWix5PWTBmpJjp4JJ p6T5anb3jMCElkRZek+v6NO/1kUoUXYoejJoSkNmP6FV/PR/xPG+K5oSBjkd rzfORyo+GPD/MyOMyRpH+Icii5/14g/FIH78aJNjWt3L//uumOdkw3TU046T 3FY9a7jbHWudFxm7dnuIFZ2Qhn/+4hUZZMVdPBwOw43cWLhlJnOmUBDtjYVx +CtHeMswSJe6dYy38wIibvsbXfH0QUPy8QMejMoQcrw/gFeCDNeDZydw6jVY aHWQ21XVn1qD+64OEjvJDOHlaWqTfvulSauV+3MBGvTlCR3NjyS6fkzTNIyC eXwmBP0DCbh1c7dLqIf3cNFYdi9/JMQWX3w6ff/j5fmPFzdnb5y7gNj9L434 MolWYDU1S84TCA1nuURnH4x88E1s9GsEoqvqYbruOPj5gj4MdP3bqviDSdap ibc+337ILkb5+znFWcHbbKI8JEZxvHdMQub4+AmJmedPtrjk+PhbtDKXd+TV T+LNWfYnBaGZvD5olhnpgeqA0DTd/dFjVW5PD4gnjx4Pq+r4Rz2JvuzmR0RB +5fn/YubN2eePl7bkvDYr4m3y5/7SAY5n6d2Spv6bOMfSCHF17ZYkkw9M/AV 0n1e2drAC/XoV7js/UDfu8Vh763d+GhD85+enccfiEc2zvHKEM467nWkzuZ5 mvEE3EW8JxYb8U91MCdrBu7uSp2HJwf25z5xaH+CvfZXtn9HO+0veaf9MXba B2LSnfK7Tske4jM8+dYZsvUyJaGP5AcOgLN5PFlzQJwA1ZS4vP+WsMgCoT+4 GGA4X5dmAoU3+G1M4q05WVTno9Alt/nxjof8EJ8R+c3M/c7H/EDaf57e2TUt dsf3djzvT4MH4qa/Elnd8ahrMs9Nk5TrHc+5Tol+yD7d+saO51wNJPVox2MI TpC+WW1+vuMhhMlOBw8EXTVQOngwMLvjeSTjyMjOW5dh92Ek5kjKbX5hg02u 2xQfB5SOj+s5kqMgujVsBJ4lK3rZID4tntIO/PACbe/8fPQwxl5Zc5fMWUCl jsj7UyFymB4g8m2FBH4RSK1Jby4wfHx4uO2iJriZFWtWL+B/OkrkBWQz5BzM vVb/LakFqgE2s+02TvmBnLxvPfNy8MNgd3Q7DH/v+o47kMPWJb5LGWzk9R38 b9VifLA0dOKMG/pzOpNO+suWoblBFh8uRqP4u8On6mfPzBdLMGFLE9Cv6oLe zEKJY33q0LusJmWxItl/6W1Jr+N/g/2H9+2w/uq6+9G3SZtotIBv9z9E2Fug /8VO7aHnT8ZFPcbKJItODt6SzYzz8Qd/PreTu2Jl1kjN2TzK03i0rmoxU+JT wgjrKvUc+o5WuATaknQlQv+TlHOBHzzK3aTdLuEByuY0311f2vU8El5XprpL 7SqdfNn1QEkg2fmdXc87h+zeEpT6rPN5SXg2zc32dx5Y22vCZsnOZRXVvDFb nz90ZATo7e7zmhuTwx7Z/MauJ+1UKN/WKDuf85AK+KYOeOBZNwNSl59tmtN5 7lzYjcmmfUnhW+764m5h9+uibscXdj3qbXFv7nHMk7lZ7HrYzi88AMp3KT7i Q5YPo+Gb0en5f0RMEOZ98hQe22cvts1cL7S/kXY3SWt+5mAyXSBKcPzi2fPH L0T/vbf3JCsOj74FHsWOEqRYu2jtjR1bAolnZC3yH98UZKtxCvPf/vrvI4J5 pC3Z2zDxIRiXQX86+y2+GlrYlnxWxRh+1hXQf0jvgsiaV23i1r4qitL+GlI+ /8NlH9/pP3t2cvLSi8XRBIzzcYRk7jnSCuWayPyY3IVJnA9s6O2AUDG/f2tP 2x9t6Jwbs0yTZ6SWitn2/Z88dP/QGSX/0hscB3AvSq7q0TH978Hk3rZ77f8k W+1XvNWi6pvOVvtj3ap4Jy8I/CAw/k07/m0Dc+Imnc3rMHBka6/WIZOJCUzZ DYiqcW7lV0RHpI3IBqoePuZdzE3ImJe5i69P78t069MHxPz7NEnSSWHqXQ96 V6y3v+Dv5/iBSw2Ty5zD8GGMiwR6/XIl35V0dFuRsT+Br6aY4GKPD+Y48X7J J96ns+u73/WX7sTJitcD7y/dMfNXl/6Y5YpJC07T/M5mBE22eObRm+s3QGe2 Joj+pigSx+2/Zn+PBu2Dtxk8XVTEVVtf2Di9j9/dIE9LMixOK5wJHfimXY5l C+ObiuQqvE6PN7eBe/iU45DyBAUaG54lf0U3dtZknbStre05Haxvaz9w+e93 dvOzzYueFEuC12l1kKXj0pTrg8YvDb4Xv7TtAIFk5twU9XyXb81vAzw8RiUN 3TzSJMuYcEqNrU6h1O7J1oe0vmmqqmWMBy4SWrjoZBSo+l0sTOeTHaT/B0sb /ya9k+i5x5dYerF76fHBycHx8Yunx8/pXzxZux313Y7ooGYktfq8sT5trK8b 65edXTnfTTmZxye91hn2pRnP6VdI1t1FLGZmQRidTMQJydmaE2Z6/J0p2I8z RkzMDBlPG/ahq64keymeIgEupQughy3Jjvk1DUJs86dmTAvb5pk5gU1CiRuf b+Qcxw+gluHo7MPLmBDBEf3f8cnT5ycnO++NJPI0hb8NuQZisqHarcNT7pxG dCptXLzelUf7YOaQq8iL47jz4YPFebsIKBGkseBSvYecl1g6fG5+tbRYWmtb 4CgPkXq/jmkbcF3U7/djM66Q+1ZH0e2cLKqFXRQx3ob8S94+7bXxOhBFbE1e O5QIRIMYzZy0R40klWVakiRKJOyAH3AFJz+ntJk1FRNgGqSbmXHRCGXB+z9e x5eJ+Pg0PzKVCrUBR99BhvT/p6Q5kM5dLZHLeG/p6LEEpu1iYYmjotW8iFcG Bvd9kd3TmlZpPY+rdFpLQKTEpvi14WLqIpYUJmSSrLXkj7+15DTLnn+PiV1o GCsycUIbR1jKYWfkIIbfZlaKRLfF9mdafN1TCnNfmThAXUkUkj/OzAryboo0 tlIOgdZSEhqyEb/K3VnKoTIVJHwM8bxNpQgOqxev5mAG4eeoItrk3GXIUSv3 FiPvIjb8xBXW1+6VlrRUZExGRZbZHPmeTCc+H11jcfT1imgnS0BPFcTbQEhu QYgjs1FE1FoWnFBGmul3wX+i6GMO9Grjp/WcfdOPe1xBo7FIs1xaA0Ij4vgx LHD8Mf761Zdl/vJLxIcLMsACx3aW5pxqrPcHiYJ/5i3Ozb3FypElR1+N74j+ 6I2ytx0lzb04ISutTMd4IAp6ENCHx/k+rdM2ykr6uSYzelRDx++IeJwiuWId 7xHx78v1EosEjyFUkzWkQnuRWRTEdUQryJyrXsWVZP8RP5b0xzIJ/2hmBIM5 5MWSXNhvYtNlHTGP9Ce4uiR+BHd8P+CAR0KP+tYqFozGe4VzAV9hso2IYvQk u5HXV0LUdEM7P445ZCAbjcbEOPW8NpzkSxbv0rpTo38s9QdEQpM725XELa1F La35uy6lQl3IA/dsQKpEpywD1J4T/hyentHB0oL5UH2NW9VJKK6IbD+w+QhO AIVwbbpQDGpA6HbiFExiFxVosyyIRVDbxeKEFwODmaUkErEIb2KfxHOc8+e4 Q+jQTjnUgTX6vX1XMUngOOaGSGHFktAz5RxybgHWx0rmaumSjIN9S8p+akiY 4EtWZGGP3xRBbsku8u/q4AE4D3lDZxHEtkAGJFCJFhQURFai9HRC3WpwYbZK 5BMEG+HAtFmI8E+IuFGmGJNQM+sKyaFjCB6YUU0lxYV0LsL2RLdEq6AQbCyV KwZRz9NF7K+ukrNGZDhaOUKYQ06A4XtelxPRJpWthc5Ihnr9QCT5wf5MMlm9 fJEW89NDIQxVFW6LuO9AbyZADERfS5ZTyMGNhPPc54FuaJ/QCx5rknuAsiq4 hEjuEa9ZkIgR1sk3wATXkzRsc7JKIxtp0m4yco+N//bX/4Lk24xPGE+nr/Df csV6oqDoJa+RRU1GingtosCdT+qnltc4qVi2UpG2TxdBDwIA7jO94VYDTcRI 5mfR1Sys5NhUcFW1NZloaNDukiBFNOFksxSngqIWfCrKHKxYNbMZZBPeDarA 2RI13lgDgchoga4YMnib1fSYVhaqzgSUDp6IwGnyvVbR6SW466HPSBGn0Kq8 L9IGjeAIkm679CHSM3i3ohcX5o6FhEkSpOl11Gzk1CxkKL3ii20JiJPUaJcx KdPLLC1qVJGUJM7aNhjxyLfIqDgnmM7GqYKb1+eazhNt8u2fX/pbbVt1vOc0 4I5+Hgoq480g/kvvjldkpFvCNgRUUbEDC5exHSyGkERKO4O2JrJAaLxjjIxd QBzL9GkbDtVwGrnAw0hXSWRJbxhCLNINLgq6bkAd1rHK2pLHUtE1ZxmdmVsn l9hC/pCoyiBZkI63rO1iTOQhiBPI4kfEzP5YlHe2/FHUKggpYjhYzUke9eKx 4tcfWxRiKqgsIs+c7qYuBvGQJVJUTRi20DV++oGhnYXqnfAalaiKEn53oX+W nrLIFQgmctpkbBI6XjqntB5whv4shW9Rf2Tx9CVyjaz8Li5NSpKprkj7TzkH LAW+okfI3aU1H2BGMpu0EjTXxDSVQ0K6JNGCkFa5KkBOD8fNM3KU1TInMZwk w7JqMusBlogi+iG9lqBMPZcolFLbCvomS+8svebP//P2/6OLqzkvzIBiSCJm gqJTqTVYmlmI6+cNqnGl2UZdLPsqXWBheKoa0LU29EgmGQG+IrzAJ2OCqFgV GA39WErghx6YfNpAAglqmBqC6kBFAM2kK/T0PaRmcsPJTjOAyQT/hfLFtCBA Fb8j+Z2WXFiBk4xPm1lDmlUfUsJfArg3jTZafSDCwU8dW1ki4ydlmg3rSUtY saUIEq5Zyo3IBQjJCe8sU/dJGSq6lgmZuEiurUwOaTq32TJmT8aSjpbLhE4n 6HDC91C0y21L3QzKSNScFGju1D5YhU9nxfQzg0uOGN7gAGsSk7BokCZJjESq LgFeAT6Pbcq4TcTiQlhxKMBMDoekKQSNCKJJm1NFWtcJ217HqIGMTAhyJECp Q5wYsR39IV0yQCwWHqO2Z0Syi4yOmZUj8hvng02QnUJYoF5HUFrysgZJjww2 FWKJSmT4sODsNo6xTON7Q2ixqTzRCrPrDjOyB2SbYpwSX02w34kkIapJDaYh riPQlhAuZVROnGnGacYGxiC+WvNZtkmqYp2mlZXd801H03QGJxCOkczHCWlf SZ4j6W4TUa5jqwiMZcXQ3bRqAZIxhpZMd450QiuylMmG/Q64eP2E82yiq7QE GO+158nsD2yVQ+rgB4mF1UVvp2N/C1uiJJrQskUtOYpIFLoWC7TcV0wiHIjB dYjrwdQQYnfQUwyKlArLtLoDDUyzdcRL/9tf/93EfyEhXwvNGdfIB/9LR4FY CyQjvpeDPbn5T8Pg38S3JHxQcs7lT/JZuH4W26N4zJac8iUHohbr2Ep9FlEb oSESQQT20Eeip9KdDp6WYn6i55KmHGd2MYhHhX6I574+G8Ywtu68kFusozlo WaBX+kVf5HVn8EZRsWo2EbhQrwYz5cJGLC8SNGpY8Fbo4UkBvQQSIF4lEGfx ksK7GeRJ0hSJgRz+1dRET7ldV+xiWizEpU2aln6hxWOn5+8/eSB/+fq1Y4ba ZNC2nsz4mdiMkkpkK8llJgZZATsraXVJCDCbNsL2iNAhPSLhXG0i/EF0RnZG wNt8QdDOC6TXgCC7EKDH0BPqftpkurYVHTksAvaLrDYwDlDCLT5z0KLIs7Ua KaBnhk6Id+Q1bSWiY57ZunbZvZVUpTS1gxpekAB/sHSUaxsytRAV9YUregxR jBr6Tr4Sq8EHnGW6TEIGBqaQIepge0oxT7QsiJzY9+SgR4CCksJW8qiVrgNF wlv7jnAbxSKWVEHZAPEVW7IwI3osxq2XOEqKIvREBZGiFI08DFgCqxeCFBtu 48VGhImISljmEk9i1hGvpYlHd+sly2dUX4mL0JseIN+tPZMgiap0xjwdo0hH JAUZD9ovi9jiVEg4Z9GCZRXou/ElFXRaESrkqweMyolUGMapPPerFz2yKBgg CL6SnzLKbEgnp4Ap9JixIX4WLEv7mKDnjtdgLTJioMMkm8EdTRKv5uxJg85o nHgTN0vSnAmsMO+dgWNRBA49c6WKfwVBDLZLCPEzNwmYxDoJq7B5jwxS2QIh giIH2RGCEy5kALey9o4WIfqEvqptC+QK6Ejgm5qWRDSkResGLlDGIPrQmSW+ JyYheGGn7KtGb52k4YY7KBMkSoLma7uYwYvq/60nCiJlWzFSPRrDpHTsFtwD XaLN2MAQfQcSZO9MWoeu5qiFDuBoEm8ZLD637gHc79b9q9su+zVK7gxULUEG cF/RbprlgAu73ImwTQV/A/us2XXHfOFrt6pmwvniykID9aXzQlkCZhUpLfWD CrCMuNmDIkTg/tYtBHOBMIFNVNFhaxDtlVOf7Keva5J66yria/rbX/9P3+Du b3/9vyAKY3QUUA98u1QiBZIYi5jLYGvxhpY28kFO5mZ4cfhOVPraVv6sBdEn BTcOIBwJeUKkOEUnRtikjHZz52aD7rY4DlyKrJtwvB7zUOWWxiYE4vCT5brc VomGiXgIfSG3BLEeOuBLkhhrfg573khYvGSfyBocg4JdUkvyr6kV/ia8ny49 +YWfVMUUlVUWosmdNN4V8bt4R7TGlCQNIehwESCpccoOEu9sgZdS0RoEOEPR jPNDYVT1RRAEHuGXivdapxb782i/0dXHD5d/vPl4/sPlLTHQKw0V6GLj+yYD FzLQJLP9zcfb4eh2eH76/s3w5vT160siHrwxW/dI6pkF66GFQBSJiZB8bZb0 LTwa+vL2083Z8MOltBBxd6bbily7xXu543vLDh09CnrI5fmwx+De/jyxSxFe AMycTsDVWDaJgm0raZuMZWyOG9Gwg9M/gSF5TuutnV/KuSYY9eWupReR7vAK EjiX9hsQHD8Vd62lL0JmYqaAUqkh3JM3LF3NOBMXb3uzvBH+AtH0ghbwNq1c 4IrojJjtFu1PAc9WomjgQlgXjZxMXohxRYwIOi4Y6ftngwE4DsKajiR1QVLO aRoGEgYuArKdCKTwGUWA9e7DpFmMB/GHQtzfuq+XBNLubGA+AUCyoTk3eUSs 3R8Lku4ndI+o/stzOIjHDRkltYIt+jptoaxsBuhNGoD0LNkl5QIZdbjNV3Qc xP60/qVZc1oAXRW9xmSwxD/mkh9gJP7VU3nd85iBOENE2dzToIJcyM1lLxKL rVmqxQivuikhJfHYSVpOMjYaGX8J7pGYhGhnIvaE1XPLSXSxRI5sorJV4DGb R3E/4RolJKMepJp+nbHdNKw1rgE5zARKgoh0I9lcGYnBfwfPbFphofewBbMV 3ENKh/RfzmHNK+AWqJkAZ0FoMa/BwhvlNGIbTW25guN7rQrSICYzXsWYXZeE ZSZpBcXEgWXsNEWg6F7cGpGoCOhidtnIQULmNiSW2jKvB6LKvFs2gme0einx h4HTRq6ZMXhPIAGn4kUQwnxHyiOdKL88GlvmDUDCFP2jnKzK1nG7TlLb7J7A zbPVKoKO9JFsqRc5UKQZFQACSExNKwZE05p9FwVu+Y+IdU8NWZhr+jgimieC BoXIBzi1RP3c/qNbv356YPfPWGkkFH5nLbsDsH1W0vpNsImeDPzlbENUNW2B wzftgUfebQBa5H1yE0HxeRIssmh6xQEvNTOAY8zaqVd4+yCrhtMIS+AzZCNc AjgSggVYEJWsLjU4ZUisBi4UENAbRXw/wCPENSMGXxCrbDM2TwKpxyIOYbWy qNgWqNBVmhY7IX1VNKRyhrIigGoY+nlDEm1aKmc4IRbCZxELw0jZgw9A6Fnc WGRHwi5gwizEaK9RcYOWDMC7+CuD09B3hjCWVc5H5Vii8RFvOE9h59Aj+QbV suW7gE2ec+psfLsqJEwW/SQFdmkF6AoNyz/jQ1HGUftaAqL+0x/fEuRqyLwB 4ImM9oOp2WWnDkhe0TwlaXwaq0IgC5o35pMw2nbFpJ/mgTeCLpFkRVwWxaIH Z7b6BOmE5qRP4qSEE5OeCPKo6mYKty6pneLOCR85fPdUHIhBCzGYW85TlyKX yW+oNVNnYgBbzqbyvrF1uzFOlxhGmkdQWr1o9mzUgWeDTwAe+d83EpJ6KWJz 7fzM7KVneRa8Bkwh73Zy1CBJx4w1WYaDJIJyeq1EAXabcsMXYWZwEJ8HycDv 49O8oot6yfqS1bpQYKCXLODkB/WfCvDN145BjCsPUkggzjHm4YhNI/+FqnWc tT6smU+nZowvzkCJahQi+UP/sFMDKOcgcgqNS+eiZQzvPd4kd0uSloBFRArL VPobOaeOQlvuT+bJsuP4dx6ogLQG0mJnCnak30zZndf6wFh4k/CVAH1bspMy EoNIqlFd3W5JfeVMJ+9NU5r4ukhpTcTFc+efqKw0bGKDO4CJ8nK6CUJScEH5 ZXNcHJFBhNznaiQkZq3YpheHzmcRxwVSDGDGsIeMeY0zYehJa4hqzjAqGIYi QnB7eXV9ObqVXBG4POhWEuFSOTF6etX1EcESI8pxHiFDtpb3+izQhYT9XSCw DuWFTvJKHcPYMvsF2ItPz3G/SPM7RVLij065Z0AHUGyYjQYcPW5yYqpiGolr tKXKqjUQyH60CHcVy7XmszmrrRVVtEL4CtZiMcVjjp6PDcEEUol0Lc1i6Q6X gNNcRScfGZv6bJZDDlbi4FH1kBTNuFa/KwjfB3/ZEZWgXGzgnQ6dLDlGM3Na hXyinnx2msH3KqxYgPkHaEoIQMXeX/XgevIlbAXJC0JgLvgeiZJibxCnozKz 0vgE23sOEt/Ru+CU9g+KvM2XEM+Nwb+wwlDdaHNn4+OkF96FA45N6+8j90JS GqVYQGjVXFfcnFX6QqZsSS0QPM+yNjtEZM33yMZdR0v/mHMmEX0IGx0cmC8y 1Uc+yQ7UEIdJRVE6VWKVAFddfI/uHOo3IAILPOBDxIjSxLu7F4giV2yoRLAV OGa6bi8ubRF9LXm4+WQtWjrw6InTMcvYsR2p2YDfBDE+595kFOpdoAhaAjh5 IoOk/450U6YYD8HvnobLAgWdtmuq5pbevjAz2i/8R8Q3rVsRq/+uEgzHzCW6 Qn9uGN/G6nb07hT6QkOANVdg3IJzT+lhxkUi8SwCl3QeXauYNa94dELoiHiz BCdWVi10xdkV/ZbDiRyk5chVEjkGUn+X5gQVIguCDzjIS1YlAvgw/wxcKJEz BOChElkgOJRTOOgcyPYjBihF3XCWh0EHDnUEISMVaFZhdQIXKWNzWnbK/ahe iWREpte4KrKGOYgMdXeoQkgcNSXobyWeVoJrNebuvtjzDlc6FYm9OOMdYCDD L5BHwGFsYSTI15ZOb9UV0SoegQd0DDUfvC4CnW28oSw2G6QvDKGysV23BgIl nRCkmnUBbpb7TTnSVMGyI9BNpniRSGIUwF0xZqeGyTkASPpYNKAz0QTcEU2x CifrHO1KOffNg2XQh88V5DVHDvC626dz0kSztPKLYp5i1DsVe78OUYiP8eI4 YVUJQwlm4wONWrgpUUzt34EzQ4yFnfl+t9CwC5JPYuFO0SYcICPiGTlEli4Q 4rNllFF5bQPJD/PpOJJi5/QHUjD053LsG5+7Hwy4qyNLDkW9Zrl+5VwlxJB3 cM45XEByhw6tKX1kYVGUbd6dRG/gCsOjhWMl4tLUDPJrxIUYySIElyFVCGGD deGSrLAGDYu5PBRVRutOlg8gZKOJNPSR4GO3Q4lei8OeTA3xWo05REOH+51i h1SCTwiugTrBeLAjYvWjKd4RY2pR5I00UQ3ym5SR+X1iskmENAh4ERRxWB+E RRRBdz230MNII/XOGJ8bY/R3iVkgzUA7/ThTmLbHuQUuC9nRN3tjbCW6fFRg 1I+6lmH4eZuM7xCeBS2aZkS2CbQ3A5mGD1tT+hPVx5IVNRkEmfrsF9/IIZk4 BJwizFuJw7Zc4PFk1IlelzvMC7ZRGSLma44T5M78lnert2YhYsu/SPMuORmh 9OsMQ7L0UtqbQZrwYCOsO0TYySLADt62Yx7ZwAccGI2WU+oq78BZAZMjt5l5 gMOxEZysmChVI7nPi8qVS8qCNrU/I5M/tJi8nx6IaR06ijS04QKePgzBEhZG bHBfWUMI/1Ws6beMmqHmJIYiOorupkKent4azI2lKNbzOTGgNYiPgYtZYnEC e9i7bAKtxcZA1Sy5HAG0ywTPLxzQl6tlWosm6CmtpgskallNUob9ZMHsrad4 4PK8GqUr56Xib4vpP7YwAUg6ZjUq/pzEkIxSRhYvoxnn28tOycJCf1TDOp3L A3ArZmp5hImLpQJGowM/RzmjMFfIu7dwY7pbl/HCqR3O0ghNSij3SOK6vfgN Ny9Zizvq0w/6vyMXVCtiAQcSXsPhI+JJ4hvkGWlEFmkQ7GvohMt5XQWdkCQg t+yphmZR6j9FWLykryqNaeYN6+YqVQfmDMnGgLKd+OFU+ldgS/iSpPN6i8mf D4mnL534jeSThBQ4Z99txJrNSFBSI+pEe3WN4o4Jlxipe0SOSB5Q5TBi4A3U ypcIfhLJSdJkntJw3JvFhdy7uj0TdZIig5gjE1/QnY/VkK80Em4WraErF3iP d70iecqbVJf81hcjhoLKTF4Ap0l7OjEOlttuswNEXJats1KQAZfTuZ/PncOG 5TGnimoIFMGPgU+K9MB8ZQNbW5KMuqK7zXpLnSMJd9WUUVD8MOUfiQorWoCF nhHOW6hd+iT/A5lqqV31yMoVGYU7EqvbY31kUyGQtOb4jStrGaiFo0UgtA9b uWy91rOPeBP61/biSUlSKnNS38diOPPL/xWmuMBLQKcxknFr9yIefsS5V14p LUwJBwiiZh+vo9Hl+c3l7cH5x6vhh9uDDx9ff7z5ACc0G1nipcyK8Xgt2UcF O17g/ynEvGavfRR6LSUdiWmOTHmGrkTirGrZWCHVdO+CDk3u/UARe2dTLtMR /Npma7RrT/Ou89SbmSaPkGAFvEzMSpT5qvXExGPkMo2zht2CU5exQOI5jKmL kOI04nWbVQPHPiJxC6vp5LAGyXLDo67AdczlK20J3kZ4hBbZax9EFTqFqBzL ottXliIIqs5TCaZ4L6o8ioeVIAcOX5gQjqDVuPBgJ1TDeRYFGUI9+UdESent tmgkBVjcpi5Oh6cJYC343WU0CftcJDCkPeSWJd1bwWzOrUhgg5PbkJ7H+xV7 ItIoIxsQuJGcJReXSHH+Z6/1TgflepxoGM3XS2BOTe4coyoYctdnMDPGhPLO 1lrnAHNb9geNBQQSsTe4Lb9hx+ql5I1r5opcXlGKt3BXUqykWZkMQTgN14j3 ruOhausj0ppBqBCTK8PiIGi2BIKAeKavuViJF3hTo9KBMwNWssFtFBpJaNub GfoLvmgeAbq7Co0jAoUY6PhBtPUD5/fim0fsg1AcPK08tlQMM6254WD+BoJs KwWUmMS0UcsrImBh2UkI3z/cgWhzlrXZQa3twJdAMIQT04Y5KkVSTR+ItI5h VcSSMEkP4sJDIUOn1TbAN3M6/LsIaUbs4OigdtVUuFEJ0PPTSXqw37/jtpWL Evdx5GIXrQeVDmuEECkEVF2myzbPLf7zv0K4cQ66Jlv++d96sRpCkivfdfNF hauHTRC2q9UlX/GiOCEG+Rp0Xg4HOGPG+YWhIDm6teYc3HgNjXCqhicCG7l6 LIYibJjCaAcP1CKcVlIzgfoyK/5A5xGX+2YC4QNk2d2em5TgBP4A5y3DPUom /lTr3bwpq/mvHGNqzzeqLPCSUJxIdDszPuc9YMjWLArm5HKKQEC2vro/Y34H VF7ZcZVqqcyP7CZF6syP9LthBHtjAvHVuNQP79QASCWRN+Cch4UU1MC69ciw da2LpspJ3SROT7okfnHowavmXMiSfoqOTFK0yMdN0pwkaVSB0kBxNWeODn39 37p1/uCOBbcqFJDsz5e+YhKCC271KrqVqI4vF+PkdZ8c7bLplGCWDdwSm1HF oEio600TRxMO4/efTj/cfrrigMqDwQ6UotFh16ou2PMqQTuzdhnQIivETOR8 YTPjQVmJ0YznYVRzaGKypsvwkAz14qzeFzy7xtGAa8+qnft5flyB5FSe2eGS QET6tETm5A2Hr5zjh78CYdLikogdXjUaTUoROsNoX6GZuzIuPnvEAGqWCKg/ rFfISwyC42e4wTfS+LOt8QwuwbsAeuqVEQO4WUYCIlBumKyD7Abucxrv8YPH pWTOYFRRNb8j1hoVGSGHlL3GKIpACaonr6CKk3U3R2uROac1LVyNy249VFum Qn89iaem7EufwE+rrzKhT+CnYizFVoN9TG1pU6E5Gj/BF6U4TihDBLqvXR7W PubkUsZXNi0TTOvZymnX08T+kkBwsDjm6h27VmvMUbdC7lhSEGW+R/wOttAp icdsbJoFTqLgAC7k8NqqPUMwmK18Ntx/bvjkKgM/Km3FW/crEic513tEnVQD jahyNZSm+jspMlqmlkxmsZTU9ZNzCIpQJ2aJwzcfpD6oMXNLfFngIafC3x/b KnQeQTXAIC/2QxBjadbiRiKQuPf12DR/yhdPbBRlVS/FzuOzYv9N7WSnEHPq 6tnVy+ZJDTvRC46C5DDZUbcCbBCkgKWblQE259RklWOOSLoKhOUG0gxlF+H2 xPhAd66XEZlIEHOXP5PxkHqV8NnaO6QZCsjDHjklRNQK/ZAr+1W9XRQXL0lQ sf/cINMGKojNNY/HGOXzVS3g1Z1ZjQyuDJd2XmPS67JSD3RV+0pBv+Jw7B4j IZaOyMer6iraPIBpKsk+u6tSg8Il6VHytMePizoBf9JmaVa7diGWjTR835WV siwp1MMXFiee8ankve5LZdVSfqmqFw1dBjFrArryqHUUcoTTKHDvfnvv1tuC KMkQtC/19tC+OLzIJXTyt5iy0KRLipcA2Qb7CIo4gapWWZs/yfVR6g0xizE4 O2lrkMOdfhbXOqiDxQy/6yYtoMZnHJwz2R1rJyMWSW25CkpbEdLKPxdFUsVv i0yN1jNb3kGInXMOPVeHiU7rtQuMtAUGvn9ONjsXYGvDNjZ6eCxOaKDSi+Cz uTc9lz1I9gcDr/PT24/8fdyqeufx9YvzntbC576uMxjlU0yJZPO8Wmf3pFVM 97uX18NzSa+FZ2KEoPJnmLw420+cQ19KWgq/ht0dN8PR+SjuHs17MkELpaLh 6DU3xiYoJhp6MECrqpz+R5vBcGcCV4RAX/0Dbbxo7iWd4QMRVFAdvRfAO3Xd 0YbEVcaiEYVcucxg0NAeEDrfrkTzLfxNIKPP7LDEN+80IMTLxWJceBpm60wa kDhxKsliqvUjyQ5A/e5Ekt60zMaV82nWtSb8cVyC21iBALVYnwcDVIBoaaI2 kGp6x71hvoBLJzfIbFBPfKCzvUHA1XCq7VUUh75x7zIkBp2UpFakwUY6U81D 0tGRJzuFSWTnE+3tMpZxUBK2+Tg2CyPNWaYYes2NB9AbpmwyKY3ZhJlspHBm uaQR+9gvHSa9g20LV64QS0gnD/9Ut8lwEi71hrpsSR15iYw4caX63TXID3Eb bIKbGe8Ufg8JeGuG2rjJ7th24mZZiIEGnDkgRufIF9iBjqW9hSgo/QyMBkYf iKEQo7o+Mfm6RdThw6O2QRqHaxlqcx4QIuhcw1Mk1lfcOurQOq+uMv4etgvL UySMww01ca3WJMkQbaBB5ggBR5wLikprQpmFsvNVUU0AD1TjtPXA8rWEe2/M kH4YIXutEQse7AZvaiAJ9bXIGmFtgkYri6KWOEP0jo4xpYfD2bGSeInLkp8j 0w3qTKbRSchiCJpYpBoWMZx9qPUtf9FcSE5j5SeQBIU+KqXykL/bQyAsQ2hC fuRqGVBvDmaccd8qKapFHAl/k1R+o8FOV5Hn8i+IdtihzdXfmEsI7IPxCLVG 1vAYjYy6mpoWKWnhNzNGbjMfIpBwMd7I+5FAVxSBsHN28jE4EXCrirdbCmQ1 0oNItSJuUcyRKObgu5oAvf1V1eEu8lc17J7HN8SYkLA1l1pyjk7lY4qKtKRD IlpYNX76zqxJK1dmGI2InujNZ2UhM02V2ly3j2fty+eMTxnjsIknwXL6axQW mWMviP5JQnVTglLYWJeG2tpq588yubXba/V2RxcVV58QbbYj6bV6wyBNi2XR GGOfMo29bXeQ6u3uuoLqOkkI1tdyxoSUe2mmjUeuHTc2i8iaOPvONUfSIK// +o62OYTfvn51A6R/+YUgEaQBh9SLWip+mWE5MQbqjLuT9Tr5W1CoUpjiZia7 aDSeE7QUUxDsTBbWjgiVSdyMvVleNk9NWmrafo9YmeRRxP4aTu7AiphdWZv6 o7Vo6WCJcAbsKHNdZ3AtQbeknksJy3wRpOsbiG+77iSP4xCTIJtMhtEyIOAq eHXD4FtSWZMuOV/COW+CZLLKhoeOXNyVPwUbdDJARp86P7UtVqwZPdtd8NDt C+0SLJqr6DJct9o2xwwYwspsz4QHMrjQU2KdUGla/tv5ooWFNCI1VLmoi/jg 7c9wkyTsHpYWIgEboNdVs4wMJ86Hg++J3nSCPZFbLXnNHSRvsCA424mOGg32 lCm3WUG6JVE06njwZ67qFeuIQ6tLbhpwqsGAEDR27lJdMuID5Lw07YnLJMVx FlNr1edSJtx7rUOLl7/00ReooC2QNHiETNbtWeKPRCixOYigM/Nm1dPydmFL Ez8apxr6NNFUKpgf0Wuu5Yz6Z8Vrekli7wvtJOXaHtCRIpfXhwKkJWrFk0gj 1/cLgNWWi8pVMHQGWwusE4JRFVfV/QlM1xydj2WKTbR3dn69vzuVRlqxKKFi 1gJ4L27NU7/TNI/ccMUDaR6L/j9yAD9xJHd4enbw+fF5Z0z7o+rBOe2RO1ov c+DV1zntOD+Z1E5Hx/4kb484KSm3S+8/OjmMvNyI91qUxSqjMzhevA5t8x+F IC0DGyKptO4zlYM+1WEp6bVQSxOwlhNLQt7iZzGIKP5P+6LeZOmRf6/4Evmb bKQ1bH75tDRkYX79+v3N6/NnT58/ox2L0jwRi1pMlggZ8VIqAp5ZSst98S0Y Emy04HO5dz+9KO7eOwo10ynEb+QTLLvt5Lbk3qNddyOgW5nhUaQLPz55Tgvf M3e0mPPro+fP9Sj4DQQga+4bGVK7jwHTEZV1FLiGJL7fVnnGR4eHhzHyT4jM +4p3W/uMtXTbt9IliALJczKB+HtIoMZ5w/LEC9sHZD5J2znt1AUdIucxUuMR PdC0AyjjDZXb2rh9xeW2yBtnW53xuNgIE6OuGjqgbl4iw3MjLbXk2O7Q6QN5 U7oj9QdLoIxbYpNG4JdFSnuSE8wLdH15sVG9G2mYgGTGR9cP3WnQdk4u11+P BvAXKduWLvHPaiFtvK28tM2kk2aDR+LF83cM7MdxF2dPqdshIT6gf6mQfqsk NUaoERiBTfqO9ONN0QY5jRm5NULePtKJ2lNVMLuAGk6aD9S18om1w6ZIUuSQ 9jR6hOK+RjviqbWmUCzqtqdbaFMeTWFh5J1L7SYy9xMj/lDQPrt/graO31UR Z1i1t9C2laAvJ6C3vnybZJqLWAwvR2/iPU8gQ25nzm2BIhf42wde1hzO4Xf3 1qW6s3zUTrTqzQrIGMaQPNMLChQQSr4UP9urQ+3oouzIIfOG018zV2rb7okv xHlLx3KtUYcRW2TpknvxMXd+q9mD9000zIC+ixxMl2xEDPMoZ2E+Rm1KmAqo nOqsUDAVS7777fsRG45L70CH1P50e0pEWmnpTAjQfN6LeCdqTmNyNQ2cW649 p33pnJwnnPZGoQLcDJL1jrejcykn/ESdRZBJ1AcCxFdOr4foQIsjMwur2nyU LlJUxvPZS0FEzgi1WcIejHzbJNM2w1RIGeYycjmNRIk86NDtfP16/unm4v3l L79E3bOW0JP0npav7LgMbfv5M0fsJpxFyP2bCKahwFWXYmLtvgoYhPzCJeY5 TWBAuQ5zrszPXWdLKsMbIjPZDLbXLForTeMztIXXN2/oLm8lglre8eaaMm+f K4QYdQhxb6mhAwSdFlK+1OScT2+T/bZxjoZEuuuW7iIiUD8MR7dtG2EHMh1s CqeBcmYxmll//YpknL6d0LKjvZaVp00pri+0p9xXlGMifoOmgKoqlHY3NVOW O7ywEMsBKyHHJffc5oDAUitK2pRs17QjY9LiTB4maGLJzxqtSMCoBWI0uEPW jwJ7QbqgBCcYBAA96cHuYCmFqpAi8ofJb6Yf3R8NjqUWwZBlZ0v/zG7NWNXu DoZbLgm4UXfFJuZOjUxqyom+0Iv9XL44vrMXWcVjxUHPnzx5SpfBkk97UMUm XcjxaYKeABtleoI3STWXDhfSNj3SxG4WGxsd5gk3i0bTNC5oBMOWNteSoFYd hI04qPPH7PQYuAtxhOIsAJVxHKgsufcZF/KTzdVw7hGyAhqXOR80A29LUCdZ ygoeHX/jvcvzt/uAtsP+xSC19bRfZxh4nqckKLxRqo15JLztDyZjya8GLDxS lWttxB5Qxbq0YEdfdEL0OpHuLDiYPQFQ0imGG9fuynwthbuPiw8jVP2iEqcX yfbwJ759nMjeRXG77xD6c0YlxDD+K29vb6/5S2/dl54/ef6EviTqk2nBEbaW vOkNRQ9pMUSSilKSmJAB786ByBi1earAmaBb3CoNW5AMYCRnFCuUNOcy3mOi 8/HbbL0vOkdQoqRTu43jNwMOSsB6A+myI9eXberX9MgAj+RiuJYsOG/N2UN5 cDf6wdAntGxLdNjijGNk7UhGI1CF7xbgvrgoWP9x7jCmnPS1RFN4M2MDVpMo QAla2s+wrOp1cXnbiU7AjbS55YQJOEq5fBN5xXYV6DsRedybh+WG4gUch0OV nhpBF14gHTv6OXlyCAFBy/r9p+G5/vUFGTj0V8eOCXEDwl9IpxcYx/cQ9J/3 d2KyFaH6fnA1gUfA15hwKxZUeUeCqIw0xiGdpP4pmcABIzUza5628NHBOG3z l2XiBEFRa2p4dAY6TiK+26TdiBab54ulFh6xhlM30tU1sVNQRtzKABUSU/Hn Zn16Dt3vEksi2xRpe26PJDpEu8q4EJXdXFnNLeKlxMUDZPFx5W0jPOf8EqxG bDO8vLyMr07PR5dk15EptbCu0Axq05c0eTnLNLrBGrWU7KIjoUgyT8htroj3 crIQIJ4hIVYJl7vZG66TviMmYWnH4kKOmxqAkTL0lbhNndHda4E4Xw74J2fU b4PmherjJpr71oAEHyp1bcvYIsuLvC8O89ZBTHh1NnMpRQ+YSV1LPBCSgW9E RKQgARCOt/5wxA4kIeygDPhrbk8V/VBVWWUZEA02fP8rO2bl4WpmgoR6WEkc cxVRL15OhunseiSdwcJADskVHYrRogTqex222vOzHV//MAQrsv9dij3fWxRL 62hXYgpA6oDlyE6vGiuCSmpIULjH8ra2LpnkJNZOUS6GQwCEVYm0A1w4nqcN R45+ZUtS3Oa37Xo8KwMQMSNqz3EY1hdw8aac77VkowTju+81GXZWwPOBVvIy vat2YRTT1IUCmlZStdcDZdE9BAmctFfekYP0vdPzq0s6KfwPdG5oXYRXzFk9 7EMKhN1YEgPZvR07hmIPjtdDkcAqPheYjJqpsmm0BSZH+kAW9SAaBcpRIjyc rsauAr8EbrKOg7+6PY2D9ghyQqU6TqAWckm6D3ml9Zm9OPwnLrLi58r1tvQc 7jvyggQOdOkaveHPCdpiBwaLtBvuBDpIwVQpsbBEaexgNujFoytSg9jLiGPm 0i6FT78ddU0f90e3o/2BB1BPj0jOR+9JWYFwSDq7SQcajQ8mFDkkhCYAfSAF Yo2fLfaSEWrlvkgC8aOsgAtCRWgV77WOnn2Xcemgo7TmKV2nDL1lnwcf/Zb7 ps3cFkgUQZQhGjqTBBOMSdIlRRkMCoMOen54HJRSiX0M25yIRkJucMoTEs5d vpHPOlPEERyTdsZNtfWsjuYRezZDFzRNkFcm+vr16vRi+OF0tMlCcqkkQRQx cxzKPZte3b0ZIKOxlQJMTXrzekXz6yMUpUpBjy/KpUtBGe9AO2PCGQl9YMJq wVYDFKBCqE/pnk8r6LspGJJuN7y+fypAgN0snOOCarASJSjJfaE/XFa2SYq+ GsTBt+RWLLAyIkd+ez3H+ZH2tSxtP2HB6zMmnTf8CG58peXDp0/af3nxnAl7 iE4FiwU9XqRiAJtR18V9fe4xd1wETdd9tiSl3njCi3zk26u2DTPjIWcZi/Zp wdNf5L5WhfoguVfGS+QhlG2pdGwWKK/kOBUyLhjeaNs/RtgBrzkuiwKgwg3D MTlcKqgF8TNC9Wig5eHwPjTICM6MSC3/vNQZTfoVnUlboIlHf/OPgPIiU8Wr VfrsS6wulSxbhLHyNXcdqnxrHwDfkls5eK8eiJb7Oav1EFxb5IptWoUpPUCU w/nmvC0du9xtNnVxJWyGIT7OmUMan1E/PN8TqpqYALk4SlwTMijiI6oTxEvP fJMXddtEI4SwKDfoSy8oDb5J4FUFuCv02I2m3Ea02A7/vNZhH1Lk5V2fWpjF qRxgGMnbY6dHqfVVqDwiW0E82tzxJece5zsWJLWrkRqTtaBuyQWQYSZyFexp jINZA1yagQE5iAyIfSjUx2/WLH55Ocqo0dw25bbXSw5H+K6DPoLZHotz1TBa cUaPu1tJJBQotHKthbkDUfyI+YOLkx+5RtEddzAH+kCJbUATa5sUpWIQEgyu QYqEpBFaqtN+YFPxFDFaQOQ7xLD/JJGRfJzg4zeiMTI5HTZIxMgwnP7lhgSS NkiQodCSD9iGeApJc1nWiKXKkF+k3NEL+D+UDAIXVpBPHW0FwI5evHjKgisX We8TudQ9zD1PCYSXnrE5yQWBoxxJLo+63dWINB7xccnwi6ELqeK4m3yBWCjq g/mtLMgQS9NG5ZKK9o2o6vHh4b4zr4M2yO51AlG4bF7zI7WqBaHp9q/Euu+L gnUtnyouT2PXYpkz4xieuEloJq8RhGTXR5toI/4hro5p47jFdEdKDVKQtGEh 0lN5XFfbe01LfmrtJLQy68hhyZqj41XsmljnOt1HIyXca+DhJBfQDUfRI23c 3UEFfDFtV1te417dKYnx29r3A+ewhigXijCVzHwx7LkRhzQezkB997RaotJg 2q131PGYOxQhJNzPufVCumw8XapMsfiubU+/CPofekNPm8bAcHeePj+nUKN5 wsGVx2GD+HXrREGSE6pKYfWBOvo8CmMuE8P9oX5XiYePUzKTex6+wthG5nwy IgsdhkEM9z41kacSD/WJJt+62QlDN3bHF5ZJNJSbKqmmkhb2HC10DmNFlrsC pMSXe3Sy2mR/n3mBH9BeJscLvSeTO63qA3mSRASCnTdsoSuJ9dNcA9rdGZpi V7kpG5251lGYaOb6k1luxKJJoS5uzi0Jv6vbej4ZPoSEgwl3ceHBB+lCx8RF QavAnkupq6RjeMu0TDDhdbkqYfU/sc7zfcnRcQB3jDdZghgzttCUTCphsB0h fbbdxfHFU5P4Lsc2THTwaRxbYF1bOyChtUM0MlfQx/Xj2BPL7hTJMLkkkzue S385o+nTbtDquo22hEwXluawMknU1yGpe1tSzsMU5bE0b6PYawSQcIDoR5Nr kTUh2UlYdEv0QitMuRi6NcbYu0mXhy2NLaKwqO+XZF6Hrhgcmcr6/CDx0MxN Nu3LIEIvJVrxx1nYnNGCJjg+Zswijdu76ihN1UKZDicMJbzu1AWmUJHZglFX eSWT83quQEKn9rp6JRlCypPhZBRppykALMCgPEEGRjDxs0LT5pZoGeHcTAzZ nIrw56WAgKShJggIe2tPoTBygFA5t1OT/haln0Kv917V60Uqr/XgBFOEOEVD A2d5cR/YvqRxocCtZN8KxtKYoRcK6taylSRMSJ7RttJk30dTtr3OadMq7DhJ tXV0Rnpt4P2Vda1DHzEIexQSwQc6PNpMxpUaqHPQYoE5FIaSgYkqa/oOBmv9 hB/aGUz+YgHtqWOnUoZ40dw2aXVRxQ3uCv7h8T3LFyAgbvx4r6TNDjTu+DmR hgqqTmUKZ0ggFdchVN0+QNy4MtUBvtwMVGiNwCZn6EvpthiSUbHEkGB4/eX2 2J4lkIy597i/VqoAL7Dt2/qOcTde6u9HTKPejdLqMRw2+j6C1GQCtnQ9gRoS h6nzyrM4QV3EA1m8Ou4GGskJxijqTln988v4IvXFHNrYPTDEkYbJfKB4ijP+ g7GqmwL6+ygYqMl1ML6hoW8nSGeQOgcZWbZuLIqfXzJtqbajpDcmurY+Kk+v p7mdJEUtSk0JO5KpeWmdayQRHqLchPJCz03awjgzxYlymagaVFNZ5zFQl6gQ QulrvCYaRd88sWj3iQ3ivdM2wn/ZIPea9vgJ3a8wT9O9QDxdkfMokThB0zG0 /AKwLiWhI69bK4SjpZt96yA/oy2xJQIg90N2N1b49esV6cZ0cgfA/8sv+/LQ yCsYLZULZfs0/ZnN2DZzrz1hjhXImyPNIucwRXdc7y6/EGKhgGayXhAH2orC gKM7bMffgNHcNfpIGH4nDj5ehl5jkFsoTpbOebSPDNfW8wB5io4oxQJingB6 abVziv6ZPSdVVUzStg89RmsvxlmHU7nKxG1NPVt2w//UIuJq3tRoBFuJG4gZ h2RY6SojXHkYAXJasZdBLK3h9NB0JoRyJyCWyb5YJpw3CjWJhuGAaiRDv2wa Rewf5GERpnIdcMIm1OwGaIsT1s79wwcq+eVAjBWX95M0FtJt99b+fRCHpc+b MimsHPdE4PPWdlKddjDw/W4eEnlHh1qLbGZFbwO/qZPWVi6N0a/8Ur/HKXGG JPdrRhp7MJ/21WWQaFkeKtSiFXckhYeMy8xyATDqWfAVosQpTnt2zf7Im/3O cdFDTW2bQ3vVAu4h+y5OGVCjyLaTGT1e+7Hg2OEtAf1iavN05nwvsqQqABO7 WDLSxuiubEWaH1esc+cS8BOud6wTeO+ibuHjbRvOTbmp1sRqLgaaZ/Bx1EXX hNYefkvg83HopNpb4YCUsbJ7Ky3N4YELQoU+NEqPeUDN7UvkPYzt9OINh9jY ZvCtJWo4YJ7bkue6SLByjPhT1l23JBkWnPnPA6Y1AcyrbncJ7XlrHL7mMnYe pxJFN7xGxvJiPrG5Wfk2x5Ksor1RPd/wPelcSHisOnk+HYOfTn06FaePlp/D krgQCaJ3eOvbT8V75xe3+7w3dkFpHzw2A8L0fhZNUimjJdfqjvBMdYqmErXW fJ4VJMb31XrMEl88ETT6jYKp5pwjajWg0tY11dqBrFueIuMAta9xKz24AECa L4etpqw0hGhzCT44J6ILHEan3A2dO00Rc/EUS+5N2peSti4RaPsq4MAv/qHR xvXsZL6vX9+YckqWu82OXrw4+eWXnvD20ydPj+HnHOYRGhz04nfFOn6fJmSj Fppic3pfpvEFxLzvaaPVIKH5OiLlZTHnV2KQwRx0LZjYys9WvUaQ2jkBOuCn UwjZXsLXr7wULJbW3W17sWvjro8NqxQuunEGjycvEGVaq/lpuLlVkMDcNgwR udTbKZgCRd7qd1bXCxZrghM4RYQ4OGGaUAJ1Kkq8ldqNlKdu+oqjtyxghHkx poDPApXx7AbRgr5uOrBPMXBHeOM+7iidG1I6mBsAqyxFBh7R1IeUu9LSQX7k 7M89uD21L54Br5HAIdI8ehGa4vudC1NbSmpCVcYEhNT79aWRhHVVkCds+qrA ar/8hrdJd0nabOcBRd0DgkJjx+zbm+vz+OaNlvfos51fQz+U0hXBJyxqdibe 87Q56Ugqa1rNpbVd63aRag1HvW3eXS8MyzA646zxTfzIQ3o5X8H5cz9dvL3Z MGicUDmnQ2d7hQ7lnM5cFPW1G/ul0p9u/fz8+mZfJuBdtFWny9ZpxRlOKI8P lB8y+RPXOoYDgxBavOqom17Y084ySPibtonMHEMgu9TUocXTetn5nDm+yfuW IsjQsvQR19ZbuAUIKusrj12vAddE2euztvooKF5xze1zOE4jYB4k/4TDPSu7 mU/CgStpzFPN0yXGY2vNN/o1WR5mwcfoXZ3o+p2kkpnOkUW4u9KcKOlo3+UL KUC9+DCK/tJIldZemJvYTdvdfxUf70sKkVudaFPacy6lcjbu5iMF2Vi4o8f7 xFTo/aEW4QWAt3aB8ry0d3Nxer2vgPDJ80OvQehfjvy/vDh8fhz+y+Pwa0/o X1yS+eHJU6idPbH8uc+4ZLGz55pepaNKtR2AlCV3Bkx2hHzjhzCw08mI99En c+ZcW0ZsBDimcdOALNGFBYf6ez3tICfaH+lWCjx+oNcDENSUkRoDbDOgwg40 1COB91ZnbbsEMZ4DxQ3gOIvYTNxNREtpSh76wIUQ2jfJgWlyCSFCBaUT6Vq2 1F74xWKsQzlb6kQTOY8ROsmM7gU+HhG17fd8inabduwyAjUlyyNSZCdgwidq DelZmpsc77wxlh+pquVlhoQa9sZvZs5pDzFEVDexQM9du/RRDKna+UG6N+ZS JEEOEmvn6T1BJtyuxL5u8t6XbvIe8123YEi0yq8ylOvqDajN4xjYB1IuXPjt pXbod8KZwAXSWjCSDO4ofjjsaMbGw2vv7UGHEjgNMWGrSmt2TPrejWxSc1a6 hjuNTm+LfGZgRs+WKiDXoVyhUhAEJ6nm/yz5TFPWmxsQpCdtQnmq4xSjYyXz UyXAMWQIQ1gPNMAC56ae72urndap0Y3AO1LoX2AmCAz1z87RLX1NXLQwyDVw YemFT8oI/CoRp/+X9xvJ56wO2lzxIIfnQZedHiyttzTS/anhseJrHlCaQewj 08QlZGqCExtMO/OMg24UkG5o2+/nSPpo5qbHQ4SAAk1HQPSqTe+Hkj0wjLNk AJJI06VadRT5qrSOj0t9djvgeXBGiTeR5ZUdp10UfcKV1k3OurD3IH7Xmb3S OFHRclOxE4GWIOm+En5JCqkeMBu+X3XvcetUIg/ugcSl1mD/JapU6JC+bLmr NUTi9xi0QtH2QXOZLBRJa1aXlOWryURKsmLvLqi0wdBwwrnoWZYhr1SurZ2i Rnpd712a9uAYnH9egIMENdkKDN4R36dF5iJH7XTareuC5ne9q+rIhU1c7C/0 V0Bv9OmPmChU+5axWw+MWE+kJGGsJluqVOkcQEsWFQ/+RSJkypNQ2mQjMdpE 7Ufxk31nO8q6WQNKDYTkh3HfPnSyJ+yZGRkpZKK5G/0kmJwt1MDVJ/3E1duk vh/ME11xcClwy3RL8RBvd+U2fCOSqCCkyEPXjEzz4ggl528RZYo0cQ/a4JjI 5ex2HduBf2vbUdlZPT/E1Z2OMRqLswQ7vhkSxJ/ffhyOvFLlJkWZ1eopIu8i McpBROXiHppI/3jJho682mujV1oow6YZkK5QtfNGOANB+qbJ5QX9fV0zHnFh O+QQTiLnMPG102q8+Yc0oQQ7tZef12yhpK65SSsrwb3zm+HougMF4iH9ibkT D3CInazENpvkRk/P3wbd+HbUyt+y7/vLEQWyFTKBtl046Hr4uZEYjBauW9F5 42Mw8d6bCzLcXIHgpO3/48zu86JEyq+fMnhaIZJJX/sg083RpZGVqtSTSrN8 7fLcdiuM9FhdAMudcll1tiebkQZ41cY4Oy51XfCYLA2OOzuPc1NTWKnibicr 66Pk8PU6MrUTcRPeRmMN+G/uNU97jmJ+NIYCz/LIO5zjxrDFDc3TyqQNRd/5 VSRSXPqFc6CIRUhRzkjtfFHV5OxJoim8u2VK9lRDEgjZxk7AV4OuQdkVaPcm zcQz4JBzcAjcEVYcVAhFAcjIkWzKrU1hRfC780p0hYWhy7aBjF5w/UqquHUn E0VjPFUb+DPim2JPJQwBnhvBMYqlzL2zbVyjzxnZIG2fvBhHp8gACfN+fHIm A5t84hpQzHSt4GRueCjVLm07IbinQaVIhS0WwoZ9lEpICVNV8eA5YFSXQd4L XiD+OM53itxfaaniRKm+kzR0IjIo+u8CDDy8vn/CIKopEWbYC4eYhxV6Eb8U vlu9IdWn6CYRVBk07AKd/KVJnf9loS59TvsnxaPFtuNmvdVblutC9l1DzRbK T0KHV4T8BKaN5VIGY3BVgTMU/FboqLg3pXxYaPppjVEikTBAJS16nDqV7PKf OZuhKAP6GPPQRomOBgllnVSqJfqvBk1I2g5iIurpkMWiuX+q/hdkSjqC0vq/ QB2iXRV3NNY4unA0to6keel9bZF3l9N1OwAMBht3etnxBIF1mCcfRAiwIK31 QGIlx1SlabpAYtRFhUymYfQ2l5YdCttyqVWKftKZuJ/RHx3zBkjSJT1VbKkY +S5bdafDORJpzR0OQs9Yz/16TpwHOcbSrAs2CCtELorGKRGavwP8zdN6XfjE 76NTZc7ukshNoEBzIWL1rG3IJE1wtbEQEKKIFgzUAT+yayfwpHFdUxmUfKnT vuMLgaHdHrIWBOyQ/3DBqIyLuzbJhI6W2CF3SRKCByZ3iNMDR9qc88CYIFpR INXlZHUi6w6FuhN0JCT8NnOJ7R2RG4SJlAB9jAjuTrGx3L0iN1lAfMfn1z2F MGVZvoyBC86RyoiaOymHNLDvOte7noqwj8Wia+tlgyj4xlq19NIvc4uCeL3R jvXqa3VJcMLlE3iRcFlpre+ABRwFbi83h4lEsKsXDmt0UZStbGCapMkQ59Yk vZIQ26m/EJdGqjU1a5W1nLmnStn7zmBXdkFLpt71e3eJf3Fg2+9KjiM8iEj4 VbJPwG4stPm8dlGCRpOi9sS4KTi32pw8uAbIl9Ac7EWms2dWCW1Q0nV0zUj6 TtcBd9WYPMcEhHgmKgf6xXTa0qe4uScYfaIlk6FNLNFQGER+UjyLDpf9wLqP Djq3cnf6Zgl/e7mFbPDc8mS0zSRe4KLwcAUbSXQBLW1jWzZLHjaBqHSFoCT8 UoV3RWieEv8zI3VOflrWm3FruvbIres+NRz14xSgFjiAlEtFeF2tFS4ZY+BE UKPoX3Qzek3aupSEU5b7tPTWT9jxaUU3Lfb2ihXtQuZcUcfZDYFrUcyjbmFp JB1ikAWRSZNA8dVxA1DuSFyFac8+EaYvo86512vIy+cFBorHX7/eEBUfHx7D w+9HgLsaI1TIxQGe8plCLFOgIvjxzlvjj3XA6L/vrAI3r7g9dqbcyCmukoAr nMu+dqDrpGzzj75+5axFyUNrw8R6OeJ2DZxgVVD3MF530hEMYBZ7USKlJkDM qhKlgGIsgdGI/XzxfW4g7lAUqvONV/O2R2wQLVMB3JWjLdR7nSaZzl4basYU t/P6+vV7t7uj3118HA6ODgcnj49PDn6C6QwBPjg6GuDTweHjZ09/+YVjvJur 5Lj31o5wPMHi2R217TkC8+ATaM2IMWHC9R6aqq5pEr0d+YLaLYHPBKZ/6D7V 5g8uBrvnOsIZ1BBpP4B9H/zkGtNyK9MzcmlcxFbrquu4a2eLwdidzTKVgfzd L1qg0Ys4Ey8LLU+HdTHtb1a5lNrAi1O43GhEniKmH9eCW3pESDlhcBZyBPpn qUzyreg5yhPNOd+9DW7xNJVFW7ownIKeHXVm7axhtdrFGc/WYpYSoa0n6u3Z EU3ZomQgThbmbDBFujvXrndzf47O06ljMdqiJDNP05/l0rmjQwj81fYN6vB3 6VOUhzoHwaa/O0nR4LCTr9hrIaYTfFEn8Y/nAGI4sS9u0WGDkEX0WQ6TmMh3 GfSNJHjlRIJto/2qrRxtTzcVI5cKAXZCxW07y/e300WR4VfoZIQtHBvIDQ5v QhJ0iN85ez0DuDxE/Re2oiLPgy0akYtxsrGNdfnuzTKeDBnBD7pFH3a07CzR Qv9zJJteISyZZWiK9OeX8ZswQ5RWfB4073spLfikA95nU1Y+gfx3bSb5W593 F58RIpqxryPq7/xPZ4Cs0T7xLyVZL0xVdXPei5KnQunkP8yKTgWLuEKEINCI xuHSXGogQ6u8k7snDm7+PQkhDEzttChUd8GiQhaihLa5xqxQs40na+kARak7 5r9Ghl/CXf3iCSIaNueCcUGeXh37xkC+MwEJFgg1jb/p+DGx8Lk6CCgE1QCF Tn7UmhvOVZFHaDus2cbltcM2ZaB1d59dM4bOS3vUVjxoaoJeNTxsmCfBomy/ ijxce9dkaVPF58ZWHFfUsfGFm/PtmoS4R3IbtXk6ZedmxiKsbTWbLedmbDkd 9DFp1h/MPEdJrWTF8XyLkqsm1ZJ+zGW2+OWd1bZCoglFMopv1i2AzdroP8fn f/7X9M//Fv8u3ruWf/pfEHuhZ8fHj6MIA4ni9/C9t6sBN6GmAy5sOFTZ83H8 WF9TDfajH9AFPzotzTiduCooRan0ctF+KUSFHyfp25Fi9c+RJyA1Xa8iuYGq WM65ZEUYGjDSR/S8OafNohFQHksSywJri3DDfGJ4+Iv24b34dNzEf2yqZhr/ 0RDv/KUZx+kYaVv/+7Cam7/E5r/91/+n/9/+6/9txmMzj0zW/wGUs+EhDyfu TRnG5l7Hp9JCSuZhFBFSTe+IgpbgCwBBUi9IGJQ0leB+uYkF/EOl4WrLNE/R kT/jEu3J2vnX3Pi8lZv6yUfCvCCNPQPbredidb6ytuAG4YXU10Od5DrVhWVo jkiTzG4NZR87u4JD5/YEKZnEiIpMPF3LwJvgvuug37lEVmRcvBgbU54qdsaN xs4JUY+1Dg8q8obEdVpVjMBxHrw6zz/S/wCC0c/Djjt1olL/J+WRAZvjBeKH S1TYKZz1/6LXFG0x3iVwKnECiyANlSJ5ntiQdP6IyPV1CU9CRbogg6lGG4I0 j7ZrttbSSkWNWI4h2S0RwVu8QjuT6PcNcl5QXTQp6uqV2gftN2VAaBhC1+2g PxPqrbj/hfanmOuOg/KuzOpcBFigdiLIZIMyb2VIIpg9940ZROcLY0k2kOYE 5uxrHSFnkS7jdk50UkXv4J3k+eyYqpTXmoHb9rwkPWIzvYHYl4sTmx09F28c C4d2Ep9/jLDh0aErgJAQGgnQS0LZZO2T7v1ivfEnoQBurajQwo0JI/GKVhIw 6HQVnPTHqfefWd2Sno+Hww3qaDfGtqXLuKS9L6y2VYDMYipGBAVEua2AtDGd H43sMgTbADzKxLa1SeSa4Hea0Ll755p37jHL7pJTQ4RBKreUyX1Hzw+f8SSJ LJKZEixIcfe2LMleO9wUUfFlMqMjOIUPL74u0JVP85rYcrAaqGpFwBerfWCk 4Tt3GwWtpYttCpNx3XwcfFrNcqk0YvLattQ1GA16oowNX7jkuEUjs2iIfq64 IYfrRchaS8qG24ezb9V17DozaDNcyECt6LOpYOrWEJ34qR8spVMte57NRwu6 nV44c4CtTszcjBxOJXxbE1uW1Qa2cI0+mcmX0unQri3EDj/26PmTE5w2tnz0 /NlhLz5DYRSHmSXpSDK/MB5NZzAH21MP5Suk6LoymF58U5B8reORMEe4bN58 oGzZXaI7oQXxD7AKrOij3EGnNhWmtltfzfPbE9dbQ/rlobw9FRtfXNBS74fO HYnt4FmmyrSTRez3lU4i32hM+tUkfpQrGqkz6evBcuYi+x3bfBPBnGva0lv6 KWbeEu2pEpbpukcvnh1JlxUrHCoBQRmdxJNp6Shm6likSy7+9td/Z7aF62+M AU2xzLuOj16g1zLeioPhucPmfs1Dmt/YEpqLdYPYrdYElzdB1FA8XpMwEgfl XZokLV5JcqEqEN8Jw0vRPyGnF6/I3VMXmgAdciVyn8tZo71sOC7mhSAuZy1S jy/GlM7Hoc67YAs8UI4AORHGRDIVwJ6xK+jR3/ekiAHRRc6XUkX/wEVH4E/1 qjPl0NUtA9+mI07tmMQXJZ7dRVvKWBXaTVuCOH6GmOWxhq3qBGfO03EqVM/9 0zYlEzHhH9IJVxbmjtB7W8YN2oPW3DTvnq2iDcwUSd/Namlg4tPRoUxQ0iAn aEsm0adW/ls/Pl1EBskfQBv6YeSjOwPAphJ53J/ndAkkazRm5P58Bgw70/Zx 7JfIpFUl0tLVWPbKrsIwDNI7bBSq2ae5BCRZK4k6/XZYwPBM23yHWHJTB+q7 xd/Dqf46fq9rKEJNySbGJaapgS9e+RGkoW230kxWF/MC5wTY1VmwfFvaztgg ZUAz5J09io5aYmOvgCnY8SbD9ow6xnqxn1Tv3llIvmQp7d5bHpqg/AHkw09U bSdqqQUWGjtGn0Woq7IolkF+KDqqZeIboeN4xaIpcg0IPW9JVwVEYdsG4i2m KFoy5UxXx3Bo9AbZoiULLYNwspf8QCuBQuia5hFmQQ7i19JmGYpEZ+S6BKR1 sBbO5w0a8VXsRPJ97xSG8s/bvuISoEAXTSsP0x60cKkE3KUt6Xqx93B1pJSY Gpd5OltgkggmtxL3dDAdbHnpYMXeA+5GLAnunN3Ow2/LVLpn6RP60DKY9xV1 bNxepw+RgmEyImekq2UmYUG2ThXvIQ6NykbpSpVHrn8GSmRIZcgwGHEwnxdk PqFERF/dTlh3YlulMY6BwdzEtdp8Z5b66fWnm+v3ly5MxjYYS2veIMuIZZNP CGoTJta+ELUZu9YksNh5v1BwzIRtJJHfIWHMxNWkRXoA/rMhRx/p3qALeUHv PvSPTzoypYewzgpeBfr35w4YVh2SqHhuhdg5ZtZ2hyFdgdau8Wj4ZvjhlnSz jO+s2NfpTDD6s83vU4LBkgl0BTEFkGz6AajpMgCj1vE6Yh5B+eyd18wuB8mz xStBP8DbLVGwkSwXh5k0BHq6ThHwFvD9uQpDfqubD+9s09b+3+gOIvv1/UB8 JujKCNjGwM6YG49CnvsIVSR9Fj6Hw5/wXwRKkF9h0btGbOzg6HssFw1/N8tY FeUdcebLdcUzevoGaXSjlU1A0XttguNoReb9Pl7QIJhBcq+MAlHBLUmZpYVO 50B7zpSSwCBpqTPSyVX8lnaepTKWHhPjMIqMv/w5pVs3ixh9wKA96GVYzRIh QYmDO+ZRU0xmDg/ioArt6MXJIe3a7QYqVIG3NsFEAhpOL2xU9QpJTkYa1cDN 5d6uE0mJoOueWzY3oLW5gKXAdbMxUzVTkscYEIa+rKMU7n79ekVbtWqy6X2o O9Xlp3XQKJysoAJcYj/ovMv3g2a33FtKx4E7z4JCHxGocDpAPWcFIrTxTMY0 MYlBG3OilmUPZfjegGplmjh4aGKWrPd6DDWRBZU1VdQV1tW2g5YTLJ1TGwlP 2kGiUhyXuKlsOnkvseBPrkBxPZzEk7K5F8c/qNogaNcOd3O7ECzJtyCr7OvK cAKyolfqBxcDeWMlLrW9bRWoKSAO6/h51SSJ7Ut38JHk7jr3uJwCUc6idYrk Np3Nx5KzEkAnN2AepUEMo9hjMohPZwxlW78iFwzwSBj6UntZJLO3XIubYpvs 6GSV5hKQ98nixtXA+VYrAtiayo3pDiIo8RlZV/nu8Ih8Wd3f6iH1lQrOlm9h oGrDKi2tovy2ODocDM7faO1Jx1BjZOiRmOMaTDILj0UKEVqi9RG4xlRwZ7hC hY4GNwP2i095BuUrncVWtiWBukL8YFTcE5iJpFGOU+Mdn5lLspeGyVKAjVRF bY8PPlkwY0XyLFmYk4uk4rgRXbnwrYr1W37jvbZnGL7tzDXGq7mdFXUaJhU7 U6eVli4zY0DrZh2AE3QfV2Ehds+9vOMHRczCq0xf8It2UbHMjteFe5vUL4rr 0syCnY2RgA8i6qQKDDK3OJdTzs4BSeOopZBMYuc8oY/rnHnWs7pDe4KJOsuF MARHaIqwgC83FAbtfHwWw0sNJstSKotXuVmYosg7E8AQLS56ki4nsq3dsbOL 3QAOjh1gtsTRC61qfVfMybjNBSntS8GP+hTQy0kIi9vy8bzi7deHQrW9XGer KDMQgbgMcEUaGj9QtDAnXbf2V65Du4m8pH9AkCjYtu6F/NTp78CRJAmurMnZ 7ut5nnKDH1UaiZM3KJ+gnfIgdQHtXEbx9et7eHQbjLpSvz0x72MJPfM0bPbN PBPfTOTbX5yR+jENu9h9pfzeh7PRPgHimn06RvoNS6WVnGRPpVEoE002Q/3W nND18OyKdNl4gdBkEr9vJukUGM45b7j2tw0qRf6X2nKdw+KajSEd5WTOtHiu j572RTa9tjBAfAt+aQRCD5qhuNjPyhGXt5QB3dn1AB3O0CqO/spzpP2OyA6g bQvgTXGLU2eSAXegG6f1PkxCLSIVXShBDRbX+J/RGBK4XTfiZ0/VJoq4piQo L3enHu9dXI72ey6qw79j9NF2vUD7IUnP1CMdxNFrIM/eRjRh1B8XP7tWT5Jb 7h1IHuxNItf2gBNzL0c6VrzbZNhyduOqnSI01uo3iBoe3o0SESNd7+lyZ1zt xJaFS85gFwetaxY0mXJLZLzC+Cki6sBBc4Q0KYqS7U/2qWo/12MX43BGT102 sFYLKd8nUn0pekEf7ZoOcKFc2+IBW2MTQbEnsgKqWvtT9kC7AYirtWsK97hS h7w0OcWheKr0oTiEEzYMYq0M4LtEo6YMWyBzVtrbuvMQGsukSVCk6d3aaRyz cfSI3d5a0NU2X0/d7B7hBNefXP01Duj4gSTs0BAbHhzn2uKMTkWO89BYQEDG MchflaNjg13pTwIpR8fxOJX5TERF/LeTp/wnLvR0BxV19goDjRnzyfM+fdW/ zrnAIEL0O0+f8MM4+Ldm/VvqvAh6nnsTFx7XJA7pCC/ggRFv4BVcRnn8lvSZ WEA1MxxRUALYwUICI4lWhcyAinxfInqyW1jlpOkLzRgJIwjs1AyGbKXhSGSW 5SH0gDZBbZ7LHxE4baa8IDj4mhT/Ho2JtG1fOp96b4b3f3jfm/wcLmtI6OP/ VDXL/3zy9D8d4H/b8d/YghQAcrd+Z+EP+CIwqZydHS4/2vfmEJFG9lw0srm4 9ID9UOcqGHvBAt5quw7dtLbl0i7zsmPC9Ny/XPsPiVhyJMVXn4kg4hpK9a32 3MzDni/cCy5Wb5SpjeMgtqo7FQ2SfqDCbu26f4gAUWfTg7cp0VU+DFRzcr5f wO38gwmvO0QUg2hvKNKmF34lUJF+cGQbvt1eFcY1vDl/+3tffLamx/hUJieM 0ALZAwApaCQs9GywHwmpPkfUi2RQEt8gn46WdJqk0WhuFmkpov29RQvGhP6e WeSKueQAXM4NBm46reyUmjaK0AFVaIEpEtsVCPRibZJQcDoSjNSeqFPTpuSU uWcQg/Y2C4wvJVtGRja3STPSlWwR1FArN2GgZVlHaLKJZiGnpRJf0EKhF7+x BXytF4YsIuPwWcvv4iCpuCAml/m3ChRBARwH4TIrLS0SP/0rL7uqzHB4VhPV JutIsiY1CTGYp6uF6CgD5njsQsSn9HY0mSQ1s8QRj/a99MQSsS80xH1ppUrV AMPTT9qVKMpXnendUaFdyV+Zw+K2s4YwuoO4Xj86UtcMuIBcfeqwM9REcFc7 hMWCGyf5uXUkfzgcxR8N4rNijOnMOYtggco270vrhcL3e6Kn9yTUEfkucIb9 5RKqKYlAZX4ie/H4uhwJSWhJWIa5A+0aQwCimxVzQtCVHxTNb3L4mSwM73t1 bkHwqDSAV75GSxcEmZLQWfYczrKgFhE+B/fr3D8BH3IjTonbOYOjY5r4x6Lj FcayBC4FyH6ShVxgiY5tCesV0e4vY8fgp4uiil+nPM6BzP5PdKoZAPPMtrLn iy2LflsuRedaTLVlZocjPo0iYQpWg21UnXlqFJ+Wi/U2S8QhS/jfSxfPzci1 HiqxQQmftiQs1ihjkA5x4zXb7FBxnbLfXkA2c6tv5Kl76VRRDdMCibmS8Idk oFYCb+QUCkcZ0C7OCnST6twIY1Fa2r8p1cnXvBjXY15iZVsUpEkbJJcPqxaA QaVpLyWXZC5ce8ZEBf/ku4IR8YO+IN+KYI7eGUJXnSBBmm8N28ZKGPVFvJ5B rJbDNcGtMHBeWiQm0uldv7mO965LEtzr+A2SnK/Fj0Q2iqELndzhroKePjIc rk0dZT304jHR4u0/36KxUJ5bnbbDb+DY/e3oov/46eEhG4cIKPTrguePi0NE n124uceYlqBZKSiRoh2zuTECluAiulqHKihp2LqakGSIw2J8v8HR6H20x90f 4SWaoLbgPbrD7IcpjK7LzMqOg3bhcN5IY2KliTERWKXpZWhsJGOqBsgWasta NKBiNRcEPFC5zpE84lrF7OuzIdopvrnWqbMuV9RlLQA23ru5mCuHuDw8Gd6e 3oiR3+1Jdys+jTuZEQG+rYKOBtXf/vrv7D9p3TCkY3sdfeDmB0oOGmYAuHQy MqaWknqgCroK4rIRcbclkeGbMEjPLGcSFtyjJ9VO9KqAfcttgiJR4Fr4YG2S aZlRZVy+s/be4APW4iHOzoQAcwcUuaphrfAoluzfZ+PY7azrDBN7OUXn8f+/ sWvbbeO6ou/zFQT6oLigDMVJ08IGYsiynCixXcNU48dgJI6piUgOy+FYYYQA +ZD2tR+WL+lea+19zhlJKfqUWCTnci777Mvaay2rwvllgcIukneNCIm7ZUL0 OC7fph7TSFgE2hzwGPNtB1OZuQW0EkgFJE3c4ka9k9g38+i03Crz15u1aT7t nxwdfZ6qHrGZnIZLGcIVEQqPtQuduZUG47LYE/THwkuP2tmmZbSQu4L/OKQZ oVmqBBxLW3S89OMJxl35XlWyJ1ULZL4HR/f33/7lLXO///ZvzY1Fm2gb3vh6 pPiGc+WOd0WUY0+W7Qb+/Qk52M6Lv/AyTBXNrtvNT2bdUC0LJCSg4387SuFg KjnQryL6OCNqPRxnAOfSFS74KIUPe+iCx6TdhTDAHG/IeKG/NGNiL2nRs8Ng Fp32LNuj9pUtAzO1fvzlnxQCyLUDj+9MVtXYfPRagNs+OEfAlQK/t6Un9hkc t2HFPA8lCppHKWvHsulFHZSxDt3lWThGWhT5Cc8rXMaQV6MhD2Zk7sisCTus N90GUBnNZijaPNNCxVKu0Kpi9vqCeKI3NsRAU/8SwWidtS19Ryqavb3lt+xg AgUinKkqlRj33UDvLFZAiUIqh9mxKtNcqiLdX0ubtxkSNdE593a7nd8/oac4 fBTXKhYAJI9lcPu7dqmfd1VzGAeO/JIkxJxPN8+TaBBrZ6TqCd8FAJEYWBhU F5CS3+b6KTdez6Ot5iH8s5S7ZbJp0Zl3kf5gUVDYjbCQT5mlSkeHcG5xcdIn 2DkQOVkOOXfbl3lXYcMVqQDQ1ClHwBN9nRipqgh8yBzG106ZQQ+hLTY97wAi mNS5eO5V4afhmtMQ5WwSM9psSts4a8dUAkXtOg/LIRXd4rR3xC/WjBcYyuaM qyLGowJc6revin57jxCv9hfbdq5ncDBQ4cChq8SXc2MHSM5HMqn4ZIT9vr09 ngOtB7ZeOxksRE4s3yGvkk/4JBUFNT5s1sgeOh2zp7CVt15TePNld2mrFVmo OfZDe6FgSlSCX3zxld30KfpsZMUnXzxBxyzZ5ZGaa0HBuBZK8E1truKlmVBz MVModbzZtnSZwI1tl9nxWWbf2Llx7cmJja2QWrpAnMHEIOtHb5HVDo0VXghs EKmNMFldBKZ4vMQTDL6aZUHnknhi7SL0M0qCbwnJ4mT3RrAuaz0OFJyHWdfi AaEf149dKIm/eGNtGw4NJzp9/IhVgHgyGXyegcB9fT3Z1iljQxU0Wyd6wuLV J1ki7THmBZOL1WMPvHQ+ghhAHWkl3buPV9mH6BHd114V53ehZ1NoA2X6JDmJ S1e5SJ5oiHk85vOo8O7PgLwRMXfUzdxqK/jxbSN5dxXimKSlXedFnYugIWm8 FIFA9ks6z6aFY8ascrMD5QVBmN1YtUQlhtQxX+ShKPYSbn7FHLxvX5orLzSx w7CeqFqIst5y6FPB9O4ZPQddpTOaLbuuZ44Uh4vfcTssI3kwshDZh7WnoXkD wsW8etQ/O2py8Wl+/+0/VfWnP3EhfNvO5+wDQOSJRtD7ZdIb8j6LQc7G0/vs AnPR5YbFXEVddWt0vttXwTltLjdfgIEvfuUGpmCWO7ZFu2W/00vPCWG7jdJC DAxyj4c3E4lYotdec6Cvux4CY8Nh0Tm78ajP/ZHsoD9QG3bwD9b5cSDaHizZ HZ/OHk1i7URLHgxdalRTcqFisBOSSFATXJozwnyapKWV/nwW5Sq98I1oox2U ztjBc7R4iZsuCQ/1EAuAb1kDMMsJ+kEEbZP37U8raEkHtPctwinnifOStgQ5 Y8EvbLtZ6Gvrphhnm1m4ZXEeCPSVOVCQ69BO0d6F/qEXBBDFU/aQjtICG09t CT7sYTXkiy06MgOI/nsXGKx7ZyuSbCvXplHXowgCgLzkHxOBYUoRJVsgXzrd Y8qxJLkZonnM5bArpf9S0Jtr+NsBvLvaBVK4Y0EtfyPxl8hdtTDF1mhZbVYt y4bkk0rIEym4+0Z3FeRS1+T87+8ms9OT96fnY/Zfn1aPyYF86SlLd62g4wrK Jt3EG0d5Czlr/kz90Hom8aOcS7S2th+dVMVx6sFOkTi6lY1soSHlvErb4WKE hAwIYHBSimibvCG0oOGKjixYleIXB61lP6eF4O7RX72ZA0v/TWu+OOamLDNP 4VxUs6th5RwI0k941WwXQw+HTgvThqmbz4M5htWAunp7Njs/HJFLe8nVqY91 hpppspv84/j1j6cnP758/+IbuJpYYS9mVcoY2pvXTniNq/oazJTJcv6aMeai HumxPH40eV/eXnwZUGBeSs5zBKRBCF68dbwv24ZjI9qsXoI1gVgpkotJnrt8 mQAA4NBxRsGkpst8mLiYBH09tLseXukAUapBj8rzk7b+Gllvaf5qDBP/1Ly9 3DGf+3EgK/N2/K4uVaz6AzG86xBBEA/OxV60thV3tb5/e/t91+/2w3UBw+ub 8S+8EyZ0xPUiHn2sAbcRDW4iu7fV0wQHFAwkI9kYPfQAjEYv65MzgWyz4Vla FAo1qF1aSM38+eRtR6sHfwNPQu/HQwZt7Toc0TuNvOzbDd8WSILWxRN5Qya9 gTAwJ6sbkNh7sQUP3cxWVwOQvTq406aSPyvLidOnF77LNqnUieF4Mc2G1Twq BtHmO+MHuxmYEQVVsDlmz0AXE6ynqBHshrm3wdRzrxMy/9VtiLSis033NQLr ysnDGcmt98gniS9OBc++/bmMfELrYtUlFQ2kORTgn86hKJd4rYPudp5luwp/ ZIRUsG1duRMjExY5ppRIG7thvqMT8COVlytp9eSjlhP30V09kuiOlhNZsTiq OfZ1hmO6UTK4dzhYdM5apLvRuRCloywgULoiSVMFL7oBc4OE4pIH7d13o+dS QqXdpsyCQ5AdGsc7jXpjC1fIzwNemLLpe9H+j0Mw9ZlcI//PIXTzoD1M2XuC 5cxTadmJ4+JOiV/9YcMNDIBm7BPPQoYkwo5h2S4aNOt9N6zbDdYSJumhVw9E eCv6bA6Ac6EhTZib8rOduL09Qe9dZxbUonL2Eo9MiovX0nQ8n3xAdoI2g6Yk Zode/Cp6w3K88HxyIhCI80Ywn20hcFPlKb+ysF5eo0Pw7jTlPy/qi3XBK3Dl /Iu6NvpbJqRBu19yv71905n58KSDG7bSnGmxPkQr70pn5IR0LGM/LNDBHzXQ 0VasVW0D+c0kpzPx1cROuFZzbMe+DxImopgJq1jFlpu6z4eqPHKzqVYYX/DP mV1MSmNnaHEzB47YrWmij6AjRf5SewwKEfXs2Vx067W9zGbPZO65XoLNrykS JaP8fYHbZ0Wazz1FdMV0nksSA2RGEedegDMaKk+Plys3l+xbOpheQ7FYYI+Z whF0FWTkkgpvCkYG1h5o5+T4jgePhDc1wvsBnc1wFHyN3HPdn8bVlZOlCIay KS1xNrl1r/PedifcSjQRU2cel6EDqH9fiMmVyR/GL1E5CnNZcF+LI3ua15N3 0ZjvChRlNuBZ12xfKSPiad/YYCxsCbztIkK8OXvtuQJPljUYT9+jNnBQJflo 6SQ3ScdkBbh4dVIDYGNRJ0C9J4M5YL/8+iuX1ZnddgWvDtt5Gv8j6tZAYC3q lbieSDjjxyyQ+zgMkII6L3NaiWusXQ8txbH9hJXKoXMJiG+qpMU8v2oKc82B IMJW9MvzZ7kAQx1tIEUsfA1OY2loOjl+OoGLxkmydFDNhrbW28EqOLA8MHf5 aOJRfP56poqni2R1pDCbzV57xeBT1+qk/9gSIGuWcKxuc3v7+hSaSAXSCbS+ k9Edo+EN7ohYakGQNEdOhNwyIN6too2iXMzMoqtO5MHYN123WDYsbDmDmUi7 yWgMsOc1DEOSpndqcbxvy8Y9nGIquHsicwvhxhYujAiAMCQlxJ2iK2ElPrSv 2rS8gY0mVbrNvfwv+MI3FWmxx8WtcgV8dobxy+BkFvZdE5JuxUjf2tZ9/FPE UE4YLhgxhFThRcRXmDA40AarVNbYIElyufMiB031QKUHJZl2yoVqIaneZkNy YJc3r7iivChelulwNgbc5HxxBPiMSKM7DLRuOMdQGrMZnjAzceFUJR0nqumj VYp5pDEjvRSZrlqSWYE0vVspOXe247UyP3O9T+ccfVxVg9moUepCFI3E5rxe 4+ioeHQW37GtVy/DCxpJN/BVV888GzdNiTO0DJLBaSfhCfTQMD/iLLFT7+YZ 16nde0bkhqfwSnOSBOC6q4M/De7qeClzBUgWjLNSoewwbPpY2HLP3Kxs2IEQ nd3Uk1MlVAsqtCSqmEb5YhfDQlFSquagZ3q7xWW5GuZAmWz9wRAmoPmxYmIU QOIrR/bAL31eqZn2YQl6gclJyZKyleKJxHUVuZP5jln6ZXeBriOaiyjDR6va lXcFqr/PvhXMwuncX9h5badrUksMVvSsf33R9EWzZJ3zYzsCLrw5OT26x3J0 HIMFGT8SGD65eLphFB4w5zfjasqciORsbXIzWtbLPi5EpBxr6HrWepZoHD9G RcqWcX23P8zbyMHewT5G0fsPqyTTtxtDH6cVzlONHFB/W7TLlSZsthlYYRD6 nRl+NOT32fF+9eKsysRG92jI0ziqpApiV4mpx6ZaAq8u1nVbd607CPMuj6zs kcsvi/5PxU3HV6+cNSi6VIaLFolEcvCNzmOpN7jcHrMXtDVK7qrST4aKqRO8 lzn+grspTHAi81fdPBrkMu8l8ycq/iyUpy6zkVkYL/VgrUh2sJY85LsaKhpI tFYx77n2q51r4eGwHHp2BYBS3pziWnIL2XqRDRvWz04JWOnQWbAlmSTBSd1i 59WHRvnWkCsSGiUSlUE5XHHuPz968iUL03yINqICeWo1dSmn/t9Jgrzjxoxp gWBVojLrK7crhzp4SCt7z4PqDrV+9EBhcFcOQ1R4iFZ5IK/HJd5HuV6L6pdc hauELK6Us5r7qIVtJbV/5zlrWcGhbxLFLWljlyBNglclfKNGnZ0maxLQkOVQ 4X4CMmr/1QvRBrXOdQM8b+9Sj/QXLjOnFUleA7OrOSNz903SPMiNTaA5OPzn YP7GsCp9+8mLjr2apYyMracq1hOvtXa0QHTEhF9fFNweQ3c9VT+5Tp5XHyQN zqfZADS266bCnr18O5udnsABKRevT1dx2UpFsuckQr2hy8yzdtc6vRKvLqRX dqmmqUm6aFmdErfmDnMnP1db11FG6LnRQpfylTclprVgTsBNk8ZC0hu+NkDH W+bgLZgGy1Nz8AmM7KjEJJUOD1igU2vLMWhj3zdovlzWT46OvgLV9wcXWo67 KVoT4RhDNjMBtagYQnLpjfnfdbOcfFvv5816WnmDeokVF0dJHHF+RpycHaOE xMZj8dVMETHZE1zb2AYtbOovjBsjILq9fWWeAbcTOydhxS7rwY+6XEt6VpXZ qyt4i3EZV/T4JCfyMLRIQJ9KBooaOYhPgH4k4tTzbnu3KuS77yOQSMj9tTtn CeuVjE+Jmcr5vCYExgC3JGr6qbCn2dlCIHD2zgKWDj4+3wgmkhqL610VeR1R P/EeFncuBmcWaVCjtFe1G0hWxS/NitWFXfE6KQqEcISjUM+74vkt9CbvrqMQ UBcGt8b/GE0n0kCDX+9tADkphZKEI8FIYy2rTyogZgG4qDE89ltbcLsr6nDA ltvXJKYTW7SuXNYIFSBvnTvO0EkigxCb0ByA37zu8/KqEJDnsAaBQ8uUpc3l xh4Q0xIih3O4Hx1uzyn2j8hwhMSHPMQUnSdvgG4VnV9CDtNZPu+4iZSLiagr d52x/hfHcPJOR5zAlx5ISPwSOMQDndjV/VZy7zS7k7ZRCYIYs3AuL8n3B4Ji yftOsymlOMsoPqSDvGrncwh0II1oXqWN6GnWrlLWDCpG6niLlM4u6RoyLErf Z7oRX9jukLTcONRZIwIbmESHdIi7EgLb9oi3H5HjnD3k7KNPMArZ8MTh/G/9 dAn0a7iaWaliBCxoEqSE+Nr8dHYcXDl5K3AWfPSt5H1hDmxe7BGgg4cwJcuq cELv8m9X1Wzo7RXVkABRCmTzEF4mcS6iCtfafSQAT+TfBxBWt/PtMQ04TMz1 5MROZVT2X3TEO5P00K5vf96QQGFqL7Y2p+qbbdf3bPP53l5niUPjDcjjbJtO q+/sFzMz74MuMWvshdmihb92wUj2rh6Wkw+dqvDObZeZrL0JKATLwJ4VmQxt gJw4jSwCVLCK6r3sOZklpD2a0Iy4WBC7Jf5+NjO6nKPvL7HY4E6ny9a212tW DpBC5WlXXZIPVOB45CqjrOIasHaLlOk4KWXCHqBRj+k8JRMqK5OFRDIZX2DW uKRsrBYdycBxTnrzvbw0sJz5Z+623eDAwXI8IAEmzuVWFEMHzlNZhzuoP4bo PbO80i4APOn6kM1nmfWrRSIH//oIaJSNCGPdymvPgFB1mJQbYBHWOd4oeEo0 m8CUHL89/j9GqKrehlMneTj8zLvEXGiCCT0if2xqzQh1dvXDw0PiHc1n9d/y ADt1IrIfhFX9wzmJeyMEwMR226eOMYKd6xjKI7uv09HuR4XkyeHRX55W1WTy Z6SJ4b4B79f7p719LMaGw6Mv/WufYfyW+0eTeMrkw2jT+I7I13/iPzy2yVuL JH633yBF/LPjtmUO6Czmn33uP7t3m7PZ6b17HPmXz6jJvOTnVD37Lxzw4mGh RQEA --></rfc>