rfc9446xml2.original.xml   rfc9446.xml 
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version (Ruby 3.1.2) -
->
<!DOCTYPE rfc [ <!DOCTYPE rfc [
<!ENTITY nbsp "&#160;"> <!ENTITY nbsp "&#160;">
<!ENTITY zwsp "&#8203;"> <!ENTITY zwsp "&#8203;">
<!ENTITY nbhy "&#8209;"> <!ENTITY nbhy "&#8209;">
<!ENTITY wj "&#8288;"> <!ENTITY wj "&#8288;">
<!ENTITY RFC7687 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.76
87.xml">
<!ENTITY RFC7258 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.72
58.xml">
<!ENTITY RFC8446 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.84
46.xml">
<!ENTITY I-D.ietf-tls-esni SYSTEM "https://bib.ietf.org/public/rfc/bibxml3/refer
ence.I-D.ietf-tls-esni.xml">
<!ENTITY RFC7858 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.78
58.xml">
<!ENTITY RFC8484 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.84
84.xml">
<!ENTITY RFC7540 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.75
40.xml">
<!ENTITY RFC9000 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.90
00.xml">
<!ENTITY I-D.farrelll-mpls-opportunistic-encrypt SYSTEM "https://bib.ietf.org/pu
blic/rfc/bibxml3/reference.I-D.farrelll-mpls-opportunistic-encrypt.xml">
<!ENTITY RFC8461 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.84
61.xml">
<!ENTITY RFC7217 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.72
17.xml">
<!ENTITY RFC8064 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.80
64.xml">
<!ENTITY RFC8981 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.89
81.xml">
<!ENTITY RFC1984 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.19
84.xml">
<!ENTITY RFC6462 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.64
62.xml">
<!ENTITY RFC7480 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.74
80.xml">
<!ENTITY RFC7481 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.74
81.xml">
<!ENTITY RFC9082 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.90
82.xml">
<!ENTITY RFC9083 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.90
83.xml">
<!ENTITY RFC7484 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.74
84.xml">
<!ENTITY RFC8056 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.80
56.xml">
<!ENTITY RFC8280 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.82
80.xml">
<!ENTITY DOI.10.5325_jinfopoli.11.2021.0376 SYSTEM "https://bib.ietf.org/public/
rfc/bibxml7/reference.DOI.10.5325/jinfopoli.11.2021.0376.xml?anchor=Badii2021">
<!ENTITY RFC3365 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.33
65.xml">
]> ]>
<rfc ipr="trust200902" docName="draft-farrell-tenyearsafter-05" category="info" <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft
submissionType="independent" tocInclude="true" sortRefs="true" symRefs="true"> -farrell-tenyearsafter-05" number="9446" submissionType="independent" category="
<front> info" tocInclude="true" sortRefs="true" symRefs="true" updates="" obsoletes="" x
<title abbrev="Ten Years After">Reflections on Ten Years Past The Snowden Re ml:lang="en" version="3">
velations</title>
<front>
<title abbrev="Ten Years After">Reflections on Ten Years Past the Snowden Re
velations</title>
<seriesInfo name="RFC" value="9446"/>
<author initials="S." surname="Farrell" fullname="Stephen Farrell"> <author initials="S." surname="Farrell" fullname="Stephen Farrell">
<organization>Trinity College, Dublin</organization> <organization>Trinity College, Dublin</organization>
<address> <address>
<postal> <postal>
<country>Ireland</country> <country>Ireland</country>
</postal> </postal>
<email>stephen.farrell@cs.tcd.ie</email> <email>stephen.farrell@cs.tcd.ie</email>
</address> </address>
</author> </author>
<author initials="F." surname="Badii" fullname="Farzaneh Badii"> <author initials="F." surname="Badii" fullname="Farzaneh Badii">
<organization>Digital Medusa</organization> <organization>Digital Medusa</organization>
<address> <address>
<email>farzaneh.badii@gmail.com</email> <email>farzaneh.badii@gmail.com</email>
</address> </address>
</author> </author>
<author initials="B." surname="Schneier" fullname="Bruce Schneier"> <author initials="B." surname="Schneier" fullname="Bruce Schneier">
<organization>Harvard University</organization> <organization>Harvard University</organization>
<address> <address>
<postal> <postal>
<country>USA</country> <country>United States of America</country>
</postal> </postal>
<email>schneier@schneier.com</email> <email>schneier@schneier.com</email>
</address> </address>
</author> </author>
<author initials="S. M." surname="Bellovin" fullname="Steven M. Bellovin"> <author initials="S. M." surname="Bellovin" fullname="Steven M. Bellovin">
<organization>Columbia University</organization> <organization>Columbia University</organization>
<address> <address>
<postal> <postal>
<country>USA</country> <country>United States of America</country>
</postal> </postal>
<email>smb@cs.columbia.edu</email> <email>smb@cs.columbia.edu</email>
</address> </address>
</author> </author>
<date year="2023" month="July"/>
<date year="2023" month="June" day="20"/> <keyword>pervasive monitoring</keyword>
<keyword>privacy</keyword>
<keyword>Internet-Draft</keyword> <keyword>security</keyword>
<abstract> <abstract>
<t>This memo contains the thoughts and recountings of events that
<t>This memo contains the thoughts and recountings of events that transpired during and after the release of information about the United States N
transpired during and after the release of information about the NSA ational Security Agency (NSA)
by Edward Snowden in 2013. There are four perspectives: that of someone by Edward Snowden in 2013. There are four perspectives: that of someone
who was involved with sifting through the information to responsibly who was involved with sifting through the information to responsibly
inform the public, that of a security area director of the IETF, that of a human inform the public, that of a security area director of the IETF, that of a human
rights expert, and that of a computer science and law professor. The purpose rights expert, and that of a computer science and affiliate law professor. The p urpose
of this memo is to provide some historical perspective, while at the of this memo is to provide some historical perspective, while at the
same time offering a view as to what security and privacy challenges same time offering a view as to what security and privacy challenges
the technical community should consider.</t> the technical community should consider. These essays do not represent a consen
sus view, but that of the individual authors.
</t>
</abstract> </abstract>
</front> </front>
<middle> <middle>
<section anchor="introduction">
<section anchor="introduction"><name>Introduction</name> <name>Introduction</name>
<t>On June 6th, 2013, an article appeared in <em>The Guardian</em> <xref t
<t>On June 6th, 2013, an article appeared in <em>The Guardian</em> <xref target= arget="Guard2013"/>
"guard2013"/>
that was the beginning of a series of what have come to be known as that was the beginning of a series of what have come to be known as
the Snowden Revelations, describing certain activities of the United the Snowden revelations, describing certain activities of the United
States National Security Agency (NSA). These activities included, States National Security Agency (NSA). These activities included,
amongst others; secret court orders; secret agreements for the receipt amongst others: secret court orders; secret agreements for the receipt
of so-called "meta-information" that includes source, destination, and of so-called "meta-information" that includes source, destination, and
timing of communications; and tapping of communications lines. The timing of communications; and tapping of communications lines. The
breathtaking scope of the operations shocked the Internet technical breathtaking scope of the operations shocked the Internet technical
community that was reflected in a sea change within the IETF, IAB, community and resulted in a sea change within the IETF, IAB,
and other standards organizations.</t> and other standards organizations.</t>
<t>Now that some years have passed, it seems appropriate to reflect on tha
<t>Now that some years have passed, it seems appropriate to reflect on that t
period of time, to consider what effect the community's actions had, period of time and to consider what effect the community's actions had,
where security has improved, how the threat surface has evolved, what where security has improved, how the threat surface has evolved, what
areas haven't improved, and where the community might invest future areas haven't improved, and where the community might invest future
efforts.</t> efforts.</t>
<t>Bruce Schneier begins this compendium of individual essays by bringing
<t>Bruce Schneier begins this compendium of individual essays by bringing
us back to 2013, recalling how it was for him and others to report us back to 2013, recalling how it was for him and others to report
what was happening, and the mindset of those involved. Next, Stephen what was happening, and the mindset of those involved. Next, Stephen
Farrell reviews the technical community's reactions and in particular Farrell reviews the technical community's reactions and in particular
the reactions of the IETF community, technical advances, and where the reactions of the IETF community, technical advances, and where
threats remain. Then Farzaneh Badii discusses the impact of those threats remain. Then Farzaneh Badii discusses the impact of those
advances – or lack thereof – on human rights. Finally Steven advances -- or lack thereof -- on human rights. Finally Steven
M. Bellovin puts the Snowden revelations into an ever-evolving M. Bellovin puts the Snowden revelations into an ever-evolving
historical context of secrets and secret stealing that spans historical context of secrets and secret stealing that spans
centuries, closing with some suggestions for IETF.</t> centuries, closing with some suggestions for IETF.</t>
<t>Readers are invited to consider what impact we as a community have
<t>Readers are invited to consider what impact we as a community have
had, what challenges remain, and what positive contribution the had, what challenges remain, and what positive contribution the
technical community can and should make to address security and technical community can and should make to address security and
privacy of citizens of the world.</t> privacy of citizens of the world.</t>
<t>-- Eliot Lear, Independent Submissions Editor for the RFC Series</t>
<t>-- Eliot Lear, Independent Submissions Editor for the RFC Series</t> </section>
<section anchor="bruce-schneier-snowden-ten-years-later">
</section> <name>Bruce Schneier: Snowden Ten Years Later</name>
<section anchor="bruce-schneier-snowden-ten-years-later"><name>Bruce Schneier: S <t>In 2013 and 2014, I wrote extensively about new revelations regarding
nowden Ten Years Later</name>
<t>In 2013 and 2014, I wrote extensively about new revelations regarding
NSA surveillance based on the documents provided by Edward NSA surveillance based on the documents provided by Edward
Snowden. But I had a more personal involvement as well.</t> Snowden. But I had a more personal involvement as well.</t>
<t>I wrote the essay below in September 2013. <em>The New Yorker</em> agre
<t>I wrote the essay below in September 2013. The <em>New Yorker</em> agreed to ed to
publish it, but the <em>Guardian</em> asked me not to. It was publish it, but <em>The Guardian</em> asked me not to. It was
scared of UK law enforcement, and worried that this essay would scared of UK law enforcement and worried that this essay would
reflect badly on it. And given that the UK police would raid its reflect badly on it. And given that the UK police would raid its
offices in July 2014, it had legitimate cause to be worried.</t> offices in July 2014, it had legitimate cause to be worried.</t>
<t>Now, ten years later, I offer this as a time capsule of what those
<t>Now, ten years later, I offer this as a time capsule of what those
early months of Snowden were like.</t> early months of Snowden were like.</t>
<blockquote>
<t>**********</t> <t>It's a surreal experience, paging through hundreds of top-secret NSA
documents. You're peering into a forbidden world: strange, confusing,
<t>It’s a surreal experience, paging through hundreds of top-secret NSA
documents. You’re peering into a forbidden world: strange, confusing,
and fascinating all at the same time.</t> and fascinating all at the same time.</t>
<t>I had flown down to Rio de Janeiro in late August at the request of
<t>I had flown down to Rio de Janeiro in late August at the request of
Glenn Greenwald. He had been working on the Edward Snowden archive for Glenn Greenwald. He had been working on the Edward Snowden archive for
a couple of months, and had a pile of more technical documents that he a couple of months, and had a pile of more technical documents that he
wanted help interpreting. According to Greenwald, Snowden also thought wanted help interpreting. According to Greenwald, Snowden also thought
that bringing me down was a good idea.</t> that bringing me down was a good idea.</t>
<t>It made sense. I didn't know either of them, but I have been writing
<t>It made sense. I didn't know either of them, but I have been writing
about cryptography, security, and privacy for decades. I could about cryptography, security, and privacy for decades. I could
decipher some of the technical language that Greenwald had difficulty decipher some of the technical language that Greenwald had difficulty
with, and understand the context and importance of various with, and understand the context and importance of various
document. And I have long been publicly critical of the NSAs document. And I have long been publicly critical of the NSA's
eavesdropping capabilities. My knowledge and expertise could help eavesdropping capabilities. My knowledge and expertise could help
figure out which stories needed to be reported.</t> figure out which stories needed to be reported.</t>
<t>I thought about it a lot before agreeing. This was before David
<t>I thought about it a lot before agreeing. This was before David Miranda, Greenwald's partner, was detained at Heathrow airport by the
Miranda, Greenwald’s partner, was detained at Heathrow airport by the
UK authorities; but even without that, I knew there was a risk. I fly UK authorities; but even without that, I knew there was a risk. I fly
a lot—a quarter of a million miles per year—and being put on a TSA a lot -- a quarter of a million miles per year -- and being put on a TSA
list, or being detained at the US border and having my electronics list, or being detained at the US border and having my electronics
confiscated, would be a major problem. So would the FBI breaking into my confiscated, would be a major problem. So would the FBI breaking into my
home and seizing my personal electronics. But in the end, that made me home and seizing my personal electronics. But in the end, that made me
more determined to do it.</t> more determined to do it.</t>
<t>I did spend some time on the phone with the attorneys recommended to
<t>I did spend some time on the phone with the attorneys recommended to
me by the ACLU and the EFF. And I talked about it with my partner, me by the ACLU and the EFF. And I talked about it with my partner,
especially when Miranda was detained three days before my departure. especially when Miranda was detained three days before my departure.
Both Greenwald and his employer, the <em>Guardian</em>, are careful about whom Both Greenwald and his employer, <em>The Guardian</em>, are careful about whom
they show the documents to. They publish only those portions essential they show the documents to. They publish only those portions essential
to getting the story out. It was important to them that I be a to getting the story out. It was important to them that I be a
co-author, not a source. I didn’t follow the legal reasoning, but the co-author, not a source. I didn't follow the legal reasoning, but the
point is that the <em>Guardian</em> doesn’t want to leak the documents to point is that <em>The Guardian</em> doesn't want to leak the documents to
random people. It will, however, write stories in the public interest, random people. It will, however, write stories in the public interest,
and I would be allowed to review the documents as part of that and I would be allowed to review the documents as part of that
process. So after a Skype conversation with someone at the <em>Guardian</em>, I process. So after a Skype conversation with someone at <em>The Guardian</em>, I
signed a letter of engagement.</t> signed a letter of engagement.</t>
<t>And then I flew to Brazil.</t>
<t>And then I flew to Brazil.</t> <t>I saw only a tiny slice of the documents, and most of what I saw was
<t>I saw only a tiny slice of the documents, and most of what I saw was
surprisingly banal. The concerns of the top-secret world are largely surprisingly banal. The concerns of the top-secret world are largely
tactical: system upgrades, operational problems owing to weather, tactical: system upgrades, operational problems owing to weather,
delays because of work backlogs, and so on. I paged through weekly delays because of work backlogs, and so on. I paged through weekly
reports, presentation slides from status meetings, and general reports, presentation slides from status meetings, and general
briefings to educate visitors. Management is management, even inside briefings to educate visitors. Management is management, even inside
the NSA Reading the documents, I felt as though I were sitting through the NSA. Reading the documents, I felt as though I were sitting through
some of those endless meetings.</t> some of those endless meetings.</t>
<t>The meeting presenters try to spice things up. Presentations regularly
<t>The meeting presenters try to spice things up. Presentations regularly include intelligence success stories. There were details -- what had been
include intelligence success stories. There were details—what had been found, and how, and where it helped -- and sometimes there were attaboys
found, and how, and where it helped—and sometimes there were attaboys from "customers" who used the intelligence. I'm sure these are
from “customers” who used the intelligence. I’m sure these are intended to remind NSA employees that they're doing good. It
intended to remind NSA employees that they’re doing good. It
definitely had an effect on me. Those were all things I want the NSA definitely had an effect on me. Those were all things I want the NSA
to be doing.</t> to be doing.</t>
<t>There were so many code names. Everything has one: every program,
<t>There were so many code names. Everything has one: every program,
every piece of equipment, every piece of software. Sometimes code every piece of equipment, every piece of software. Sometimes code
names had their own code names. The biggest secrets seem to be the names had their own code names. The biggest secrets seem to be the
underlying real-world information: which particular company underlying real-world information: which particular company
MONEYROCKET is; what software vulnerability EGOTISTICALGIRAFFE—really, MONEYROCKET is; what software vulnerability EGOTISTICALGIRAFFE -- really,
I am not making that one up—is; how TURBINE works. Those secrets I am not making that one up -- is; how TURBINE works. Those secrets
collectively have a code name—ECI, for exceptionally compartmented collectively have a code name -- ECI, for exceptionally compartmented
information—and almost never appear in the documents. Chatting with information -- and almost never appear in the documents. Chatting with
Snowden on an encrypted IM connection, I joked that the NSA cafeteria Snowden on an encrypted IM connection, I joked that the NSA cafeteria
menu probably has code names for menu items. His response: “Trust me menu probably has code names for menu items. His response: "Trust me
when I say you have no idea.”</t> when I say you have no idea."</t>
<t>Those code names all come with logos, most of them amateurish and a
<t>Those code names all come with logos, most of them amateurish and a
lot of them dumb. Note to the NSA: take some of that more than lot of them dumb. Note to the NSA: take some of that more than
ten-billion-dollar annual budget and hire yourself a design ten-billion-dollar annual budget and hire yourself a design
firm. Really; it’ll pay off in morale.</t> firm. Really; it'll pay off in morale.</t>
<t>Once in a while, though, I would see something that made me stop,
<t>Once in a while, though, I would see something that made me stop, stand up, and pace around in circles. It wasn't that what I read was
stand up, and pace around in circles. It wasn’t that what I read was
particularly exciting, or important. It was just that it was particularly exciting, or important. It was just that it was
startling. It changed—ever so slightly—how I thought about the world.</t> startling. It changed -- ever so slightly -- how I thought about the world.</t>
<t>Greenwald said that that reaction was normal when people started
<t>Greenwald said that that reaction was normal when people started
reading through the documents.</t> reading through the documents.</t>
<t>Intelligence professionals talk about how disorienting it is living on
<t>Intelligence professionals talk about how disorienting it is living on the inside. You read so much classified information about the world's
the inside. You read so much classified information about the world’s
geopolitical events that you start seeing the world differently. You geopolitical events that you start seeing the world differently. You
become convinced that only the insiders know whats really going on, become convinced that only the insiders know what's really going on,
because the news media is so often wrong. Your family is because the news media is so often wrong. Your family is
ignorant. Your friends are ignorant. The world is ignorant. The only ignorant. Your friends are ignorant. The world is ignorant. The only
thing keeping you from ignorance is that constant stream of classified thing keeping you from ignorance is that constant stream of classified
knowledge. It’s hard not to feel superior, not to say things like “If knowledge. It's hard not to feel superior, not to say things like "If
you only knew what we know” all the time. I can understand how General you only knew what we know" all the time. I can understand how General
Keith Alexander, the director of the NSA, comes across as so Keith Alexander, the director of the NSA, comes across as so
supercilious; I only saw a minute fraction of that secret world, and I supercilious; I only saw a minute fraction of that secret world, and I
started feeling it.</t> started feeling it.</t>
<t>It turned out to be a terrible week to visit Greenwald, as he was
<t>It turned out to be a terrible week to visit Greenwald, as he was still dealing with the fallout from Miranda's detention. Two other
still dealing with the fallout from Miranda’s detention. Two other journalists, one from <em>The Nation</em> and the other from <em>The Hindu</em>,
journalists, one from the Nation and the other from the <em>Hindu</em>, were were
also in town working with him. A lot of my week involved Greenwald also in town working with him. A lot of my week involved Greenwald
rushing into my hotel room, giving me a thumb drive of new stuff to rushing into my hotel room, giving me a thumb drive of new stuff to
look through, and rushing out again.</t> look through, and rushing out again.</t>
<t>A technician from <em>The Guardian</em> got a search capability working
<t>A technician from the <em>Guardian</em> got a search capability working while while I
I was there, and I spent some time with it. Question: when you're given
was there, and I spent some time with it. Question: when you’re given the capability to search through a database of NSA secrets, what's the
the capability to search through a database of NSA secrets, what’s the
first thing you look for? Answer: your name.</t> first thing you look for? Answer: your name.</t>
<t>It wasn't there. Neither were any of the algorithm names I knew, not
<t>It wasn’t there. Neither were any of the algorithm names I knew, not
even algorithms I knew that the US government used.</t> even algorithms I knew that the US government used.</t>
<t>I tried to talk to Greenwald about his own operational security. It
<t>I tried to talk to Greenwald about his own operational security. It
had been incredibly stupid for Miranda to be traveling with NSA had been incredibly stupid for Miranda to be traveling with NSA
documents on the thumb drive. Transferring files electronically is documents on the thumb drive. Transferring files electronically is
what encryption is for. I told Greenwald that he and Laura Poitras what encryption is for. I told Greenwald that he and Laura Poitras
should be sending large encrypted files of dummy documents back and should be sending large encrypted files of dummy documents back and
forth every day.</t> forth every day.</t>
<t>Once, at Greenwald's home, I walked into the backyard and looked for
<t>Once, at Greenwald’s home, I walked into the backyard and looked for TEMPEST receivers hiding in the trees. I didn't find any, but that
TEMPEST receivers hiding in the trees. I didn’t find any, but that doesn't mean they weren't there. Greenwald has a lot of dogs, but I
doesn’t mean they weren’t there. Greenwald has a lot of dogs, but I don't think that would hinder professionals. I'm sure that a bunch of
don’t think that would hinder professionals. I’m sure that a bunch of
major governments have a complete copy of everything Greenwald major governments have a complete copy of everything Greenwald
has. Maybe the black bag teams bumped into each other in those early has. Maybe the black bag teams bumped into each other in those early
weeks.</t> weeks.</t>
<t>I started doubting my own security procedures. Reading about the NSA's
<t>I started doubting my own security procedures. Reading about the NSA’s
hacking abilities will do that to you. Can it break the encryption on hacking abilities will do that to you. Can it break the encryption on
my hard drive? Probably not. Has the company that makes my encryption my hard drive? Probably not. Has the company that makes my encryption
software deliberately weakened the implementation for it? software deliberately weakened the implementation for it?
Probably. Are NSA agents listening in on my calls back to the US? Very Probably. Are NSA agents listening in on my calls back to the US? Very
probably. Could agents take control of my computer over the Internet probably. Could agents take control of my computer over the Internet
if they wanted to? Definitely. In the end, I decided to do my best and if they wanted to? Definitely. In the end, I decided to do my best and
stop worrying about it. It was the agencys documents, after all. And stop worrying about it. It was the agency's documents, after all. And
what I was working on would become public in a few weeks.</t> what I was working on would become public in a few weeks.</t>
<t>I wasn't sleeping well, either. A lot of it was the sheer magnitude of
<t>I wasn't sleeping well, either. A lot of it was the sheer magnitude of
what I saw. It's not that any of it was a real surprise. Those of us what I saw. It's not that any of it was a real surprise. Those of us
in the information security community had long assumed that the NSA in the information security community had long assumed that the NSA
was doing things like this. But we never really sat down and figured was doing things like this. But we never really sat down and figured
out the details, and to have the details confirmed made a big out the details, and to have the details confirmed made a big
difference. Maybe I can make it clearer with an analogy. Everyone difference. Maybe I can make it clearer with an analogy. Everyone
knows that death is inevitable; there's absolutely no surprise about knows that death is inevitable; there's absolutely no surprise about
that. Yet it arrives as a surprise, because we spend most of our lives that. Yet it arrives as a surprise, because we spend most of our lives
refusing to think about it. The NSA documents were a bit like refusing to think about it. The NSA documents were a bit like
that. Knowing that it is surely true that the NSA is eavesdropping on that. Knowing that it is surely true that the NSA is eavesdropping on
the world, and doing it in such a methodical and robust manner, is the world, and doing it in such a methodical and robust manner, is
very different from coming face-to-face with the reality that it is very different from coming face-to-face with the reality that it is
and the details of how it is doing it.</t> and the details of how it is doing it.</t>
<t>I also found it incredibly difficult to keep the secrets.
<t>I also found it incredibly difficult to keep the secrets. The <em>The Guardian</em>'s process is slow and methodical. I move much faster. I
<em>Guardian</em>’s process is slow and methodical. I move much faster. I
drafted stories based on what I found. Then I wrote essays about those drafted stories based on what I found. Then I wrote essays about those
stories, and essays about the essays. Writing was therapy; I would stories, and essays about the essays. Writing was therapy; I would
wake up in the wee hours of the morning, and write an essay. But that wake up in the wee hours of the morning, and write an essay. But that
put me at least three levels beyond what was published.</t> put me at least three levels beyond what was published.</t>
<t>Now that my involvement is out, and my first essays are out, I feel a
<t>Now that my involvement is out, and my first essays are out, I feel a
lot better. I'm sure it will get worse again when I find another lot better. I'm sure it will get worse again when I find another
monumental revelation; there are still more documents to go through.</t> monumental revelation; there are still more documents to go through.</t>
<t>I've heard it said that Snowden wants to damage America. I can say
<t>I’ve heard it said that Snowden wants to damage America. I can say
with certainty that he does not. So far, everyone involved in this with certainty that he does not. So far, everyone involved in this
incident has been incredibly careful about what is released to the incident has been incredibly careful about what is released to the
public. There are many documents that could be immensely harmful to public. There are many documents that could be immensely harmful to
the US, and no one has any intention of releasing them. The documents the US, and no one has any intention of releasing them. The documents
the reporters release are carefully redacted. Greenwald and I the reporters release are carefully redacted. Greenwald and I
repeatedly debated with <em>Guardian</em> editors the newsworthiness of story repeatedly debated with <em>The Guardian</em> editors the newsworthiness of stor y
ideas, stressing that we would not expose government secrets simply ideas, stressing that we would not expose government secrets simply
because they’re interesting.</t> because they're interesting.</t>
<t>The NSA got incredibly lucky; this could have ended with a massive
<t>The NSA got incredibly lucky; this could have ended with a massive public dump like Chelsea Manning's State Department cables. I suppose
public dump like Chelsea Manning’s State Department cables. I suppose
it still could. Despite that, I can imagine how this feels to the NSA. it still could. Despite that, I can imagine how this feels to the NSA.
Its used to keeping this stuff behind multiple levels of security: It's used to keeping this stuff behind multiple levels of security:
gates with alarms, armed guards, safe doors, and military-grade gates with alarms, armed guards, safe doors, and military-grade
cryptography. Its not supposed to be on a bunch of thumb drives in cryptography. It's not supposed to be on a bunch of thumb drives in
Brazil, Germany, the UK, the US, and who knows where else, protected Brazil, Germany, the UK, the US, and who knows where else, protected
largely by some random peoples opinions about what should or should largely by some random people's opinions about what should or should
not remain secret. This is easily the greatest intelligence failure in not remain secret. This is easily the greatest intelligence failure in
the history of ever. Its amazing that one person could have had so the history of ever. It's amazing that one person could have had so
much access with so little accountability, and could sneak all of this much access with so little accountability, and could sneak all of this
data out without raising any alarms. The odds are close to zero that data out without raising any alarms. The odds are close to zero that
Snowden is the first person to do this; he’s just the first person to Snowden is the first person to do this; he's just the first person to
make public that he did. It’s a testament to General Alexander’s power make public that he did. It's a testament to General Alexander's power
that he hasn’t been forced to resign.</t> that he hasn't been forced to resign.</t>
<t>It's not that we weren't being careful about security, it's that our
<t>It’s not that we weren’t being careful about security, it’s that our standards of care are so different. From the NSA's point of view,
standards of care are so different. From the NSA’s point of view, we're all major security risks, myself included. I was taking notes
we’re all major security risks, myself included. I was taking notes
about classified material, crumpling them up, and throwing them into about classified material, crumpling them up, and throwing them into
the wastebasket. I was printing documents marked “TOP the wastebasket. I was printing documents marked "TOP
SECRET/COMINT/NOFORN” in a hotel lobby. And once, I took the wrong SECRET/COMINT/NOFORN" in a hotel lobby. And once, I took the wrong
thumb drive with me to dinner, accidentally leaving the unencrypted thumb drive with me to dinner, accidentally leaving the unencrypted
one filled with top-secret documents in my hotel room. It was an one filled with top-secret documents in my hotel room. It was an
honest mistake; they were both blue.</t> honest mistake; they were both blue.</t>
<t>If I were an NSA employee, the policy would be to fire me for that alon
<t>If I were an NSA employee, the policy would be to fire me for that alone.</t> e.</t>
<t>Many have written about how being under constant surveillance changes
<t>Many have written about how being under constant surveillance changes a person. When you know you're being watched, you censor yourself. You
a person. When you know you’re being watched, you censor yourself. You
become less open, less spontaneous. You look at what you write on your become less open, less spontaneous. You look at what you write on your
computer and dwell on what youve said on the telephone, wonder how it computer and dwell on what you've said on the telephone, wonder how it
would sound taken out of context, from the perspective of a would sound taken out of context, from the perspective of a
hypothetical observer. Youre more likely to conform. You suppress hypothetical observer. You're more likely to conform. You suppress
your individuality. Even though I have worked in privacy for decades, your individuality. Even though I have worked in privacy for decades,
and already knew a lot about the NSA and what it does, the change was and already knew a lot about the NSA and what it does, the change was
palpable. That feeling hasnt faded. I am now more careful about what palpable. That feeling hasn't faded. I am now more careful about what
I say and write. I am less trusting of communications technology. I am I say and write. I am less trusting of communications technology. I am
less trusting of the computer industry.</t> less trusting of the computer industry.</t>
<t>After much discussion, Greenwald and I agreed to write three stories
<t>After much discussion, Greenwald and I agreed to write three stories
together to start. All of those are still in progress. In addition, I together to start. All of those are still in progress. In addition, I
wrote two commentaries on the Snowden documents that were recently wrote two commentaries on the Snowden documents that were recently
made public. There’s a lot more to come; even Greenwald hasn’t looked made public. There's a lot more to come; even Greenwald hasn't looked
through everything.</t> through everything.</t>
<t>Since my trip to Brazil (one month before), I've flown back to the US
<t>Since my trip to Brazil [one month before], I’ve flown back to the US once and domestically seven times -- all without incident. I'm not on any
once and domestically seven times—all without incident. I’m not on any
list yet. At least, none that I know about.</t> list yet. At least, none that I know about.</t>
</blockquote>
<t>**********</t> <t>As it happened, I didn't write much more with Greenwald or
<em>The Guardian</em>. Those two had a falling out, and by the time everything
<t>As it happened, I didn’t write much more with Greenwald or the
<em>Guardian</em>. Those two had a falling out, and by the time everything
settled and both began writing about the documents settled and both began writing about the documents
independently—Greenwald at the newly formed website the <em>Intercept</em>—I independently -- Greenwald at the newly formed website <em>The Intercept</em> -- I
got cut out of the process somehow. I remember hearing that Greenwald got cut out of the process somehow. I remember hearing that Greenwald
was annoyed with me, but I never learned the reason. We havent spoken was annoyed with me, but I never learned the reason. We haven't spoken
since.</t> since.</t>
<t>Still, I was happy with the one story I was part of: how the NSA hacks
<t>Still, I was happy with the one story I was part of: how the NSA hacks Tor. I consider it a personal success that I pushed <em>The Guardian</em> to
Tor. I consider it a personal success that I pushed the <em>Guardian</em> to publish NSA documents detailing QUANTUM. I don't think that would have
publish NSA documents detailing QUANTUM. I don’t think that would have
gotten out any other way. And I still use those pages today when I gotten out any other way. And I still use those pages today when I
teach cybersecurity to policymakers at the Harvard Kennedy School.</t> teach cybersecurity to policymakers at the Harvard Kennedy School.</t>
<t>Other people wrote about the Snowden files, and wrote a lot. It was a
<t>Other people wrote about the Snowden files, and wrote a lot. It was a
slow trickle at first, and then a more consistent flow. Between slow trickle at first, and then a more consistent flow. Between
Greenwald, Bart Gellman, and the <em>Guardian</em> reporters, there ended up Greenwald, Bart Gellman, and <em>The Guardian</em> reporters, there ended up
being steady stream of news. (Bart brought in Ashkan Soltani to help being steady stream of news. (Bart brought in Ashkan Soltani to help
him with the technical aspects, which was a great move on his part, him with the technical aspects, which was a great move on his part,
even if it cost Ashkan a government job later.) More stories were even if it cost Ashkan a government job later.) More stories were
covered by other publications.</t> covered by other publications.</t>
<t>It started getting weird. Both Greenwald and Gellman held documents
<t>It started getting weird. Both Greenwald and Gellman held documents
back so they could publish them in their books. Jake Appelbaum, who back so they could publish them in their books. Jake Appelbaum, who
had not yet been accused of sexual assault by multiple women, was had not yet been accused of sexual assault by multiple women, was
working with Poitras. He partnered with Spiegel to release an implant working with Poitras. He partnered with <em>Der Spiegel</em> to release an impla
catalog from the NSA’s Tailored Access Operations group. To this day, nt
I am convinced that that document was not in the Snowden archives: catalog from the NSA's Tailored Access Operations group. To this day,
I am convinced that the document was not in the Snowden archives:
that Jake got it somehow, and it was released with the implication that Jake got it somehow, and it was released with the implication
that it was from Edward Snowden. I thought it was important enough that it was from Edward Snowden. I thought it was important enough
that I started writing about each item in that document in my blog: that I started writing about each item in that document in my blog:
”NSA Exploit of the Week.” That got my website blocked by the DoD: I "NSA Exploit of the Week." That got my website blocked by the DoD: I
keep a framed print of the censor’s message on my wall.</t> keep a framed print of the censor's message on my wall.</t>
<t>Perhaps the most surreal document disclosures were when artists
<t>Perhaps the most surreal document disclosures were when artists
started writing fiction based on the documents. This was in 2016, when started writing fiction based on the documents. This was in 2016, when
Laura Poitras built a secure room in New York to house the Laura Poitras built a secure room in New York to house the
documents. By then, the documents were years out of date. And now documents. By then, the documents were years out of date. And now
theyre over a decade out of date. (They were leaked in 2013, but most they're over a decade out of date. (They were leaked in 2013, but most
of them were from 2012 or before.)</t> of them were from 2012 or before.)</t>
<t>I ended up being something of a public ambassador for the
<t>I ended up being something of a public ambassador for the
documents. When I got back from Rio, I gave talks at a private documents. When I got back from Rio, I gave talks at a private
conference in Woods Hole, the Berkman Center at Harvard, something conference in Woods Hole, the Berkman Center at Harvard, something
called the Congress and Privacy and Surveillance in Geneva, events at called the Congress on Privacy and Surveillance in Geneva, events at
both CATO and New America in DC, an event at the University of both CATO and New America in DC, an event at the University of
Pennsylvania, an event at EPIC and a “Stop Watching Us” rally in DC, Pennsylvania, an event at EPIC, a "Stop Watching Us" rally in DC,
the RISCS conference in London, the ISF in Paris, and...then...at the the RISCS conference in London, the ISF in Paris, and...then...at the
IETF meeting in Vancouver in November 2013. (I remember little of IETF meeting in Vancouver in November 2013. (I remember little of
this; I am reconstructing it all from my calendar.)</t> this; I am reconstructing it all from my calendar.)</t>
<t>What struck me at the IETF was the indignation in the room, and the
<t>What struck me at the IETF was the indignation in the room, and the
calls to action. And there was action, across many fronts. We calls to action. And there was action, across many fronts. We
technologists did a lot to help secure the Internet, for example.</t> technologists did a lot to help secure the Internet, for example.</t>
<t>The government didn't do its part, though. Despite the public outcry,
<t>The government didn’t do its part, though. Despite the public outcry,
investigations by Congress, pronouncements by President Obama, and investigations by Congress, pronouncements by President Obama, and
federal court rulings, I dont think much has changed. The NSA federal court rulings, I don't think much has changed. The NSA
canceled a program here and a program there, and it is now more public canceled a program here and a program there, and it is now more public
about defense. But I dont think it is any less aggressive about about defense. But I don't think it is any less aggressive about
either bulk or targeted surveillance. Certainly its government either bulk or targeted surveillance. Certainly its government
authorities havent been restricted in any way. And surveillance authorities haven't been restricted in any way. And surveillance
capitalism is still the business model of the Internet.</t> capitalism is still the business model of the Internet.</t>
<t>And Edward Snowden? We were in contact for a while on Signal. I
<t>And Edward Snowden? We were in contact for a while on Signal. I visited him once in Moscow, in 2016. And I had him do a guest
visited him once in Moscow, in 2016. And I had him do an guest
lecture to my class at Harvard for a few years, remotely by lecture to my class at Harvard for a few years, remotely by
Jitsi. Afterwards, I would hold a session where I promised to answer Jitsi. Afterwards, I would hold a session where I promised to answer
every question he would evade or not answer, explain every response he every question he would evade or not answer, explain every response he
did give, and be candid in a way that someone with an outstanding did give, and be candid in a way that someone with an outstanding
arrest warrant simply cannot. Sometimes I thought I could channel arrest warrant simply cannot. Sometimes I thought I could channel
Snowden better than he could.</t> Snowden better than he could.</t>
<t>But now it's been a decade. Everything he knows is old and out of
<t>But now it’s been a decade. Everything he knows is old and out of
date. Everything we know is old and out of date. The NSA suffered an date. Everything we know is old and out of date. The NSA suffered an
even worse leak of its secrets by the Russians, under the guise of the even worse leak of its secrets by the Russians, under the guise of the
Shadow Brokers, in 2016 and 2017. The NSA has rebuilt. It again has Shadow Brokers, in 2016 and 2017. The NSA has rebuilt. It again has
capabilities we can only surmise.</t> capabilities we can only surmise.</t>
</section>
</section> <section anchor="stephen-farrell-ietf-and-internet-technical-community-react
<section anchor="stephen-farrell-ietf-and-internet-technical-community-reaction" ion">
><name>Stephen Farrell: IETF and Internet Technical community reaction</name> <name>Stephen Farrell: IETF and Internet Technical Community Reaction</nam
e>
<t>In 2013, the IETF and, more broadly, the Internet technical, security and <t>In 2013, the IETF and, more broadly, the Internet technical, security,
and
privacy research communities, were surprised by the surveillance and attack privacy research communities, were surprised by the surveillance and attack
efforts exposed by the Snowden revelations. <xref target="timeline"/> While the efforts exposed by the Snowden revelations <xref target="Timeline"/>. While the
potential for such was known, it was the scale and pervasiveness of the potential for such was known, it was the scale and pervasiveness of the
activities disclosed that was alarming and, I think it fair to say, quite activities disclosed that was alarming and, I think it fair to say, quite
annoying, for very many Internet engineers.</t> annoying, for very many Internet engineers.</t>
<t>As for the IETF's reaction, informal meetings during the July 2013 IETF
<t>As for the IETF's reaction, informal meetings during the July 2013 IETF meeti meeting
ng
in Berlin indicated that IETF participants considered that these revelations in Berlin indicated that IETF participants considered that these revelations
showed that we needed to do more to improve the security and privacy properties showed that we needed to do more to improve the security and privacy properties
of IETF protocols, and to help ensure deployments made better use of the of IETF protocols, and to help ensure deployments made better use of the
security and privacy mechanisms that already existed. In August, the IETF set up security and privacy mechanisms that already existed. In August, the IETF set up
a new mailing list <xref target="perpass"/> that ended up being a useful venue f or triaging a new mailing list <xref target="Perpass"/>, which became a useful venue for tri aging
proposals for work on these topics. At the November 2013 IETF meeting, there proposals for work on these topics. At the November 2013 IETF meeting, there
was a lively and very well attended plenary session <xref target="plenary-video" /> on was a lively and very well attended plenary session <xref target="Plenary-video" /> on
"hardening the Internet" against such attacks, followed by a "birds of a "hardening the Internet" against such attacks, followed by a "birds of a
feather" <xref target="Perpass-BoF"/> devoted to more detailed discussion of pos feather" session <xref target="Perpass-BoF"/> devoted to more detailed discussio
sible n of possible
actions in terms of new working groups, protocols and best-current-practice actions in terms of new working groups, protocols, and Best Current Practice
(BCP) documents that could help improve matters. This was followed in (BCP) documents that could help improve matters. This was followed in
February/March 2014 by a joint IAB/W3C workshop on "strengthening the Internet February/March 2014 by a joint IAB/W3C workshop on "strengthening the Internet
against pervasive monitoring" <xref target="STRINT"/> held in London and attende d by 150 against pervasive monitoring" <xref target="STRINT"/> held in London and attende d by 150
engineers (still the only IAB workshop in my experience where we needed a engineers (still the only IAB workshop in my experience where we needed a
wait-list for people after capacity for the venue was reached!). The STRINT waiting list for people after capacity for the venue was reached!). The STRINT
workshop report was eventually published as <xref target="RFC7687"/> in 2015, bu t in the workshop report was eventually published as <xref target="RFC7687"/> in 2015, bu t in the
meantime work proceeded on a Best Current Practice (BCP) document codifying meantime, work proceeded on a BCP document codifying
that the IETF community considered that "pervasive monitoring is an attack" that the IETF community considered that "pervasive monitoring is an attack"
<xref target="RFC7258"/> (aka BCP188). The IETF last-call discussion for that sh <xref target="RFC7258"/> (aka BCP 188). The IETF Last Call discussion for that s
ort hort
document included more than 1000 emails - while there was broad agreement on document included more than 1000 emails -- while there was broad agreement on
the overall message, a number of IETF participants considered enshrining that the overall message, a number of IETF participants considered enshrining that
message in the RFC series and IETF processes was controversial. In any case the message in the RFC Series and IETF processes controversial. In any case, the
BCP was published in May 2014. The key statement on which rough consensus was BCP was published in May 2014. The key statement on which rough consensus was
reached is in the abstract of RFC7258 and says "Pervasive monitoring is a reached is in the abstract of RFC 7258 and says "Pervasive monitoring is a
technical attack that should be mitigated in the design of IETF protocols, technical attack that should be mitigated in the design of IETF protocols,
where possible." That document has since been referenced <xref target="refs-to-7 258"/> by where possible." That document has since been referenced <xref target="Refs-to-7 258"/> by
many IETF working groups and RFCs as justifying additional work on security and many IETF working groups and RFCs as justifying additional work on security and
privacy. Throughout that period and beyond, the repercussions of the Snowden privacy. Throughout that period and beyond, the repercussions of the Snowden
revelations remained a major and ongoing agenda item for both of the IETF's revelations remained a major and ongoing agenda item for both of the IETF's
main technical management bodies - the IAB and the IESG (on which I served at main technical management bodies, the IAB and the IESG (on which I served at
the time).</t> the time).</t>
<t>So far, I've only described the processes with which the IETF dealt wit
<t>So far, I've really only described the processes with which the IETF dealt wi h
th the attacks, but there was, of course, also much technical work started by IETF
the attacks, but there was of course also much technical work started by IETF
participants that was at least partly motivated by the Snowden revelations.</t> participants that was at least partly motivated by the Snowden revelations.</t>
<t>In November 2013, a working group was established to document better pr
<t>In November 2013 a working group was established to document better practices actices
for using TLS in applications <xref target="UTA"/> so that deployments would be less at risk for using TLS in applications <xref target="UTA"/> so that deployments would be less at risk
in the face of some of the attacks related to stripping TLS or having in the face of some of the attacks related to stripping TLS or having
applications mis-use TLS APIs or parameters. Similar work was done to update applications misuse TLS APIs or parameters. Similar work was done later to upda
recommendations for use of cryptography in other protocols in the <xref target=" te
CURDLE"/> recommendations for use of cryptography in other protocols in the CURDLE
working group later. The CURDLE working group was to an extent created to Working Group <xref target="CURDLE"/>. The CURDLE Working Group was, to an exte
nt, created to
enable use of a set of new elliptic curves that had been documented by the IRTF enable use of a set of new elliptic curves that had been documented by the IRTF
crypto forum research group. <xref target="CFRG"/> That work in turn had been pa rtly Crypto Forum Research Group <xref target="CFRG"/>. That work in turn had been pa rtly
motivated by (perhaps ultimately unfounded) concerns about elliptic curves motivated by (perhaps ultimately unfounded) concerns about elliptic curves
defined in NIST standards, following the DUAL_EC_DRBG debacle <xref target="dual -ec"/> defined in NIST standards, following the DUAL_EC_DRBG debacle <xref target="Dual -EC"/>
(described further below) where a (described further below) where a
NIST random number generator had been deliberately engineered to produce output NIST random number generator had been deliberately engineered to produce output
that could be vulnerable to NSA attack.</t> that could be vulnerable to NSA attack.</t>
<t>Work to develop a new version of TLS was started in 2014, mainly due to
<t>Work to develop a new version of TLS was started in 2014, mainly due to concerns that TLS 1.2 and earlier version implementations had been shown to be
concerns that TLSv1.2 and earlier version implementations had been shown to be vulnerable to a range of attacks over the years. The work to develop TLS 1.3
vulnerable to a range of attacks over the years. The work to develop TLSv1.3 <xref target="RFC8446"/> also aimed to encrypt more of the handshake so as to
<xref target="RFC8446"/> also however aimed to encrypt more of the handshake so expose less information to network observers -- a fairly direct result of the
as to
expose less information to network observers - a fairly direct result of the
Snowden revelations. Work to further improve TLS in this respect continues Snowden revelations. Work to further improve TLS in this respect continues
today using the so-called encrypted client hello (ECH) <xref target="I-D.ietf-tl today using the so-called Encrypted Client Hello (ECH) mechanism <xref target="I
s-esni"/> -D.ietf-tls-esni"/>
mechanism to remove one of the last privacy leaks present in current TLS.</t> to remove one of the last privacy leaks present in current TLS.</t>
<t>Work on ECH was enabled by significant developments to encrypt DNS traf
<t>Work on ECH was enabled by significant developments to encrypt DNS traffic, fic,
using DNS over TLS (DoT) <xref target="RFC7858"/> or DNS over HTTPS (DoH) <xref using DNS over TLS (DoT) <xref target="RFC7858"/> or DNS Queries over HTTPS (DoH
target="RFC8484"/> which also started as a result of ) <xref target="RFC8484"/>, which also started as a result of
the Snowden revelations. Prior to that, privacy hadn't really been considered the Snowden revelations. Prior to that, privacy hadn't really been considered
when it came to DNS data or (more importantly) the act of accessing DNS data. when it came to DNS data or (more importantly) the act of accessing DNS data.
The trend towards encrypting DNS traffic represents a significant change for The trend towards encrypting DNS traffic represents a significant change for
the Internet, both in terms of reducing cleartext, but also in terms of moving the Internet, both in terms of reducing cleartext, but also in terms of moving
points-of-control. The latter aspect was, and remains, controversial, but the points-of-control. The latter aspect was, and remains, controversial, but the
IETF did its job of defining new protocols that can enable better DNS privacy. IETF did its job of defining new protocols that can enable better DNS privacy.
Work on HTTP version 2 <xref target="RFC7540"/> and QUIC <xref target="RFC9000"/ Work on HTTP version 2 <xref target="RFC9113"/> and QUIC <xref target="RFC9000"/
> further demonstrates > further demonstrates
the trend in the IETF towards always-encrypting protocols as the new norm, at the trend in the IETF towards always encrypting protocols as the new norm, at
least at and above the transport layer.</t> least at and above the transport layer.</t>
<t>Of course, not all such initiatives bore fruit; for example, attempts t
<t>Of course, not all such initiatives bore fruit, for example attempts to defin o define
e a new MPLS encryption mechanism <xref target="I-D.ietf-mpls-opportunistic-encryp
a new MPLS encryption mechanism <xref target="I-D.farrelll-mpls-opportunistic-en t"/>
crypt"/>
foundered due to a lack of interest and the existence of the already deployed foundered due to a lack of interest and the existence of the already deployed
IEEE MACSEC scheme. But there has been a fairly clear trend towards trying to IEEE Media Access Control Security (MACsec) scheme. But there has been a fairly clear trend towards trying to
remove cleartext from the Internet as a precursor to provide improved privacy remove cleartext from the Internet as a precursor to provide improved privacy
when considering network observers as attackers.</t> when considering network observers as attackers.</t>
<t>The IETF, of course, forms only one part of the broader Internet techni
<t>The IETF, of course, forms only one part of the broader Internet technical cal
community, and there were many non-IETF activities triggered by the Snowden community, and there were many non-IETF activities triggered by the Snowden
revelations, a number of which also eventually resulted in new IETF work to revelations, a number of which also eventually resulted in new IETF work to
standardise better security and privacy mechanisms developed elsewhere.</t> standardise better security and privacy mechanisms developed elsewhere.</t>
<t>In 2013, the web was largely unencrypted despite HTTPS being relatively
<t>In 2013, the web was largely unencrypted despite HTTPS being relatively usable, and that was partly due to problems using the Web PKI at scale. The
usable and that was partly due to problems using the WebPKI at scale. The Let's Encrypt initiative <xref target="LE"/> issued its first certificates in 20
Let's Encrypt <xref target="LE"/> initiative issued its first certificates in 20 15 as
15 as
part of its aim to try to move the web part of its aim to try to move the web
towards being fully encrypted, and has been extremely successful in helping towards being fully encrypted, and it has been extremely successful in helping
achieve that goal. Subsequently, the automation protocols developed for achieve that goal. Subsequently, the automation protocols developed for
Let's Encrypt were standardised in the IETF's ACME <xref target="ACME"/> working Let's Encrypt were standardised in the IETF's ACME Working Group <xref target="A
group.</t> CME"/>.</t>
<t>In 2013, most email transport between mail servers was cleartext,
<t>In 2013, most email transport between mail servers was cleartext,
directly enabling some of the attacks documented in the Snowden documents. directly enabling some of the attacks documented in the Snowden documents.
Significant effort by major mail services and MTA software developers since Significant effort by major mail services and MTA software developers since
then have resulted in more than 90% of email being encrypted between mail then have resulted in more than 90% of email being encrypted between mail
servers and various IETF protocols have been defined in order to improve that servers, and various IETF protocols have been defined in order to improve that
situation, e.g., SMTP MTA Strict Transport Security (MTA-STS). <xref target="RFC situation, e.g., SMTP MTA Strict Transport Security (MTA-STS) <xref target="RFC8
8461"/></t> 461"/>.</t>
<t>Lastly, MAC addresses have historically been long-term fixed values vis
<t>Lastly, MAC addresses have historically been long-term fixed values visible t ible to
o
local networks (and beyond), which enabled some tracking attacks that were local networks (and beyond), which enabled some tracking attacks that were
documented in the Snowden documents. <xref target="Toronto"/> documented in the Snowden documents <xref target="Toronto"/>.
Implementers/vendors and the IEEE 802 Implementers, vendors, and the IEEE 802
standards group recognised this weakness and started work on MAC address standards group recognised this weakness and started work on MAC address
randomisation that in turn lead to the IETF's <xref target="MADINAS"/> working g roup that randomisation that in turn led to the IETF's MADINAS Working Group <xref target= "MADINAS"/>, which
aims to ensure randomised MAC addresses can be used on the Internet without aims to ensure randomised MAC addresses can be used on the Internet without
causing unintentional harm. causing unintentional harm.
There is also a history of IETF work on deprecating MAC-address based IPv6 inter There is also a history of IETF work on deprecating MAC-address-based IPv6 inter
face identifiers, face identifiers
advocating pseudo-random identifiers and temporary addresses, some of and advocating pseudorandom identifiers and temporary addresses, some of
which pre-dates Snowden. <xref target="RFC7217"/> <xref target="RFC8064"/> <xref which pre-dates Snowden <xref target="RFC7217"/> <xref target="RFC8064"/> <xref
target="RFC8981"/></t> target="RFC8981"/>.</t>
<t>In summary, the significantly large volume of technical work pursued in
<t>In summary, the significantly large volume of technical work pursued in the the
IETF and elsewhere as a result of the Snowden revelations has focussed on two IETF and elsewhere as a result of the Snowden revelations has focussed on two
main things: decreasing the amount of plaintext that remains visible to network main things: decreasing the amount of plaintext that remains visible to network
observers and secondly reducing the number of long-term identifiers that enable observers and secondly reducing the number of long-term identifiers that enable
unexpected identification or re-identification of devices or users. This work unexpected identification or re-identification of devices or users. This work
is not by any means complete, nor is deployment universal, but significant is not by any means complete, nor is deployment universal, but significant
progress has been made and the work continues even if the level of annoyance progress has been made, and the work continues even if the level of annoyance
at the attack has faded somewhat over time.</t> at the attack has faded somewhat over time.</t>
<t>One should also note that there has been pushback against these improve
<t>One should also note that there has been push-back against these improvements ments
in security and privacy and the changes they cause for deployments. That has in security and privacy and the changes they cause for deployments. That has
come from more or less two camps - those on whom these improvements force come from more or less two camps: those on whom these improvements force
change tend to react badly, but later figure out how to adjust. The second camp change tend to react badly, but later figure out how to adjust, and
being those who seemingly prefer not to strengthen security so as to for those who seemingly prefer not to strengthen security so as to, for
example continue to achieve what they call "visibility" even in the face of the example, continue to achieve what they call "visibility" even in the face of the
many engineers who correctly argue that such an anti-encryption approach many engineers who correctly argue that such an anti-encryption approach
inevitably leads to worse security overall. The recurring nature of this kind inevitably leads to worse security overall. The recurring nature of this kind
of push-back is nicely illustrated by <xref target="RFC1984"/>. That information al document of pushback is nicely illustrated by <xref target="RFC1984"/>. That informationa l document
was published in 1996 as an IETF response to an early iteration of the was published in 1996 as an IETF response to an early iteration of the
perennial "encryption is bad" argument. In 2015, the unmodified 1996 text was perennial "encryption is bad" argument. In 2015, the unmodified 1996 text was
upgraded to a Best Current Practice (BCP200) as the underlying arguments have upgraded to a BCP (BCP 200) as the underlying arguments have
not changed, and will not change.</t> not changed, and will not change.</t>
<t>Looking back on all the above from a 2023 vantage point, I think that,
<t>Looking back on all the above from a 2023 vantage point, I think that, as a as a
community of Internet engineers, we got a lot right, but that today there's way community of Internet engineers, we got a lot right, but that today there's way
more that needs to be done to better protect the security and privacy of people more that needs to be done to better protect the security and privacy of people
who use the Internet. In particular, we (the technical community) haven't done who use the Internet. In particular, we (the technical community) haven't done
nearly as good a job at countering surveillance capitalism <xref target="zubhoff 2019"/> which has exploded nearly as good a job at countering surveillance capitalism <xref target="Zubhoff 2019"/>, which has exploded
in the last decade. In part, that's because many of the problems are outside of in the last decade. In part, that's because many of the problems are outside of
the scope of bodies such as the IETF. For example, intrusive back-end sharing the scope of bodies such as the IETF. For example, intrusive backend sharing
of people's data for advertising purposes can't really be mitigated via of people's data for advertising purposes can't really be mitigated via
Internet protocols.</t> Internet protocols.</t>
<t>However, I also think that the real annoyance felt with respect to the
<t>However, I also think that the real annoyance felt with respect to the Snowde Snowden
n
revelations is (in general) not felt nearly as much when it comes to the legal revelations is (in general) not felt nearly as much when it comes to the legal
but hugely privacy-invasive activities of major employers of Internet but hugely privacy-invasive activities of major employers of Internet
engineers.</t> engineers.</t>
<t>It's noteworthy that RFC 7258 doesn't consider that bad actors are limi
<t>It's noteworthy that RFC7258 doesn't consider that bad actors are limited to ted to
governments, and personally, I think many advertising industry schemes for governments, and personally, I think many advertising industry schemes for
collecting data are egregious examples of pervasive monitoring and hence ought collecting data are egregious examples of pervasive monitoring and hence ought
also be considered an attack on the Internet that ought be mitigated where also be considered an attack on the Internet that ought be mitigated where
possible. However, the Internet technical community clearly hasn't acted in possible. However, the Internet technical community clearly hasn't acted in
that way over the last decade.</t> that way over the last decade.</t>
<t>Perhaps that indicates that Internet engineers and the bodies in which
<t>Perhaps that indicates that Internet engineers and the bodies in which they they
congregate need to place much more emphasis on standards for ethical behaviour congregate need to place much more emphasis on standards for ethical behaviour
than has been the case for the first half-century of the Internet. And while than has been the case for the first half-century of the Internet. And while
it would be good to see the current leaders of Internet bodies work to make it would be good to see the current leaders of Internet bodies work to make
progress in that regard, at the time of writing, it sadly seems more likely that progress in that regard, at the time of writing, it sadly seems more likely that
government regulators will be the ones to try force better behaviour. That of government regulators will be the ones to try force better behaviour. That of
course comes with a significant risk of having regulations that stymie the kind course comes with a significant risk of having regulations that stymie the kind
of permissionless innovation that characterised many earlier Internet of permissionless innovation that characterised many earlier Internet
successes.</t> successes.</t>
<t>So while we got a lot right in our reaction to Snowden's revelations,
<t>So while we got a lot right in our reaction to Snowden's revelations,
currently, we have a "worse" Internet. Nonetheless, I do still hope to see a currently, we have a "worse" Internet. Nonetheless, I do still hope to see a
sea-change there, as the importance of real Internet security and privacy for sea change there, as the importance of real Internet security and privacy for
people becomes utterly obvious to all, even the most hard core capitalists and people becomes utterly obvious to all, even the most hard-core capitalists and
government signals intelligence agencies. That may seem naive, but I remain government signals intelligence agencies. That may seem naive, but I remain
optimistic that as a fact-based community we (and eventually our employers) optimistic that, as a fact-based community, we (and eventually our employers)
will recognise that the lesser risk is to honestly aim to provide the best will recognise that the lesser risk is to honestly aim to provide the best
security and privacy practically possible.</t> security and privacy practically possible.</t>
</section>
</section> <section anchor="farzaneh-badii-did-snowdens-revelations-help-with-protectin
<section anchor="farzaneh-badii-did-snowdens-revelations-help-with-protecting-hu g-human-rights-on-the-internet">
man-rights-on-the-internet"><name>Farzaneh Badii: Did Snowden’s revelations help <name>Farzaneh Badii: Did Snowden's Revelations Help with Protecting Human
with protecting human rights on the Internet?</name> Rights on the Internet?</name>
<t>It is very difficult to empirically measure the effect of Snowden's
<t>It is very difficult to empirically measure the effect of Snowden's
revelations on human rights and the Internet. Anecdotally, we have revelations on human rights and the Internet. Anecdotally, we have
been witnessing dominant regulatory and policy approaches that impact been witnessing dominant regulatory and policy approaches that impact
technologies and services that are at the core of protecting human technologies and services that are at the core of protecting human
rights on the Internet. (A range of European Union laws that aims to rights on the Internet. (A range of European Union laws aims to
address online safety or concentration of data. There are many more address online safety or concentration of data. There are many more
regulations that have an impact on the Internet.<xref target="Masnick2023"/>) Th ere regulations that have an impact on the Internet <xref target="Masnick2023"/>.) T here
has been little progress in fixing technical and policy issues that has been little progress in fixing technical and policy issues that
help enable human rights. Snowden revelations did not have a help enable human rights. The Snowden revelations did not
revolutionary effect on our approach towards not using policies and revolutionize the Internet governance and
technical means that have an effect on human rights, such as freedom technical approaches to support human rights such as freedom
of expression, freedom of association and assembly and privacy. It did not decre of expression, freedom of association and assembly, and privacy. It did not decr
ase the number of ease the number of
Internet shutdowns, nor the eagerness of authoritarian (and even to some extent Internet shutdowns nor the eagerness of authoritarian (and even to some extent d
democratic) countries to territorialize the Internet. emocratic) countries to territorialize the Internet.
In some cases, the governments argued that they should have more data sovereignt y or Internet sovereignty. Perhaps the revelations helped with the evolution of some technical and policy aspects.</t> In some cases, the governments argued that they should have more data sovereignt y or Internet sovereignty. Perhaps the revelations helped with the evolution of some technical and policy aspects.</t>
<t>After Snowden's revelations 10 years ago, engineers and advocates at
<t>After Snowden’s revelations 10 years ago, engineers and advocates at the IETF responded in a few
the Internet Engineering Task Force (IETF) responded in a few ways. One prominent response was the issuance of a BCP
ways. One prominent response was the issuance of a Best Current document, "Pervasive Monitoring Is an Attack" <xref target="RFC7258"/> by
Practice document, “Pervasive Monitoring Is an Attack” <xref target="RFC7258"/> Farrell and Tschofenig. The responses to the Snowden revelations did not
by
Farrell and Tschofenig. The responses to Snowden revelations did not
mean that IETF had lost sight of issues such as privacy and mean that IETF had lost sight of issues such as privacy and
surveillance. There were instances of resistance to surveillance in surveillance. There were instances of resistance to surveillance in
the past by engineers (we do not delve into how successful that was in the past by engineers (we do not delve into how successful that was in
protecting human rights). But historically, many engineers believed protecting human rights). However, historically, many engineers believed
that widespread and habitual surveillance was too expensive to be that widespread and habitual surveillance was too expensive to be
practical. The revelations proved them wrong.</t> practical. The revelations proved them wrong.</t>
<t>Rights-centered activists were also involved with the IETF before the
<t>Rights-centered activists were also involved with the IETF before the
revelations. For example, staff from Center for Democracy and revelations. For example, staff from Center for Democracy and
Technology (CDT) was undertaking work at the IETF (and was a member of Technology (CDT) was undertaking work at the IETF (and was a member of
the Internet Architecture Board) and held workshops about the the Internet Architecture Board) and held workshops about the
challenges of creating privacy protective protocols and systems. The challenges of creating privacy-protective protocols and systems. The
technical shortcomings that were exploited by the National Security technical shortcomings that were exploited by the National Security
Agency to carry out mass-scale surveillance were recognized by the Agency to carry out mass-scale surveillance were recognized by the
IETF before the Snowden revelations <xref target="Garfinkel1995"/>,<xref target= IETF before the Snowden revelations <xref target="Garfinkel1995"/> <xref target=
"RFC6462"/>. In "RFC6462"/>. In
2012, Joy Liddicoat and Avri Doria wrote a report at Internet Society 2012, Joy Liddicoat and Avri Doria wrote a report for the Internet Society
which extensively discussed the processes and principles of human that extensively discussed the processes and principles of human
rights and Internet protocols <xref target="Doria2012"/>.</t> rights and Internet protocols <xref target="Doria2012"/>.</t>
<t>Perhaps the Snowden revelations brought more attention to the IETF and
<t>Perhaps the Snowden revelations brought more attention to the IETF and
its work as it related to important issues, such as privacy and its work as it related to important issues, such as privacy and
freedom of expression. It might have also expedited and helped with freedom of expression. It might have also expedited and helped with
more easily convening the Human Rights Protocol Considerations more easily convening the Human Rights Protocol Considerations
research group in the Internet Research Task Force (IRTF). Co-chaired Research Group (HRPC) in the Internet Research Task Force (IRTF) in July 2015. T he HRPC RG was originally co-chaired
by Niels ten Oever (who worked at Article 19 at the time) and Internet by Niels ten Oever (who worked at Article 19 at the time) and Internet
governance activist Avri Doria, the Internet Research Task Force in governance activist Avri Doria.
July 2015 chartered a Research Group on “Human Rights Protocol The charter of the HRPC RG states that
Considerations” (the HRPC RG). The charter of the HRPC RG stated that the group was established: "to research whether standards and
the group was established: “to research whether standards and
protocols can enable, strengthen or threaten human rights, as defined protocols can enable, strengthen or threaten human rights, as defined
in the UDHR and the International Covenant on Civil and Political in the Universal Declaration of Human Rights (UDHR) and the International Covena
Rights (ICCPR).”</t> nt on Civil and Political
Rights (ICCPR)."</t>
<t>During the past decades, a few successful strides were made to create <t>During the past decade, a few successful strides were made to create
protocols that, when and if implemented, aim at protecting privacy of protocols that, when and if implemented, aim at protecting privacy of
the users, as well as help with reducing pervasive surveillance. These the users, as well as help with reducing pervasive surveillance. These
efforts were in keeping with the consensus of the IETF found in RFC efforts were in keeping with the consensus of the IETF found in RFC
7258. Sometimes these protocols have anti-censorship qualities as 7258. Sometimes these protocols have anti-censorship qualities as
well. A few examples immediately come to mind: 1) Encryption of DNS well. A few examples immediately come to mind: 1) the encryption of DNS
queries (for example DNS over HTTPS); 2) ACME protocol underpinning queries (for example, DNS over HTTPS), 2) ACME protocol underpinning
the Let's Encrypt initiative and 3) Registration Data Access Protocol the Let's Encrypt initiative, and 3) Registration Data Access Protocol
(RDAP)<xref target="RFC7480"/>,<xref target="RFC7481"/>,<xref target="RFC9082"/> (RDAP) <xref target="RFC7480"/> <xref target="RFC7481"/> <xref target="RFC8056"/
,<xref target="RFC9083"/>,<xref target="RFC7484"/>, > <xref target="RFC9082"/> <xref target="RFC9083"/> <xref target="RFC9224"/>. (I
<xref target="RFC8056"/>. (It is debatable that RDAP had anything to do with t is debatable that RDAP had anything to do with
Snowden revelations but it is still a good example and is finally the Snowden revelations, but it is still a good example and is finally
being implemented.)</t> being implemented.)</t>
<t>The DNS Queries over HTTPS protocol aimed to encrypt DNS queries. Four
<t>DNS Queries over HTTPS protocol aimed to encrypt DNS queries. Four
years after RFC 7258, DoH was developed to tackle both active and years after RFC 7258, DoH was developed to tackle both active and
passive monitoring of DNS queries. It is also a tool that can help passive monitoring of DNS queries. It is also a tool that can help
with combatting censorship. Before the revelations, DNS query privacy with combatting censorship. Before the revelations, DNS query privacy
would have been controversial due to being expensive or unnecessary but the would have been controversial due to being expensive or unnecessary, but the
Snowden revelations made it more plausible. Snowden revelations made it more plausible.
Let's Encrypt was not an Internet protocol, but it was an initiative that aimed to encrypt the web and later on Let's Encrypt was not an Internet protocol, but it was an initiative that aimed to encrypt the web, and later on
some of the automation protocols were standardized in the IETF ACME some of the automation protocols were standardized in the IETF ACME
working group. The Registration Data Access Protocol could solve a Working Group. RDAP could solve a
long term problem: redacting the domain name registrants (and IP long-term problem: redacting the domain name registrants' (and IP
address holders) sensitive, personal data but at the same time address holders') sensitive, personal data but at the same time
enabling legitimate access to the information. As to the work of HRPC enabling legitimate access to the information. As to the work of HRPC
research group, it has so far issued <xref target="RFC8280"/> by ten Oever and Research Group, it has so far issued <xref target="RFC8280"/> by ten Oever and
Cath) and a number of informational Internet-Drafts.</t> Cath and a number of informational Internet-Drafts.</t>
<t>While we cannot really argue that all the movements and privacy-preserv
<t>While we cannot really argue that all the movements and privacy ing
preserving protocols and initiatives that enable protecting human protocols and initiatives that enable protecting human
rights at the infrastructure layer solely or directly result from Snowden rights at the infrastructure layer solely or directly result from the Snowden
revelations, I think it is safe to say that the revelations helped revelations, I think it is safe to say that the revelations helped
with expediting the resolution of some of the “technical” hesitations with expediting the resolution of some of the "technical" hesitations
that had an effect on fixing Internet protocols that enabled that had an effect on fixing Internet protocols that enabled
protection of human rights.</t> protection of human rights.</t>
<t>Unfortunately, the Snowden revelations have not yet helped us
<t>Unfortunately, the Snowden revelations have not yet helped us meaningfully with adopting a human rights approach. We can't agree on
meaningfully with adopting a human rights approach. We can’t agree on
prioritizing human rights in our Internet communities for a host of prioritizing human rights in our Internet communities for a host of
reasons. This could be due to: 1) human rights are sometimes in reasons. This could be due to: 1) human rights are sometimes in
conflict with each other 2) it is simply not possible to mitigate the conflict with each other; 2) it is simply not possible to mitigate the
human right violation through the Internet protocol 3) it is not human right violation through the Internet protocol; 3) it is not
obvious for the engineers before-the-fact how the Internet protocol obvious for the engineers in advance how the Internet protocol
contributes to enabling human rights protections, or precisely what they ought t contributes to enabling human rights protections, or precisely what they ought t
o do o do;
4) the protocol is already there but market, law and a 4) the protocol is already there, but market, law, and a
host of other societal and political issues do not allow for host of other societal and political issues do not allow for
widespread implementation.</t> widespread implementation.</t>
<t>IETF did not purposefully take a long time to adopt and implement proto
<t>IETF did not purposefully take a long time to adopt and implement protocols t cols that
hat
enabled human rights. There were technical and political issues that enabled human rights. There were technical and political issues that
created barriers. For example, as WHOIS was not capable of accommodating a tiere d access option, created barriers. For example, as WHOIS was not capable of accommodating a tiere d-access option,
the IETF community attempted a few times before to create a protocol that would disclose the necessary the IETF community attempted a few times before to create a protocol that would disclose the necessary
information of IP holders and domain name registrants while at the information of IP holders and domain name registrants while at the
same time protecting their data (CRISP and later on IRIS are the same time protecting their data (Cross Registry Internet Service Protocol (CRISP ) and later on Internet Registry Information Service (IRIS) are the
examples). However, IRIS was technically very difficult to implement. It was not until RDAP was developed and the examples). However, IRIS was technically very difficult to implement. It was not until RDAP was developed and the
General Data Protection Regulation (GDPR) was enacted that Internet General Data Protection Regulation (GDPR) was enacted that Internet
Corporation for Assigned Names and Numbers had to consider instructing Corporation for Assigned Names and Numbers had to consider instructing
registries and registrars to implement RDAP and its community had to registries and registrars to implement RDAP and its community had to
come up with a privacy compliant policy. Overall, a host of come up with a privacy-compliant policy. Overall, a host of
regulatory and market incentives can halt or slow down the regulatory and market incentives can halt or slow down the
implementation of human rights enabling protocols and implementation implementation of human-rights-enabling protocols and implementation
could depend on other organizations with their own political and could depend on other organizations with their own political and
stakeholder conflicts. Sometimes the protocol is available, but the regulatory f ramework and stakeholder conflicts. Sometimes the protocol is available, but the regulatory f ramework and
the market do not allow for implementation. the market do not allow for implementation.
Sometimes the surrounding context includes Sometimes the surrounding context includes
practical dimensions that are easy to overlook in a purely engineering-focused a practical dimensions that are easy to overlook in a purely engineering-focused a
rgument.<br /> rgument.</t>
<t>
A curious example of this is sanctions regimes that target transactions involvin g A curious example of this is sanctions regimes that target transactions involvin g
economically-valuable assets. As a result, sanctions might limit economically valuable assets. As a result, sanctions might limit
sanctioned nations' and entities' access to IPv4 resources (because the existenc e of sanctioned nations' and entities' access to IPv4 resources (because the existenc e of
a resale market for these addresses causes acquiring them to be a resale market for these addresses causes acquiring them to be
interpreted as buying something of value), though the same consideration interpreted as buying something of value), though the same consideration
may not apply to IPv6 address resources. But IPv6 adoption itself may not apply to IPv6 address resources. But IPv6 adoption itself
depends on a host of complex factors that are by no means limited to depends on a host of complex factors that are by no means limited to
technical comparisons of the properties of IPv4 and IPv6. Someone technical comparisons of the properties of IPv4 and IPv6. Someone
focused only on technical features of protocols may devise an elegant focused only on technical features of protocols may devise an elegant
solution but be surprised both by deployment challenges and unintended solution but be surprised both by deployment challenges and unintended
downstream effects. downstream effects.
Sometimes there are arguments over implementation of a protocol Sometimes there are arguments over implementation of a protocol
because as it is perceived, while it can protect freedom of expression because as it is perceived, while it can protect freedom of expression
and reduce surveillance, it can hamper other human rights. For and reduce surveillance, it can hamper other human rights. For
instance, we still have doubts about implementing DNS over HTTPS instance, the technical community and some network operators still have doubts a
without seriously considering its contributions to fight with bout the implementation of DNS over HTTPS,
censorship and bring encryption to DNS queries. The arguments against despite its potential to circumvent
censorship and its ability to encrypt DNS queries. The arguments against
implementation of DoH include protection of children online and lack implementation of DoH include protection of children online and lack
of law enforcement access to data.</t> of law enforcement access to data.</t>
<t>We must acknowledge that sometimes the technical solutions that we use
<t>We must acknowledge that sometimes the technical solutions that we use that protect one right (for example, encryption to protect the right to
that protect one right (for example encryption to protect the right to privacy or to prevent surveillance) could potentially affect technical
privacy or prevent surveillance) could potentially affect technical
and policy solutions that try to protect other human rights (for and policy solutions that try to protect other human rights (for
example encryption could prevent financial institutions from example, encryption could prevent financial institutions from
monitoring employees' network activities to detect fraudulent monitoring employees' network activities to detect fraudulent
behavior). Acknowledging and identifying these conflicts can help us behavior). Acknowledging and identifying these conflicts can help us
come up with alternative techniques that could protect human rights come up with alternative techniques that could protect human rights
while not hampering other technical solutions such as while not hampering other technical solutions such as
encryption. Where such alternative techniques are not possible, encryption. Where such alternative techniques are not possible,
acknowledging the shortcoming could clarify and bring to light the acknowledging the shortcoming could clarify and bring to light the
trade-offs that we have accepted in our Internet system.</t> trade-offs that we have accepted in our Internet system.</t>
<t>Ironically, we advocate for connectivity and believe expressing
<t>Ironically, we advocate for connectivity and believe expressing
oneself on the Internet is a human right, but when a war erupts, we oneself on the Internet is a human right, but when a war erupts, we
resort to tools that impact that very concept. For example, some resort to tools that impact that very concept. For example, some
believe via imposing sanctions on critical properties of the Internet, believe that, by imposing sanctions on critical properties of the Internet,
we can punish the perpetrators of a war. The Regional Internet we can punish the perpetrators of a war. The Regional Internet
Registries that are in charge of registration of IP addresses have Registries that are in charge of registration of IP addresses have
shown resilience to these requests. However, some tech-companies, for shown resilience to these requests. However, some tech companies (for
example Cogent <xref target="Roth2022"/>, decided not to serve sanctioned countr example, Cogent <xref target="Roth2022"/>) decided not to serve sanctioned count
ies ries
and over-comply with sanctions. Over-compliance with sanctions could and overcomplied with sanctions. Overcompliance with sanctions could
hamper ordinary people's access to the Internet. <xref target="Badii2023"/></t> hamper ordinary people's access to the Internet <xref target="Badii2023"/>.</t>
<t>Perhaps we can solve some of these problems by undertaking a thorough
<t>Perhaps we can solve some of these problems by undertaking a thorough
impact assessment and contextualization to reveal how and why Internet impact assessment and contextualization to reveal how and why Internet
protocols affect human rights (something Fidler and I argued protocols affect human rights (something Fidler and I argued
for <xref target="Badii2021"/>). Contextualization and for <xref target="Badii2021"/>). Contextualization and
impact assessment can reveal how each Internet protocol or each line impact assessment can reveal how each Internet protocol or each line
of code, in which systems, have an impact on which and whose human of code, in which systems, have an impact on which and whose human
rights.</t> rights.</t>
<t>The HRPC RG (which I am a part of) and the larger human rights and
<t>The HRPC RG (which I am a part of) and the larger human rights and
policy analyst communities are still struggling to analyze legal, policy analyst communities are still struggling to analyze legal,
social and market factors alongside the protocols to have a good social, and market factors alongside the protocols to have a good
understanding of what has an impact and what has to be changed. It is understanding of what has an impact and what has to be changed. It is
hard, but it is not impossible. If we thoroughly document and research hard, but it is not impossible. If we thoroughly document and research
the lifecycle of an Internet protocol and contextualize it, we might the lifecycle of an Internet protocol and contextualize it, we might
have a better understanding of how and if we can actually fix which have a better understanding of which
parts of the protocol in order to protect human rights.</t> parts of the protocol to fix and how to fix them in order to protect human right
s.</t>
<t>Overall, the revelations did, to some extent, contribute to the <t>Overall, the revelations did, to some extent, contribute to the
evolution of our ideas and perspectives. Our next step should be to evolution of our ideas and perspectives. Our next step should be to
undertake research on the impact of Internet systems (including undertake research on the impact of Internet systems (including
Internet protocols) on human rights, promote the implementation of Internet protocols) on human rights, promote the implementation of
protocols good for human rights through policy and advocacy and focus protocols good for human rights through policy and advocacy, and focus
on which technical parts we can standardize to help with more on which technical parts we can standardize to help with more
widespread implementation of human rights enabling Internet protocols.</t> widespread implementation of human-rights-enabling Internet protocols.</t>
</section>
</section> <section anchor="steven-m-bellovin-governments-and-cryptography-the-crypto-w
<section anchor="steven-m-bellovin-governments-and-cryptography-the-crypto-wars" ars">
><name>Steven M. Bellovin: Governments and Cryptography: The Crypto Wars</name> <name>Steven M. Bellovin: Governments and Cryptography: The Crypto Wars</n
ame>
<section anchor="historical-background"><name>Historical Background</name> <section anchor="historical-background">
<name>Historical Background</name>
<t>It’s not a secret: many governments in the world don’t like it when <t>It's not a secret: many governments in the world don't like it when
people encrypt their traffic. More precisely, they like strong people encrypt their traffic. More precisely, they like strong
cryptography for themselves but not for others, whether those others cryptography for themselves but not for others, whether those others
are private citizens or other countries. But the history is longer and are private citizens or other countries. But the history is longer and
more complex than that.</t> more complex than that.</t>
<t>For much of written history, both governments and individuals used
<t>For much of written history, both governments and individuals used
cryptography to protect their messages. To cite just one famous cryptography to protect their messages. To cite just one famous
example, Julius Caesar is said to have encrypted messages by shifting example, Julius Caesar is said to have encrypted messages by shifting
letters in the alphabet by 3 <xref target="Kahn1996"/>. In modern parlance, 3 wa s letters in the alphabet by 3 <xref target="Kahn1996"/>. In modern parlance, 3 wa s
the key, and each letter was encrypted with</t> the key, and each letter was encrypted with</t>
<t indent="6">
<ul empty="true"><li> C[i] = (P[i] + 3) mod 23
<t>C[i] = (P[i] + 3) mod 23</t> </t>
</li></ul> <t>(The Latin alphabet of his time had only 23 letters.)
<t>(The Latin alphabet of his time had only 23 letters.)
Known Known
Arabic writings on cryptanalysis go back to at least the 8th century; Arabic writings on cryptanalysis go back to at least the 8th century;
their sophistication shows that encryption was reasonably commonly their sophistication shows that encryption was reasonably commonly
used. In the 9th century, Abu Yusuf Ya’qub ibn ‘Ishaq aṣ-Ṣabbah used. In the 9th century, Abū Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ
al-Kindi developed and wrote about frequency analysis as a way to al-Kindī developed and wrote about frequency analysis as a way to
crack ciphers <xref target="Borda2011"/>,<xref target="Kahn1996"/>.</t> crack ciphers <xref target="Borda2011"/> <xref target="Kahn1996"/>.</t>
<t>In an era of minimal literacy, though, there wasn't that much use of
<t>In an era of minimal literacy, though, there wasn’t that much use of
encryption, simply because most people could neither read nor encryption, simply because most people could neither read nor
write. Governments used encryption for diplomatic messages, and write. Governments used encryption for diplomatic messages, and
cryptanalysts followed close behind. The famed Black Chambers of the cryptanalysts followed close behind. The famed Black Chambers of the
Renaissance era read messages from many different governments, while Renaissance era read messages from many different governments, while
early cryptographers devised stronger and stronger ciphers early cryptographers devised stronger and stronger ciphers
<xref target="Kahn1996"/>. In Elizabethan times in England, Sir Francis Walsingh ams <xref target="Kahn1996"/>. In Elizabethan times in England, Sir Francis Walsingh am's
intelligence agency intercepted and decrypted messages from Mary, intelligence agency intercepted and decrypted messages from Mary,
Queen of Scots; these messages formed some of the strongest evidence Queen of Scots; these messages formed some of the strongest evidence
against her and eventually led to her execution <xref target="Kahn1996"/>.</t> against her and eventually led to her execution <xref target="Kahn1996"/>.</t>
<t>This pattern continued for centuries. In the United States, Thomas
<t>This pattern continued for centuries. In the United States, Thomas
Jefferson invented the so-called wheel cipher in the late 18th Jefferson invented the so-called wheel cipher in the late 18th
century; it was reinvented about 100 years later by Etienne Bazeries century; it was reinvented about 100 years later by Étienne Bazeries
and used as a standard American military cipher well into World War II and used as a standard American military cipher well into World War II
<xref target="Kahn1996"/>. Jefferson and other statesmen of that era regularly u sed <xref target="Kahn1996"/>. Jefferson and other statesmen of the late 18th and ea rly 19th centuries regularly used
cryptography when communicating with each other. An encrypted message cryptography when communicating with each other. An encrypted message
was even part of the evidence introduced in Aaron Burr’s 1807 trial was even part of the evidence introduced in Aaron Burr's 1807 trial
for treason <xref target="Kerr2020"/>,<xref target="Kahn1996"/>. Edgar Allan Poe for treason <xref target="Kerr2020"/> <xref target="Kahn1996"/>. Edgar Allan Poe
claimed that he claimed that he
could cryptanalyze any message sent to him <xref target="Kahn1996"/>.</t> could cryptanalyze any message sent to him <xref target="Kahn1996"/>.</t>
<t>The telegraph era upped the ante. In the US, just a year after
<t>The telegraph era upped the ante. In the U.S., just a year after
Samuel Morse deployed his first telegraph line between Baltimore and Samuel Morse deployed his first telegraph line between Baltimore and
Washington, his business partner, Francis Smith, published a codebook Washington, his business partner, Francis Smith, published a codebook
to help customers protect their traffic from prying eyes to help customers protect their traffic from prying eyes
<xref target="Smith1845"/>. In 1870, Britain nationalized its domestic telegrap h network; <xref target="Smith1845"/>. In 1870, Britain nationalized its domestic telegrap h network;
in response, Robert Slater published a more sophisticated codebook in response, Robert Slater published a more sophisticated codebook
<xref target="Slater1870"/>. On the government side, Britain took advantage of i ts <xref target="Slater1870"/>. On the government side, Britain took advantage of i ts
position as the central node in the worlds international telegraphic position as the central node in the world's international telegraphic
networks to read a great deal of traffic passing through the country networks to read a great deal of traffic passing through the country
<xref target="Headrick1991"/>,<xref target="Kennedy1971"/>. They used this abili <xref target="Headrick1991"/> <xref target="Kennedy1971"/>. They used this abili
ty strategically, ty strategically,
too—when war broke out in 1914, the British Navy cut Germany’s too -- when war broke out in 1914, the British Navy cut Germany's
undersea telegraph cables, forcing them to use radio; an intercept of undersea telegraph cables, forcing them to use radio; an intercept of
the so-called Zimmermann telegram, when cryptanalyzed, arguably led to the so-called Zimmermann telegram, when cryptanalyzed, arguably led to
American entry into the war and thence to Germany’s defeat. Once the American entry into the war and thence to Germany's defeat. Once the
U.S. entered the war, it required users of international telegraph US entered the war, it required users of international telegraph
lines to deposit copies of the codebooks they used for compression, so lines to deposit copies of the codebooks they used for compression, so
that censors could check messages for prohibited content <xref target="Kahn1996" />.</t> that censors could check messages for prohibited content <xref target="Kahn1996" />.</t>
<t>In Victorian Britain, private citizens, often lovers, used encryption
<t>In Victorian Britain, private citizens, often lovers, used encryption in newspapers' personal columns to communicate without their parents'
in newspapers’ Personal columns to communicate without their parents’
knowledge. Charles Wheatstone and Charles Babbage used to solve these knowledge. Charles Wheatstone and Charles Babbage used to solve these
elementary ciphers routinely, for their own amusement <xref target="Kahn1996"/>. elementary ciphers routinely for their own amusement <xref target="Kahn1996"/>.<
</t> /t>
<t>This pattern continued for many years. Governments regularly used
<t>This pattern continued for many years. Governments regularly used
ciphers and codes, while other countries tried to break them; private ciphers and codes, while other countries tried to break them; private
individuals would sometimes use encryption but not often, and rarely individuals would sometimes use encryption but not often, and rarely
well. But the two world wars marked a sea change, one that would soon well. But the two World Wars marked a sea change, one that would soon
reverberate into the civilian world.</t> reverberate into the civilian world.</t>
<t>The first World War featured vast troop movements by all parties; thi
<t>The first World War featured vast troop movements by all parties; this s
in turn required a lot of encrypted communications, often by telegraph in turn required a lot of encrypted communications, often by telegraph
or radio. These messages were often easily intercepted in or radio. These messages were often easily intercepted in
bulk. Furthermore, the difficulty of encrypting large volumes of bulk. Furthermore, the difficulty of encrypting large volumes of
plaintext led to the development of a variety of mechanical encryption plaintext led to the development of a variety of mechanical encryption
devices, including Germanys famed Enigma machine. World War II devices, including Germany's famed Enigma machine. World War II
amplified both trends. It also gave rise to machine-assisted amplified both trends. It also gave rise to machine-assisted
cryptanalysis, such as the United Kingdom’s bombes (derived from an cryptanalysis, such as the United Kingdom's bombes (derived from an
earlier Polish design) and Colossus machine, and the American’s device earlier Polish design) and Colossus machine, and the American's device
for cracking Japan’s PURPLE system. The U.S. also used punch for cracking Japan's PURPLE system. The US also used punch
card-based tabulators to assist in breaking other Japanese codes, such card-based tabulators to assist in breaking other Japanese codes, such
as the Japanese Imperial Navy’s JN-25 <xref target="Kahn1996"/>,<xref target="Ro as the Japanese Imperial Navy's JN-25 <xref target="Kahn1996"/> <xref target="Ro
wlett1998"/>.</t> wlett1998"/>.</t>
<t>These developments set the stage for the postwar SIGINT (Signals
<t>These developments set the stage for the postwar SIGINT—Signals Intelligence) environment. Many intragovernmental messages were sent by
Intelligence—environment. Many intra-government messages were sent by
radio, making them easy to intercept; advanced cryptanalytic machines radio, making them easy to intercept; advanced cryptanalytic machines
made cryptanalysis easier. Ciphers were getting stronger, though, and made cryptanalysis easier. Ciphers were getting stronger, though, and
government SIGINT agencies did not want to give up their access to government SIGINT agencies did not want to give up their access to
data. While there were undoubtedly many developments, two are well data. While there were undoubtedly many developments, two are well
known.</t> known.</t>
<t>The first involved CryptoAG, a Swedish (and later Swiss) manufacturer
<t>The first involved CryptoAG, a Swedish (and later Swiss) manufacturer
of encryption devices. The head of that company, Boris Hagelin, was a of encryption devices. The head of that company, Boris Hagelin, was a
friend of William F. Friedman, a pioneering American friend of William F. Friedman, a pioneering American
cryptologist. During the 1950s, CryptoAG sold its devices to other cryptologist. During the 1950s, CryptoAG sold its devices to other
governments; apparently at Friedmans behest, Hagelin weakened the governments; apparently at Friedman's behest, Hagelin weakened the
encryption in a way that let the NSA read the traffic <xref target="Miller2020"/ >.</t> encryption in a way that let the NSA read the traffic <xref target="Miller2020"/ >.</t>
<t>The story involving the British is less well-documented and less
<t>The story involving the British is less well-documented and less clear. When some of Britain's former colonies gained their
clear. When some of Britain’s former colonies gained their independence, the British government gave them captured, war-surplus
independence, the British government gave them captured, war surplus
Enigma machines to protect their own traffic. Some authors contend Enigma machines to protect their own traffic. Some authors contend
that this was deceptive, in that these former colonies did not realize that this was deceptive, in that these former colonies did not realize
that the British could read Enigma-protected traffic; others claim that the British could read Enigma-protected traffic; others claim
that this was obvious but that these countries didnt care: Britain that this was obvious but that these countries didn't care: Britain
was no longer their enemy; it was neighboring countries they were was no longer their enemy; it was neighboring countries they were
worried about. Again, though, this concerned governmental use of worried about. Again, though, this concerned governmental use of
encryption <xref target="Kahn1996"/>,<xref target="Baldwin2022"/>. There was sti ll little private encryption <xref target="Kahn1996"/> <xref target="Baldwin2022"/>. There was sti ll little private
use.</t> use.</t>
</section>
</section> <section anchor="the-crypto-wars-begin">
<section anchor="the-crypto-wars-begin"><name>The Crypto Wars Begin</name> <name>The Crypto Wars Begin</name>
<t>The modern era of conflict between an individual's desire for privacy
<t>The modern era of conflict between individual’s desire for privacy and and
government desires to read traffic began around 1972. The grain the government desires to read traffic began around 1972. The grain
harvest in the U.S.S.R. had failed; since relations between the Soviet harvest in the USSR had failed; since relations between the Soviet
Union and the United States were temporarily comparatively warm, the Union and the United States were temporarily comparatively warm, the
Soviet grain company— an arm of the Soviet government, of Soviet grain company -- an arm of the Soviet government, of
course— entered into negotiations with private American course -- entered into negotiations with private American
companies. Unknown to Americans at the time, Soviet intelligence was companies. Unknown to Americans at the time, Soviet intelligence was
intercepting the phone calls of the American negotiating teams. In intercepting the phone calls of the American negotiating teams. In
other words, private companies had to deal with state actors as a other words, private companies had to deal with state actors as a
threat. Eventually, U.S. intelligence learned of this, and came to a threat. Eventually, US intelligence learned of this and came to a
realization: the private sector needed strong cryptography, too, to realization: the private sector needed strong cryptography, too, to
protect American national interests <xref target="Broad1982"/>,<xref target="Joh nson1998"/>). This protect American national interests <xref target="Broad1982"/> <xref target="Joh nson1998"/>. This
underscored the need for strong cryptography to protect American underscored the need for strong cryptography to protect American
civilian traffic—but the SIGINT people were unhappy at the thought of civilian traffic -- but the SIGINT people were unhappy at the thought of
more encryption that they couldn’t break.</t> more encryption that they couldn't break.</t>
<t>Meanwhile, the US was concerned about protecting
<t>Meanwhile, the U.S. was concerned about protecting
unclassified data <xref target="Landau2014"/>. In 1973 and again in 1974, the unclassified data <xref target="Landau2014"/>. In 1973 and again in 1974, the
National Bureau of Standards (NBS) put out a call for a strong, modern National Bureau of Standards (NBS) put out a call for a strong, modern
encryption algorithm. IBM submitted Lucifer, an internally developed encryption algorithm. IBM submitted Lucifer, an internally developed
algorithm based on what has become known as a 16-round Feistel network. The algorithm based on what has become known as a 16-round Feistel network. The
original version used a long key. original version used a long key.
It seemed quite strong, so NBS sent it off to the NSA to It seemed quite strong, so NBS sent it off to the NSA to
get their take. The eventual design, which was adopted in 1976 as the get their take. The eventual design, which was adopted in 1976 as the
Data Encryption Standard (DES), differed in some important ways from Data Encryption Standard (DES), differed in some important ways from
Lucifer. Lucifer.
First, the so-called S-boxes, the source of the cryptologic First, the so-called S-boxes, the source of the cryptologic
strength of DES, were changed, and were now demonstrably not composed of strength of DES, were changed, and were now demonstrably not composed of
random integers. Many researchers alleged that the S-boxes contained random integers. Many researchers alleged that the S-boxes contained
an NSA back door. It took nearly 20 years for the truth to come out: the an NSA back door. It took nearly 20 years for the truth to come out: the
S-boxes were in fact strengthened, not weakened. Most likely, IBM S-boxes were in fact strengthened, not weakened. Most likely, IBM
independently discovered the attack now known as differential independently discovered the attack now known as differential
cryptanalysis, though some scholars suspect that the NSA told them cryptanalysis, though some scholars suspect that the NSA told them
about it. The non-random S-boxes protected against this attack. The about it. The nonrandom S-boxes protected against this attack. The
second change, though, was clearly insisted on by the NSA: the key size second change, though, was clearly insisted on by the NSA: the key size
was shortened, from Lucifer’s 112 bits to DES’s 56 bits. We now know was shortened, from Lucifer's 112 bits to DES's 56 bits. We now know
that the NSA wanted a 48-bit key size, while IBM wanted 64 bits; they that the NSA wanted a 48-bit key size, while IBM wanted 64 bits; they
compromised at 56 bits.</t> compromised at 56 bits.</t>
<t>Whitfield Diffie and Martin Hellman, at Stanford University, wondered
<t>Whitfield Diffie and Martin Hellman, at Stanford University, wondered
about the 56-bit keys. In 1979, they published a paper demonstrating about the 56-bit keys. In 1979, they published a paper demonstrating
that the U.S. government, but few others, could afford to build a that the US government, but few others, could afford to build a
brute-force cracking machine, one that could try all 2<sup>56</sup> possible brute-force cracking machine, one that could try all 2<sup>56</sup> possible
keys to crack a message. NSA denied tampering with the design; a keys to crack a message. NSA denied tampering with the design; a
Senate investigating committee found that that was correct, but did Senate investigating committee found that assertion to be correct, but did
not discuss the shortened key length issue.</t> not discuss the shortened key length issue.</t>
<t>This, however, was not Diffie and Hellman's greatest contribution to
<t>This, however, was not Diffie and Hellman’s greatest contribution to cryptology. A few years earlier, they had published a paper inventing what
cryptology. A few years earlier, they published a paper inventing what
is now known as public key cryptography. is now known as public key cryptography.
(In fact, public key encryption had been invented a few years earlier (In fact, public key encryption had been invented a few years earlier
at GCHQ, but they kept their discovery classified until 1997.) at UK Government Communications Headquarters (GCHQ), but they kept their discove ry classified until 1997.)
In 1978, Ronald Rivest, Adi In 1978, Ronald Rivest, Adi
Shamir, and Leonard Adleman devised the RSA algorithm, which made it Shamir, and Leonard Adleman devised the RSA algorithm, which made it
usable. (An NSA employee, acting on his own, sent a letter warning usable. (An NSA employee, acting on his own, sent a letter warning
that academic conferences on cryptology might violate U.S. export that academic conferences on cryptology might violate US export
laws.)</t> laws.)</t>
<t>Around the same time, George Davida at the University of Wisconsin
<t>Around the same time, George Davida at the University of Wisconsin
applied for a patent on a stream cipher; the NSA slapped a secrecy applied for a patent on a stream cipher; the NSA slapped a secrecy
order on the application. This barred him from even talking about his order on the application. This barred him from even talking about his
invention. The publicity was devastating; the NSA had to back down.</t> invention. The publicity was devastating; the NSA had to back down.</t>
<t>The Crypto Wars had thus begun: civilians were inventing strong
<t>The Crypto Wars had thus begun: civilians were inventing strong
encryption systems, and the NSA was tampering with them or trying to encryption systems, and the NSA was tampering with them or trying to
suppress them. Bobby Inman, the then-director of the NSA, tried suppress them. Bobby Inman, the then-director of the NSA, tried
creating a voluntary review process for academic papers, but very few creating a voluntary review process for academic papers, but very few
researchers were interested in participating <xref target="Landau1988"/>.</t> researchers were interested in participating <xref target="Landau1988"/>.</t>
<t>There were few major public battles during the 1980s because there
<t>There were few major public battles during the 1980s, because there
were few new major use cases for civilian cryptography during that were few new major use cases for civilian cryptography during that
time. There was one notable incident, though: Shamir, Amos Fiat, and time. There was one notable incident, though: Shamir, Amos Fiat, and
Uriel Feige invented zero-knowledge proofs and applied for a US Uriel Feige invented zero-knowledge proofs and applied for a US
patent. In response, the US Army slapped a secrecy order on the patent. In response, the US Army slapped a secrecy order on the
patent. After a great deal of public outrage and intervention by, of patent. After a great deal of public outrage and intervention by, of
all organizations, the NSA, the order was lifted on very narrow all organizations, the NSA, the order was lifted on very narrow
grounds: the inventors were not American, and had been discussing grounds: the inventors were not American, and they had been discussing
their work all over the world <xref target="Landau1988"/>.</t> their work all over the world <xref target="Landau1988"/>.</t>
<t>In the 1990s, though, everything changed.</t>
<t>In the 1990s, though, everything changed.</t> </section>
<section anchor="the-battle-is-joined">
</section> <name>The Battle Is Joined</name>
<section anchor="the-battle-is-joined"><name>The Battle is Joined</name> <t>There were three major developments in cryptography in the early
<t>There were three major developments in cryptography in the early
1990s. First, Phil Zimmermann released PGP (Pretty Good Privacy), a 1990s. First, Phil Zimmermann released PGP (Pretty Good Privacy), a
package to encrypt email messages. In 1993, AT&amp;T planned to release package to encrypt email messages. In 1993, AT&amp;T planned to release
the TSD-3600, an easy-to-use phone encryptor aimed at business the TSD-3600, an easy-to-use phone encryptor aimed at business
travelers. Shortly after that, the Netscape Corporation released SSL travelers. Shortly after that, the Netscape Communications Corporation released SSL
(Secure Socket Layer) as a way to enable web-based commerce using (Secure Socket Layer) as a way to enable web-based commerce using
their browser and web server. All of these were seen as threats by the their browser and web server. All of these were seen as threats by the
NSA and the FBI.</t> NSA and the FBI.</t>
<t>PGP was, at least arguably, covered by what was known as ITAR, the
<t>PGP was, at least arguably, covered by what was known as ITAR, the International Trafficking in Arms Regulations -- under American law,
International Trafficking in Arms Regulations—under American law,
encryption software was regarded as a weapon, so exports required a encryption software was regarded as a weapon, so exports required a
license. It was also alleged to infringe the patents on the RSA license. It was also alleged to infringe the patents on the RSA
algorithm. Needless to say, both issues were problematic for what was algorithm. Needless to say, both issues were problematic for what was
intended to be open source software. Eventually, the criminal intended to be open source software. Eventually, the criminal
investigation into Zimmermanns role in the spread of PGP overseas was investigation into Zimmermann's role in the spread of PGP overseas was
dropped, but the threat of such investigations remained to deter dropped, but the threat of such investigations remained to deter
others<xref target="Levy2001"/>.</t> others <xref target="Levy2001"/>.</t>
<t>The TSD-3600 was another matter. AT&amp;T was a major corporation tha
<t>The TSD-3600 was another matter. AT&amp;T was a major corporation that did t did
not want to pick a fight with the U.S. government, but international not want to pick a fight with the US government, but international
business travelers were seen as a major market for the device. At the business travelers were seen as a major market for the device. At the
government’s “request”, the DES chip was replaced with what was known government's "request", the DES chip was replaced with what was known
as the Clipper Chip. The Clipper chip used Skipjack, a cipher with as the Clipper chip. The Clipper chip used Skipjack, a cipher with
80-bit keys; it was thus much stronger against brute force attacks 80-bit keys; it was thus much stronger against brute-force attacks
than DES. However, it provided “key escrow”. Without going into any than DES. However, it provided "key escrow". Without going into any
details, the key escrow mechanism allowed U.S. government details, the key escrow mechanism allowed US government
eavesdroppers to consult a pair of (presumably secure) internal eavesdroppers to consult a pair of (presumably secure) internal
databases and decrypt all communications protected by the chip. The databases and decrypt all communications protected by the chip. The
Clipper chip proved to be extremely unpopular with industry; that AT&amp;T Clipper chip proved to be extremely unpopular with industry; that AT&amp;T
Bell Labs’ Matt Blaze found a weakness in the design<xref target="Blaze1994"/>, Bell Labs' Matt Blaze found a weakness in the design <xref target="Blaze1994"/>,
one one
that let you use Skipjack without the key escrow feature, didn’t help that let you use Skipjack without the key escrow feature, didn't help
its reputation.</t> its reputation.</t>
<t>The third major development, SSL, was even trickier. SSL was aimed at
<t>The third major development, SSL, was even trickier. SSL was aimed at
e-commerce, and of course Netscape wanted to be able to sell its e-commerce, and of course Netscape wanted to be able to sell its
products outside the US. That would require an export license, so they products outside the US. That would require an export license, so they
made a deal with the government: non-American users would receive a made a deal with the government: non-American users would receive a
version that used 40-bit keys, a key length far shorter than what the version that used 40-bit keys, a key length far shorter than what the
NSA had agreed to 20 years earlier. (To get ahead of the story: there NSA had agreed to 20 years earlier. (To get ahead of the story: there
was a compromise mode of operation, wherein an export-grade browser was a compromise mode of operation, wherein an export-grade browser
could use strong encryption when talking to a financial could use strong encryption when talking to a financial
institution. This hybrid mode led to cryptographic weaknesses institution. This hybrid mode led to cryptographic weaknesses
discovered some 20 years later<xref target="Adrian2015"/>.)</t> discovered some 20 years later <xref target="Adrian2015"/>.)</t>
<t>Technologists and American industry pushed back. The IETF adopted the
<t>Technologists and American industry pushed back. The IETF adopted the
Danvers Doctrine, described in <xref target="RFC3365"/>:</t> Danvers Doctrine, described in <xref target="RFC3365"/>:</t>
<blockquote>
<ul empty="true"><li> <t>At the 32cd [sic] IETF held in Danvers, Massachusetts during Apri
<t>At the 32nd IETF held in Danvers, Massachusetts during April of 1995 l of 1995
the IESG asked the plenary for a consensus on the strength of security the IESG asked the plenary for a consensus on the strength of security
that should be provided by IETF standards. Although the immediate that should be provided by IETF standards. Although the immediate
issue before the IETF was whether or not to support “export” grade issue before the IETF was whether or not to support "export" grade
security (which is to say weak security) in standards, the question security (which is to say weak security) in standards the question
raised the generic issue of security in general.</t> raised the generic issue of security in general.</t>
</li></ul> <t>The overwhelming consensus was that the IETF should standardize o
n the
<ul empty="true"><li>
<t>The overwhelming consensus was that the IETF should standardize on the
use of the best security available, regardless of national policies. use of the best security available, regardless of national policies.
This consensus is often referred to as the “Danvers Doctrine”.</t> This consensus is often referred to as the "Danvers Doctrine".</t>
</li></ul> </blockquote>
<t>Then American companies started losing business to their overseas
<t>Then American companies started losing business to their overseas competitors, who did not have to comply with US export laws. All of
competitors, who did not have to comply with U.S. export laws. All of this led to what seemed like a happy conclusion: the US government
this led to what seemed like a happy conclusion: the U.S. government
drastically loosened its export rules for cryptographic software. All drastically loosened its export rules for cryptographic software. All
was well—or so it seemed…</t> was well -- or so it seemed...</t>
</section>
</section> <section anchor="the-hidden-battle">
<section anchor="the-hidden-battle"><name>The Hidden Battle</name> <name>The Hidden Battle</name>
<t>Strong cryptography was here to stay, and it was no longer an America
<t>Strong cryptography was here to stay, and it was no longer an American n
monopoly, if indeed it ever was. The Information Assurance Directorate monopoly, if indeed it ever was. The Information Assurance Directorate
of the NSA, the part of the agency that is supposed to protect of the NSA, the part of the agency that is supposed to protect
U.S. data, was pleased by the spread of strong cryptography. When the US data, was pleased by the spread of strong cryptography. When the
Advanced Encryption Standard (AES) competition was held, there were no Advanced Encryption Standard (AES) competition was held, there were no
allegations of malign NSA interference; in fact, the winning entry was allegations of malign NSA interference; in fact, the winning entry was
devised by two Europeans, Joan Daemen and Vincent Rijmen. But the NSA devised by two Europeans, Joan Daemen and Vincent Rijmen. But the NSA
and its SIGINT needs did not go awaythe agency merely adopted other and its SIGINT needs did not go away -- the agency merely adopted other
techniques.</t> techniques.</t>
<t>I have often noted that one doesn't go through strong security, one
<t>I have often noted that one doesn’t go through strong security, one
goes around it. When strong encryption became more common and much goes around it. When strong encryption became more common and much
more necessary, the NSA started going around it, by targeting more necessary, the NSA started going around it, by targeting
computers and the software that they run. And it seems clear that they computers and the software that they run. And it seems clear that they
believe that AES is quite strong; theyve even endorsed its use for believe that AES is quite strong; they've even endorsed its use for
protecting TOP SECRET information. But there was an asterisk attached protecting TOP SECRET information. But there was an asterisk attached
to that endorsement: AES is suitable if and only if properly used and to that endorsement: AES is suitable if and only if properly used and
implemented. Therein lies the rub.</t> implemented. Therein lies the rub.</t>
<t>The first apparent attempt to tamper with outside cryptographic
<t>The first apparent attempt to tamper with outside cryptographic
mechanisms was discovered in 2007, when two Microsoft researchers, Dan mechanisms was discovered in 2007, when two Microsoft researchers, Dan
Shumow and Niels Ferguson, noted an odd property of a Shumow and Niels Ferguson, noted an odd property of a
NIST-standardized random number generator, DUAL_EC_DRBG. (The NBS NIST-standardized random number generator, DUAL_EC_DRBG. (The NBS
had been renamed to NIST, the National Institute of Standards and had been renamed to NIST, the National Institute of Standards and
Technology.) Random numbers are vital for Technology.) Random numbers are vital for
cryptography, but Shumow and Ferguson showed that if certain constants cryptography, but Shumow and Ferguson showed that if certain constants
in DUAL_EC_DRBG were chosen in a particular way with a in DUAL_EC_DRBG were chosen in a particular way with a
known-but-hidden other number, whoever knew that number could predict known-but-hidden other number, whoever knew that number could predict
all future random numbers from a system given a few sample bytes to all future random numbers from a system given a few sample bytes to
start from <xref target="Kostyuk2022"/>. These sample bytes could come from start from <xref target="Kostyuk2022"/>. These sample bytes could come from
known keys, nonces, or anything else. Where did the constants in known keys, nonces, or anything else. Where did the constants in
DUAL_EC_DRBG come from and how were they chosen or generated? No one DUAL_EC_DRBG come from and how were they chosen or generated? No one
who knows is talking. But although cryptographers and security who knows is talking. But although cryptographers and security
specialists were very suspicious—Bruce Schneier wrote in 2007, before specialists were very suspicious -- Bruce Schneier wrote in 2007, before
more facts came out, that “both NIST and the NSA have some explaining more facts came out, that "both NIST and the NSA have some explaining
to do”; I assigned my students reading on the topic—the issue didn’t to do"; I assigned my students reading on the topic -- the issue didn't
really get any traction until six years later, when among the papers really get any traction until six years later, when among the papers
that Edward Snowden disclosed was the information that the NSA had that Edward Snowden disclosed was the information that the NSA had
indeed tampered with a major cryptographic standard, though published indeed tampered with a major cryptographic standard, though published
reports did not specifically name DUAL_EC_DRBG or explain what the reports did not specifically name DUAL_EC_DRBG or explain what the
purpose was.</t> purpose was.</t>
<t>The revelations didn't stop there. There have been allegations that
<t>The revelations didn’t stop there. There have been allegations that
the NSA paid some companies to use DUAL_EC_DRBG in their the NSA paid some companies to use DUAL_EC_DRBG in their
products. Some people have claimed that there were attempts to modify products. Some people have claimed that there were attempts to modify
some IETF standards to make enough random bytes visible, to aid in some IETF standards to make enough random bytes visible, to aid in
exploiting the random number generator. A major vendor of networking exploiting the random number generator. A major vendor of networking
gear, Juniper, did use DUAL_EC_DRBG in some of its products, but with gear, Juniper, did use DUAL_EC_DRBG in some of its products, but with
different constants <xref target="Checkoway2016"/>. Where did these come from? W ere different constants <xref target="Checkoway2016"/>. Where did these come from? W ere
they from the NSA or some other government? Could their source tree they from the NSA or some other government? Could their source tree
have been hacked by an intelligence agency? There was a different hack have been hacked by an intelligence agency? There was a different hack
of their code at around the same time<xref target="Moore2015"/>. No one is talki of their code at around the same time <xref target="Moore2015"/>. No one is talk
ng.</t> ing.</t>
<t>The Snowden revelations also included data suggesting that the NSA ha
<t>The Snowden revelations also included data suggesting that the NSA had d
a worldwide eavesdropping network and a group that tried very a worldwide eavesdropping network and a group that tried very
specific, targeted hacks on very specific targets’ systems. In specific, targeted hacks on very specific targets' systems. In
retrospect, neither is surprising: “spies gonna spy”. The NSA’s retrospect, neither is surprising: "spies gonna spy". The NSA's
business is signals intelligence; of course they’re going to try to business is signals intelligence; of course they're going to try to
intercept traffic. Indeed, the DUAL_EC_DRBG tampering is useless to intercept traffic. Indeed, the DUAL_EC_DRBG tampering is useless to
anyone who has not collected messages to decrypt. And targeted hacks anyone who has not collected messages to decrypt. And targeted hacks
are a natural way around strong encryption: collect the data before it are a natural way around strong encryption: collect the data before it
is encrypted or after it is decrypted, and dont worry about the is encrypted or after it is decrypted, and don't worry about the
strength of the algorithms.</t> strength of the algorithms.</t>
<t>The privacy community, worldwide, was appalled, though perhaps they
<t>The privacy community, worldwide, was appalled, though perhaps they shouldn't have been. It calls to mind the line that Claude Rains'
shouldn’t have been. It calls to mind the line that Claude Rains'
character uttered in the movie character uttered in the movie
Casablanca <xref target="Curtiz"/>: “I’m shocked, shocked to find that gambling Casablanca <xref target="Curtiz"/>: "I'm shocked, shocked to find that gambling
is going on in is going on in
here.” The immediate and continuing reaction was to deploy more here." The immediate and continuing reaction was to deploy more
encryption. The standards have long existed; what was missing was encryption. The standards have long existed; what was missing was
adoption. One barrier was the difficulty and expense of getting adoption. One barrier was the difficulty and expense of getting
certificates to use with TLS, the certificates to use with TLS, the
successor to SSL; that void was filled by Let's Encrypt <xref target="LE"/>, successor to SSL; that void was filled by Let's Encrypt <xref target="LE"/>,
which made free certificates easy to get online. Today, most HTTP which made free certificates easy to get online. Today, most HTTP
traffic is encrypted, so much so that Googles search engine traffic is encrypted, so much so that Google's search engine
down-ranks sites that do not use it. Major email providers uniformly down-ranks sites that do not use it. Major email providers uniformly
use TLS to protect all traffic. WiFi, though a local area issue, now use TLS to protect all traffic. Wi-Fi, though a local area issue, now
uses much stronger encryption. (It's important to remember that uses much stronger encryption. (It's important to remember that
security and insecurity have economic components. Security doesn't have security and insecurity have economic components. Security doesn't have
to be perfect to be very useful, if it raises the attackers' costs to be perfect to be very useful, if it raises the attackers' costs
by enough.)</t> by enough.)</t>
<t>The news on the software side is less good. Not a day goes by when on
<t>The news on the software side is less good. Not a day goes by when one e
does not read of organizations being hit by ransomware. It goes does not read of organizations being hit by ransomware. It goes
without saying that any threat actor capable of encrypting disks is without saying that any threat actor capable of encrypting disks is
also capable of stealing the information on them; indeed, that is a also capable of stealing the information on them; indeed, that is a
frequent accompanying activity, since the threat of disclosure is frequent accompanying activity, since the threat of disclosure is
another incentive to pay for those sites that do have good enough another incentive to pay for those sites that do have good enough
backups. Major vendors have put a lot of effort into securing their backups. Major vendors have put a lot of effort into securing their
software, but bugs and operational errors by end-user sites persist.</t> software, but bugs and operational errors by end-user sites persist.</t>
</section>
</section> <section anchor="whither-the-ietf">
<section anchor="whither-the-ietf"><name>Whither the IETF?</name> <name>Whither the IETF?</name>
<t>Signal intelligence agencies, not just the NSA, but its peers around <t>Signal intelligence agencies, not just the NSA, but its peers around
the globe—most major countries have their own—are not going to go the globe -- most major countries have their own -- are not going to go
away. The challenges that have beset the NSA are common to all such away. The challenges that have beset the NSA are common to all such
agencies, and their solutions are likely the same. The question is agencies, and their solutions are likely the same. The question is
what should be done to protect individual privacy. A number of strong what should be done to protect individual privacy. A number of strong
democracies, such as Australia and the United Kingdom, are, in democracies, such as Australia and the United Kingdom, are, in
a resumption of the Crypto Wars, a resumption of the Crypto Wars,
moving to restrict encryption. Spurred on by complaints from the FBI moving to restrict encryption. Spurred on by complaints from the FBI
and other law enforcement agencies, the US Congress frequently and other law enforcement agencies, the US Congress frequently
considers bills to do the same.</t> considers bills to do the same.</t>
<t>The IETF has long had a commitment to strong, ubiquitous
<t>The IETF has long had a commitment to strong, ubiquitous
encryption. This is a good thing. It needs to continue, with encryption. This is a good thing. It needs to continue, with
cryptography and other security features designed into protocols from cryptography and other security features designed into protocols from
the beginning. But there is also a need for maintenance. Parameters the beginning. But there is also a need for maintenance. Parameters
such as key lengths and modulus sizes age; a value that is acceptable such as key lengths and modulus sizes age; a value that is acceptable
today may not be 10 years hence. (Weve already seen apparent problems today may not be 10 years hence. (We've already seen apparent problems
from 1024-bit moduli specified in an RFC, an RFC that was not modified from 1024-bit moduli specified in an RFC, an RFC that was not modified
when technology improved enough that attacking encryption based on when technology improved enough that attacking encryption based on
them had become feasible.<xref target="Adrian2015"/>) The IETF can do nothing ab out them had become feasible <xref target="Adrian2015"/>.) The IETF can do nothing a bout
the code that vendors ship or that sites use, but it can alert the the code that vendors ship or that sites use, but it can alert the
world that it thinks things have changed.</t> world that it thinks things have changed.</t>
<t>Cryptoagility is of increasing importance. In the next very few years
<t>Cryptoagility is of increasing importance. In the next very few years, ,
we will have so-called post-quantum algorithms. Both protocols and key we will have so-called post-quantum algorithms. Both protocols and key
lengths will need to change, perhaps drastically. Is the IETF ready? lengths will need to change, perhaps drastically. Is the IETF ready?
What will happen to, say, DNSSEC if key lengths become drastically What will happen to, say, DNSSEC if key lengths become drastically
longer? Backwards compatibility will remain important, but that, of longer? Backwards compatibility will remain important, but that, of
course, opens the door to other attacks. We’ve long thought about course, opens the door to other attacks. We've long thought about
them; we need to be sure that our mechanisms work—we've them; we need to be sure that our mechanisms work -- we've
been surprised in the past.<xref target="BellovinRescorla2006"/></t> been surprised in the past <xref target="BellovinRescorla2006"/>.</t>
<t>We also need to worry more about metadata. General Michael Hayden,
<t>We also need to worry more about metadata. General Michael Hayden, former director of both the NSA and the CIA, once remarked, "We kill
former director of both the NSA and the CIA, once remarked, “We kill people based on metadata" <xref target="Ferran2014"/>. But caution is necessary;
people based on metadata” <xref target="Ferran2014"/>. But caution is necessary; attempts to hide metadata can have side effects. To give a trivial
attempts to hide metadata can have side-effects. To give a trivial
example, Tor is quite strong, but if your exit node is in a different example, Tor is quite strong, but if your exit node is in a different
country than you are in, web sites that use IP geolocation may present country than you are in, web sites that use IP geolocation may present
their content in a language foreign to you. their content in a language foreign to you.
Some sites even block connections from known Tor exit nodes. Some sites even block connections from known Tor exit nodes.
More generally, many More generally, many
attempts to hide metadata involve trusting a different party; that attempts to hide metadata involve trusting a different party; that
party may turn out to be untrustworthy or it may itself become a party may turn out to be untrustworthy or it may itself become a
target of attack. As another prominent IETFer has remarked, target of attack. As another prominent IETFer has remarked,
“Insecurity is like entropy; you can’t destroy it but you can move it "Insecurity is like entropy; you can't destroy it, but you can move it
around.” The IETF has done a lot; it needs to do more. And remember around." The IETF has done a lot; it needs to do more. And remember
that the risk here is not just governments acting directly, it's also that the risk here is not just governments acting directly, it's also
private companies that collect the data and sell it to all comers.</t> private companies that collect the data and sell it to all comers.</t>
<t>Finally, the IETF must remember that its middle name is
<t>Finally, the IETF must remember that its middle name is "Engineering". To me, one of the attributes of engineering is the art
“Engineering”. To me, one of the attributes of engineering is the art
of picking the right solution in an over-constrained of picking the right solution in an over-constrained
environment. Intelligence agencies wont go away, nor will national environment. Intelligence agencies won't go away, nor will national
restrictions on cryptography. We have to pick the right path while restrictions on cryptography. We have to pick the right path while
staying true to our principles.</t> staying true to our principles.</t>
</section>
</section>
<section anchor="security-considerations">
<name>Security Considerations</name>
<t>Each or any of the authors may have forgotten or omitted things
or gotten things wrong. We're sorry if that's the case, but that's
in the nature of a look-back such as this. Such flaws almost
certainly won't worsen security or privacy, though.</t>
</section>
<section anchor="iana-considerations">
<name>IANA Considerations</name>
<t>This document has no IANA actions.</t>
</section>
</middle>
<back>
</section> <displayreference target="I-D.ietf-tls-esni" to="TLS-ECH"/>
</section> <displayreference target="I-D.ietf-mpls-opportunistic-encrypt" to="MPLS-OPPORTUN
<section anchor="acknowledgments"><name>Acknowledgments</name> ISTIC-ENCRYPT"/>
<t>Susan Landau added many valuable comments to Steve Bellovin's essay.</t> <references>
<name>Informative References</name>
<t>We thank Carsten Bormann, Brian Carpenter, Wendy Grossman, Kathleen Moriarty, <reference anchor="Guard2013">
Jan Schaumann, Seth David Schoen, and Paul Wouters for comments and review of th <front>
is text, though <title>NSA collecting phone records of millions of Verizon customers d
that of course doesn't mean that they necessrily agree with the text.</t> aily</title>
<author initials="G." surname="Greenwald" fullname="Glenn Greenwald">
<organization>The Guardian</organization>
</author>
<date year="2013" month="June"/>
</front>
<refcontent>The Guardian</refcontent>
</reference>
<t>This document was created at the behest of Eliot Lear, who also <reference anchor="ACME" target="https://datatracker.ietf.org/wg/acme/abou
cat herded and did some editing.</t> t/">
<front>
<title>Automated Certificate Management Environment (acme)</title>
<author>
<organization>IETF</organization>
</author>
</front>
</reference>
</section> <reference anchor="Perpass-BoF" target="https://www.ietf.org/proceedings/8
<section anchor="security-considerations"><name>Security Considerations</name> 8/perpass.html">
<front>
<title>perpass BoF -- Handling Pervasive Monitoring in the IETF</title
>
<author>
<organization>IETF</organization>
</author>
<date month="November" year="2013"/>
</front>
<refcontent>IETF 88 Proceedings</refcontent>
</reference>
<t>Each or any of the authors may have forgotten or omitted things <reference anchor="CFRG" target="https://datatracker.ietf.org/rg/cfrg/abou
or gotten things wrong. We're sorry if that's the case, but that's t/">
in the nature of a look-back such as this. Such flaws almost <front>
certainly won't worsen security or privacy though.</t> <title>Crypto Forum (cfrg)</title>
<author>
<organization>IRTF</organization>
</author>
</front>
</reference>
</section> <reference anchor="CURDLE" target="https://datatracker.ietf.org/wg/curdle/
<section anchor="iana-considerations"><name>IANA Considerations</name> about/">
<front>
<title>CURves, Deprecating and a Little more Encryption (curdle)</titl
e>
<author>
<organization>IETF</organization>
</author>
</front>
</reference>
<t>No changes to IANA processes are made by this memo.</t> <reference anchor="Curtiz">
<front>
<title>Casablanca</title>
<author initials="M." surname="Curtiz" fullname="Michael Curtiz">
<organization/>
</author>
<author initials="J. J." surname="Epstein" fullname="Julius J. Epstein
">
<organization/>
</author>
<author initials="P. G." surname="Epstein" fullname="Philip G. Epstein
">
<organization/>
</author>
<author initials="H." surname="Koch" fullname="Howard Koch">
<organization/>
</author>
<date month="November" year="1942"/>
</front>
<refcontent>Warner Bros. Pictures</refcontent>
</reference>
</section> <reference anchor="Dual-EC" target="https://eprint.iacr.org/2015/767.pdf">
<front>
<title>Dual EC: A Standardized Back Door</title>
<author initials="D." surname="Bernstein" fullname="Daniel Bernstein">
<organization/>
</author>
<author initials="T." surname="Lange" fullname="Tanja Lange">
<organization/>
</author>
<author initials="R." surname="Niederhagen" fullname="Ruben Niederhage
n">
<organization/>
</author>
<date month="July" year="2016"/>
</front>
</reference>
</middle> <reference anchor="LE" target="https://dl.acm.org/doi/pdf/10.1145/3319535.
3363192">
<front>
<title>Let's Encrypt: An Automated Certificate Authority to Encrypt th
e Entire Web</title>
<author initials="J." surname="Aas" fullname="Josh Aas">
<organization/>
</author>
<author initials="R." surname="Barnes" fullname="Richard Barnes">
<organization/>
</author>
<author initials="B." surname="Case" fullname="Benton Case">
<organization/>
</author>
<author initials="Z." surname="Durumeric" fullname="Zakir Durumeric">
<organization/>
</author>
<author initials="P." surname="Eckersley" fullname="Peter Eckersley">
<organization/>
</author>
<author initials="A." surname="Flores-López" fullname="Alan Flores-Lóp
ez">
<organization/>
</author>
<author initials="A." surname="Halderman" fullname="Alex Halderman">
<organization/>
</author>
<author initials="J." surname="Hoffman-Andrews" fullname="Jacob Hoffma
n-Andrews">
<organization/>
</author>
<author initials="J." surname="Kasten" fullname="James Kasten">
<organization/>
</author>
<author initials="E." surname="Rescorla" fullname="Eric Rescorla">
<organization/>
</author>
<author initials="S. D." surname="Schoen" fullname="Seth David Schoen"
>
<organization/>
</author>
<author initials="B." surname="Warren" fullname="Brad Warren">
<organization/>
</author>
<date month="November" year="2019"/>
</front>
<refcontent>CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Co
mputer and Communications Security</refcontent>
</reference>
<back> <reference anchor="MADINAS" target="https://datatracker.ietf.org/wg/madina
s/about">
<front>
<title>MAC Address Device Identification for Network and Application S
ervices (madinas)</title>
<author>
<organization>IETF</organization>
</author>
</front>
</reference>
<references title='Informative References'> <reference anchor="Perpass" target="https://mailarchive.ietf.org/arch/brow
se/perpass/">
<front>
<title>perpass mailing list</title>
<author>
<organization>IETF</organization>
</author>
</front>
</reference>
<reference anchor="guard2013" > <reference anchor="Plenary-video" target="https://www.youtube.com/watch?v=
<front> oV71hhEpQ20&amp;pp=ygUQaWV0ZiA4OCBwbGVuYXJ5IA%3D%3D">
<title>NSA collecting phone records of millions of Verizon customers daily</ <front>
title> <title>IETF 88 Technical Plenary: Hardening The Internet</title>
<author initials="G." surname="Greenwald" fullname="Glenn Greenwald"> <author>
<organization>The Guardian</organization> <organization/>
</author> </author>
<date year="2013" month="June"/> <date month="November" year="2013"/>
</front> </front>
</reference> <refcontent>YouTube video, 2:37:28, posted by "IETF - Internet Engineeri
<reference anchor="ACME" target="https://datatracker.ietf.org/wg/acme/"> ng Task Force"</refcontent>
<front> </reference>
<title>Automated Certificate Management Environment (ACME)</title>
<author >
<organization>IETF</organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="Perpass-BoF" target="https://www.ietf.org/proceedings/88/perp
ass.html">
<front>
<title>IETF 88 Perpass BoF session</title>
<author >
<organization>IETF</organization>
</author>
<date year="2013"/>
</front>
</reference>
<reference anchor="CFRG" target="https://datatracker.ietf.org/rg/cfrg/">
<front>
<title>IRTF Crypto Forum (CFRG)</title>
<author >
<organization>IETF</organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="CURDLE" target="https://datatracker.ietf.org/wg/curdle/">
<front>
<title>curdle WG</title>
<author >
<organization>IETF</organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="Curtiz" >
<front>
<title>Casablanca</title>
<author initials="M." surname="Curtiz" fullname="Michael Curtiz">
<organization></organization>
</author>
<author initials="J. J." surname="Epstein" fullname="Julius J. Epstein">
<organization></organization>
</author>
<author initials="P. G." surname="Epstein" fullname="Philip G. Epstein">
<organization></organization>
</author>
<author initials="H." surname="Koch" fullname="Howard Koch">
<organization></organization>
</author>
<date year="1942"/>
</front>
</reference>
<reference anchor="dual-ec" target="https://eprint.iacr.org/2015/767.pdf">
<front>
<title>Dual EC, A standardized back door</title>
<author initials="D." surname="Bernstein" fullname="Daniel Bernstein">
<organization></organization>
</author>
<author initials="T." surname="Lange" fullname="Tanja Lange">
<organization></organization>
</author>
<author initials="R." surname="Niederhagen" fullname="Ruben Niederhagen">
<organization></organization>
</author>
<date year="2016"/>
</front>
</reference>
<reference anchor="LE" target="https://dl.acm.org/doi/pdf/10.1145/3319535.336319
2">
<front>
<title>Let's Encrypt - an automated certificate authority to encrypt the ent
ire web</title>
<author initials="J." surname="Aas" fullname="Josh Aas">
<organization></organization>
</author>
<author initials="R." surname="Barnes" fullname="Richard Barnes">
<organization></organization>
</author>
<author initials="B." surname="Case" fullname="Benton Case">
<organization></organization>
</author>
<author initials="Z." surname="Durumeric" fullname="Zakir Durumeric">
<organization></organization>
</author>
<author initials="P." surname="Eckersley" fullname="Peter Eckersley">
<organization></organization>
</author>
<author initials="A." surname="Flores-López" fullname="Alan Flores-López">
<organization></organization>
</author>
<author initials="A." surname="Halderman" fullname="Alex Halderman">
<organization></organization>
</author>
<author initials="J." surname="Hoffman-Andrews" fullname="Jacob Hoffman-Andr
ews">
<organization></organization>
</author>
<author initials="J." surname="Kasten" fullname="James Kasten">
<organization></organization>
</author>
<author initials="E." surname="Rescorla" fullname="Eric Rescorla">
<organization></organization>
</author>
<author initials="S. D." surname="Schoen" fullname="Seth David Schoen">
<organization></organization>
</author>
<author initials="B." surname="Warren" fullname="Brad Warren">
<organization></organization>
</author>
<date year="2019"/>
</front>
</reference>
<reference anchor="MADINAS" target="https://datatracker.ietf.org/wg/madinas/">
<front>
<title>MADINAS WG</title>
<author >
<organization>IETF</organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="perpass" target="https://mailarchive.ietf.org/arch/browse/per
pass/">
<front>
<title>perpass mailing list</title>
<author >
<organization>IETF</organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="plenary-video" target="https://www.youtube.com/watch?v=oV71hh
EpQ20&amp;pp=ygUQaWV0ZiA4OCBwbGVuYXJ5IA%3D%3D">
<front>
<title>IETF 88 Technical Plenary: Hardening The Internet</title>
<author >
<organization>IETF</organization>
</author>
<date year="2013"/>
</front>
</reference>
<reference anchor="refs-to-7258" target="https://datatracker.ietf.org/doc/rfc725
8/referencedby/">
<front>
<title>References to RFC7258</title>
<author >
<organization>IETF</organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="timeline" target="https://en.wikipedia.org/wiki/Global_survei
llance_disclosures_(2013%E2%80%93present)">
<front>
<title>Global surveillance disclosures (2013–present)</title>
<author >
<organization>Wikimedia foundation</organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="STRINT" target="https://www.w3.org/2014/strint/">
<front>
<title>A W3C/IAB workshop on Strengthening the Internet Against Pervasive Mo
nitoring (STRINT)</title>
<author >
<organization>IETF</organization>
</author>
<date year="2014"/>
</front>
</reference>
<reference anchor="Toronto" target="https://www.npr.org/sections/thetwo-way/2014
/01/31/269418375/airport-wi-fi-used-to-track-travelers-snowden-leak-alleges">
<front>
<title>Canada Used Airport Wi-Fi To Track Travelers, Snowden Leak Alleges</t
itle>
<author >
<organization>National Public Radio</organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="UTA" target="https://datatracker.ietf.org/wg/uta/">
<front>
<title>Using TLS in Applications working group (UTA) working group</title>
<author >
<organization>IETF</organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="Kahn1996" >
<front>
<title>The Code Breakers, 2nd Edition</title>
<author initials="D." surname="Kahn" fullname="David Kahn">
<organization></organization>
</author>
<date year="1996"/>
</front>
<refcontent>Scribner</refcontent></reference>
<reference anchor="Borda2011" >
<front>
<title>Fundamentals in Information Theory and Coding. Berlin</title>
<author initials="M." surname="Borda" fullname="Monica Borda">
<organization></organization>
</author>
<date year="2011"/>
</front>
<refcontent>Springer</refcontent></reference>
<reference anchor="Kerr2020" >
<front>
<title>Decryption Originalism: The Lessons of Burr.</title>
<author initials="O. S." surname="Kerr" fullname="Orin Kerr">
<organization></organization>
</author>
<date year="2020"/>
</front>
<seriesInfo name="Harvard Law Review" value="134:905"/>
</reference>
<reference anchor="Smith1845" target="http://books.google.com/books?id=Z45clCxsF
7EC">
<front>
<title>The Secret Corresponding Vocabulary, Adapted for Use to Morse’s Elect
ro-Magnetic Telegraph: And Also in Conducting Written Correspondence, Transmitte
d by the Mails, or Otherwise</title>
<author initials="F. O." surname="Smith" fullname="Francis O. Smith">
<organization></organization>
</author>
<date year="1845"/>
</front>
<refcontent>Thurston, Isley &amp; Co</refcontent></reference>
<reference anchor="Slater1870" target="http://books.google.com/books?id=MJYBAAAA
QAAJ">
<front>
<title>Telegraphic Code, to Ensure Secresy in the Transmission of Telegrams,
First Edition.</title>
<author initials="R." surname="Slater" fullname="Robert Slater">
<organization></organization>
</author>
<date year="1870"/>
</front>
<refcontent>W.R. Gray</refcontent></reference>
<reference anchor="Headrick1991" >
<front>
<title>The Invisible Weapon: Telecommunications and International Politics,
1851–1945</title>
<author initials="D. R." surname="Headrick" fullname="Daniel R. Headrick">
<organization></organization>
</author>
<date year="1991"/>
</front>
<refcontent>Oxford University Press</refcontent></reference>
<reference anchor="Kennedy1971" target="http://www.jstor.org/stable/563928">
<front>
<title>Imperial Cable Communications and Strategy, 1870-1914</title>
<author initials="P. M." surname="Kennedy" fullname="Paul M. Kennedy">
<organization></organization>
</author>
<date year="1971"/>
</front>
<seriesInfo name="English Historical Review" value="86 (341): 728–52"/>
</reference>
<reference anchor="Rowlett1998" >
<front>
<title>The Story of MAGIC: Memoirs of an American Cryptologic Pioneer</title
>
<author initials="F. B." surname="Rowlett" fullname="Frank B. Rowlett">
<organization></organization>
</author>
<date year="1988"/>
</front>
<refcontent>Aegean Park Press</refcontent></reference>
<reference anchor="Miller2020" target="https://www.washingtonpost.com/graphics/2
020/world/national-security/cia-crypto-encryption-machines-espionage/">
<front>
<title>The Intelligence Coup of the Century</title>
<author initials="G." surname="Miller" fullname="Greg Miller">
<organization></organization>
</author>
<date year="2020" month="February"/>
</front>
<refcontent>The Washington Post</refcontent></reference>
<reference anchor="Baldwin2022" target="https://drenigma.org/2022/03/02/did-brit
ain-sell-enigmas-postwar/">
<front>
<title>Did Britain Sell Enigmas Postwar?</title>
<author initials="M." surname="Baldwin" fullname="Mark Baldwin">
<organization></organization>
</author>
<date year="2022"/>
</front>
<refcontent>Dr. Enigma (blog)</refcontent></reference>
<reference anchor="Broad1982" >
<front>
<title>Evading the Soviet Ear at Glen Cove</title>
<author initials="W. J." surname="Broad" fullname="William J. Broad">
<organization></organization>
</author>
<date year="1982"/>
</front>
<seriesInfo name="Science" value="217 (3): 910–11"/>
</reference>
<reference anchor="Landau1988" >
<front>
<title>Zero Knowledge and the Department of Defense</title>
<author initials="S." surname="Landau" fullname="Susan Landau">
<organization></organization>
</author>
<date year="1988"/>
</front>
<seriesInfo name="Notices of the American Mathematical Society [Special Articl
e Series]" value="35 (1): 5–12"/>
</reference>
<reference anchor="Landau2014" >
<front>
<title>Under the Radar: NSA’s Efforts to Secure Private-Sector Telecommunica
tions Infrastructure</title>
<author initials="S." surname="Landau" fullname="Susan Landau">
<organization></organization>
</author>
<date year="2014"/>
</front>
<seriesInfo name="Journal of National Security Law &amp; Policy" value="Vol 7,
No. 3"/>
</reference>
<reference anchor="Johnson1998" target="https://www.nsa.gov/portals/75/documents
/news-features/declassified-documents/cryptologic-histories/cold_war_iii.pdf">
<front>
<title>American Cryptology During the Cold War, 1945-1989; Book III: Retrenc
hment and Reform</title>
<author initials="T. R." surname="Johnson" fullname="Thomas R. Johnson">
<organization></organization>
</author>
<date year="1998"/>
</front>
<refcontent>NSA</refcontent></reference>
<reference anchor="Kostyuk2022" target="https://www.harvardnsj.org/wp-content/up
loads/sites/13/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf">
<front>
<title>Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptogra
phic Standardization Process</title>
<author initials="N." surname="Kostyuk" fullname="Nadyia Kostyuk">
<organization></organization>
</author>
<author initials="S." surname="Landau" fullname="Susan Landau">
<organization></organization>
</author>
<date year="2022"/>
</front>
<seriesInfo name="Harvard National Security Journal" value="13 (2): 224–84"/>
</reference>
<reference anchor="Ferran2014" target="https://abcnews.go.com/blogs/headlines/20
14/05/ex-nsa-chief-we-kill-people-based-on-metadata">
<front>
<title>Ex-NSA Chief: "We Kill People Based on Metadata"</title>
<author initials="L." surname="Ferran" fullname="Lee Ferran">
<organization></organization>
</author>
<date year="2014" month="May"/>
</front>
<refcontent>ABC News</refcontent></reference>
<reference anchor="Adrian2015" target="https://weakdh.org/imperfect-forward-secr
ecy.pdf">
<front>
<title>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.</tit
le>
<author initials="D." surname="Adrian" fullname="David Adrian">
<organization></organization>
</author>
<author initials="K." surname="Bhargavan" fullname="Karthikeyan Bhargavan">
<organization></organization>
</author>
<author initials="Z." surname="Durumeric" fullname="Zakir Durumeric">
<organization></organization>
</author>
<author initials="P." surname="Gaudry" fullname="Pierrick Gaudry">
<organization></organization>
</author>
<author initials="M." surname="Green" fullname="Matthew Green">
<organization></organization>
</author>
<author initials="J. A." surname="Halderman" fullname="J. Alex Halderman">
<organization></organization>
</author>
<author initials="N." surname="Heninger" fullname="Nadia Heninger">
<organization></organization>
</author>
<date year="2015"/>
</front>
<refcontent>Proceedings of the 22th ACM Conference on Computer and Communication
s Security (CCS)</refcontent></reference>
<reference anchor="BellovinRescorla2006" target="https://www.cs.columbia.edu/~sm
b/papers/new-hash.pdf">
<front>
<title>Deploying a New Hash Algorithm</title>
<author initials="S. M." surname="Bellovin" fullname="Steven M. Bellovin">
<organization></organization>
</author>
<author initials="E. K." surname="Rescorla" fullname="Eric K. Rescorla">
<organization></organization>
</author>
<date year="2006"/>
</front>
<refcontent>Proceedings of NDSS '06</refcontent></reference>
<reference anchor="Blaze1994" target="http://www.mattblaze.org/papers/eesproto.p
df">
<front>
<title>Protocol Failures in the Escrowed Encryption Standard</title>
<author initials="M." surname="Blaze" fullname="Matt Blaze">
<organization></organization>
</author>
<date year="1994"/>
</front>
<refcontent>Proceedings of Second ACM Conference on Computer and Communications
Security</refcontent></reference>
<reference anchor="Checkoway2016" target="https://dl.acm.org/citation.cfm?id=297
8395">
<front>
<title>A Systematic Analysis of the Juniper Dual EC Incident</title>
<author initials="S." surname="Checkoway" fullname="Stephen Checkoway">
<organization></organization>
</author>
<author initials="J." surname="Maskiewicz" fullname="Jacob Maskiewicz">
<organization></organization>
</author>
<author initials="C." surname="Garman" fullname="Christina Garman">
<organization></organization>
</author>
<author initials="J." surname="Fried" fullname="Joshua Fried">
<organization></organization>
</author>
<author initials="S." surname="Cohney" fullname="Shaanan Cohney">
<organization></organization>
</author>
<author initials="M." surname="Green" fullname="Matthew Green">
<organization></organization>
</author>
<author initials="N." surname="Heninger" fullname="Nadia Heninger">
<organization></organization>
</author>
<author initials="R. P." surname="Weinmann" fullname="Ralf-Philipp Weinmann"
>
<organization></organization>
</author>
<author initials="E." surname="Rescorla" fullname="Eric Rescorla">
<organization></organization>
</author>
<author initials="" surname="Hovav Shacham" fullname="Hovav Shacham">
<organization></organization>
</author>
<date year="2016"/>
</front>
<seriesInfo name="Proceedings of the 2016 ACM SIGSAC Conference on Computer an
d Communications Security" value="468–79"/>
</reference>
<reference anchor="Levy2001" >
<front>
<title>Crypto: How the Code Rebels Beat the Government—Saving Privacy in the
Digital Age</title>
<author initials="S." surname="Levy" fullname="Steven Levy">
<organization></organization>
</author>
<date year="2001"/>
</front>
<refcontent>Viking</refcontent></reference>
<reference anchor="Moore2015" target="https://www.rapid7.com/blog/post/2015/12/2
0/cve-2015-7755-juniper-screenos-authentication-backdoor/">
<front>
<title>CVE-2015-7755: Juniper ScreenOS Authentication Backdoor</title>
<author initials="H. D." surname="Moore" fullname="H.D. Moore">
<organization></organization>
</author>
<date year="2015"/>
</front>
<refcontent>Rapid7 Blog</refcontent></reference>
<reference anchor="Doria2012" target="https://www.internetsociety.org/resources/
doc/2012/human-rights-and-internet-protocols-comparing-processes-and-principles/
">
<front>
<title>Human Rights and Internet Protocols: Comparing Processes and Principl
es</title>
<author initials="A." surname="Doria" fullname="Avri Doria">
<organization></organization>
</author>
<author initials="J." surname="Liddicoat" fullname="Joy Liddicoat">
<organization></organization>
</author>
<date year="2012"/>
</front>
<refcontent>The Internet Society</refcontent></reference>
<reference anchor="Garfinkel1995" >
<front>
<title>GPG: Pretty Good Privacy</title>
<author initials="S." surname="Garfinkel" fullname="Simson Garfinkel">
<organization></organization>
</author>
<date year="1995"/>
</front>
<refcontent>O'Reilly and Associates</refcontent></reference>
<reference anchor="Masnick2023" target="https://copia.is/library/unintended-cons
equences/">
<front>
<title>The Unintended Consequences of Internet Regulation</title>
<author initials="M." surname="Masnick" fullname="Mike Masnick">
<organization></organization>
</author>
<date year="2023"/>
</front>
</reference>
<reference anchor="Roth2022" target="https://www.theverge.com/2022/3/5/22962822/
internet-backbone-provider-cogent-shuts-off-service-russia">
<front>
<title>Internet backbone provider shuts off service in Russia</title>
<author initials="E." surname="Roth" fullname="Emma Roth">
<organization></organization>
</author>
<date year="2022" month="March"/>
</front>
<refcontent>The Verge</refcontent></reference>
<reference anchor="zubhoff2019" >
<front>
<title>The age of surveillance capitalism, The fight for a human future at t
he new frontier of power</title>
<author initials="S." surname="Zuboff" fullname="Shoshana Zuboff">
<organization></organization>
</author>
<date year="2019"/>
</front>
<seriesInfo name="ISBN" value="9781781256855"/>
<refcontent>Profile Books</refcontent></reference>
<reference anchor="Badii2023" target="https://digitalmedusa.org/wp-content/uploa
ds/2023/05/SanctionsandtheInternet-DigitalMedusa.pdf">
<front>
<title>Sanctions and the Internet</title>
<author initials="F." surname="Badii" fullname="Farzaneh Badii">
<organization></organization>
</author>
<date year="2023"/>
</front>
</reference>
&RFC7687;
&RFC7258;
&RFC8446;
&I-D.ietf-tls-esni;
&RFC7858;
&RFC8484;
&RFC7540;
&RFC9000;
&I-D.farrelll-mpls-opportunistic-encrypt;
&RFC8461;
&RFC7217;
&RFC8064;
&RFC8981;
&RFC1984;
&RFC6462;
&RFC7480;
&RFC7481;
&RFC9082;
&RFC9083;
&RFC7484;
&RFC8056;
&RFC8280;
&DOI.10.5325_jinfopoli.11.2021.0376;
&RFC3365;
</references> <reference anchor="Refs-to-7258" target="https://datatracker.ietf.org/doc/
rfc7258/referencedby/">
<front>
<title>References to RFC7258</title>
<author>
<organization>IETF</organization>
</author>
</front>
</reference>
<section anchor="changes-from-earlier-versions"><name>Changes from Earlier Versi <reference anchor="Timeline" target="https://en.wikipedia.org/w/index.php?
ons</name> title=Global_surveillance_disclosures_(2013%E2%80%93present)&amp;oldid=116155781
9">
<front>
<title>Global surveillance disclosures (2013-present)</title>
<author>
<organization>Wikipedia</organization>
</author>
<date month="July" year="2023"/>
</front>
</reference>
<t>RFC editor: please remove this section.</t> <reference anchor="STRINT" target="https://www.w3.org/2014/strint/">
<front>
<title>A W3C/IAB workshop on Strengthening the Internet Against Pervas
ive Monitoring (STRINT)</title>
<author>
<organization>W3C</organization>
</author>
<author>
<organization>IAB</organization>
</author>
<date month="March" year="2014"/>
</front>
</reference>
<t>Draft -05:</t> <reference anchor="Toronto" target="https://www.npr.org/sections/thetwo-wa
y/2014/01/31/269418375/airport-wi-fi-used-to-track-travelers-snowden-leak-allege
s">
<front>
<title>Canada Used Airport Wi-Fi To Track Travelers, Snowden Leak Alle
ges</title>
<author initials="M." surname="Memmott" fullname="Mark Memmott">
<organization/>
</author>
<date month="January" year="2014"/>
</front>
<refcontent>NPR</refcontent>
</reference>
<t><list style="symbols"> <reference anchor="UTA" target="https://datatracker.ietf.org/wg/uta/about"
<t>minor tweaks</t> >
</list></t> <front>
<title>Using TLS in Applications (uta)</title>
<author>
<organization>IETF</organization>
</author>
</front>
</reference>
<t>Drafts -03 and -04:</t> <reference anchor="Kahn1996">
<front>
<title>The Codebreakers: The Comprehensive History of Secret Communica
tion from Ancient Times to the Internet</title>
<author initials="D." surname="Kahn" fullname="David Kahn">
<organization/>
</author>
<date year="1996"/>
</front>
<refcontent>2nd Edition</refcontent>
<refcontent>Scribner</refcontent>
</reference>
<t><list style="symbols"> <reference anchor="Borda2011">
<t>(mostly) Changes based on Schoen review</t> <front>
</list></t> <title>Fundamentals in Information Theory and Coding</title>
<author initials="M." surname="Borda" fullname="Monica Borda">
<organization/>
</author>
<date month="May" year="2011"/>
</front>
<refcontent>Springer-Berlin</refcontent>
</reference>
<t>Draft -02:</t> <reference anchor="Kerr2020" target="https://papers.ssrn.com/sol3/papers.c
fm?abstract_id=3533069">
<front>
<title>Decryption Originalism: The Lessons of Burr</title>
<author initials="O. S." surname="Kerr" fullname="Orin S. Kerr">
<organization/>
</author>
<date month="January" year="2021"/>
</front>
<refcontent>Harvard Law Review, 134:905</refcontent>
</reference>
<t><list style="symbols"> <reference anchor="Smith1845" target="https://books.google.com/books?id=Z4
<t>A bunch of typo fixes and added acks.</t> 5clCxsF7EC">
</list></t> <front>
<title>The Secret Corresponding Vocabulary: Adapted for Use to Morse's
Electro-Magnetic Telegraph, and Also in Conducting Written Correspondence, Tran
smitted by the Mails, or Otherwise</title>
<author initials="F. O." surname="Smith" fullname="Francis O. Smith">
<organization/>
</author>
<date year="1845"/>
</front>
<refcontent>Thurston, Isley &amp; Company</refcontent>
</reference>
<t>Draft -01:</t> <reference anchor="Slater1870" target="https://books.google.com/books?id=M
JYBAAAAQAAJ">
<front>
<title>Telegraphic Code, to Ensure Secresy in the Transmission of Tele
grams</title>
<author initials="R." surname="Slater" fullname="Robert Slater">
<organization/>
</author>
<date year="1870"/>
</front>
<refcontent>First Edition</refcontent>
<refcontent>W.R. Gray</refcontent>
</reference>
<t><list style="symbols"> <reference anchor="Headrick1991">
<t>Changes based on ISE review</t> <front>
</list></t> <title>The Invisible Weapon: Telecommunications and International Poli
tics, 1851-1945</title>
<author initials="D. R." surname="Headrick" fullname="Daniel R. Headri
ck">
<organization/>
</author>
<date year="1991"/>
</front>
<refcontent>Oxford University Press</refcontent>
</reference>
<t>Draft -00:</t> <reference anchor="Kennedy1971" target="https://www.jstor.org/stable/56392
8">
<front>
<title>Imperial cable communications and strategy, 1870-1914</title>
<author initials="P. M." surname="Kennedy" fullname="Paul M. Kennedy">
<organization/>
</author>
<date month="October" year="1971"/>
</front>
<refcontent>English Historical Review, 86:341, pp. 728-752</refcontent>
<refcontent>Oxford University Press</refcontent>
</reference>
<t><list style="symbols"> <reference anchor="Rowlett1998">
<t>Initial revision</t> <front>
</list></t> <title>The Story of Magic, Memoirs of an American Cryptologic Pioneer<
/title>
<author initials="F. B." surname="Rowlett" fullname="Frank B. Rowlett"
>
<organization/>
</author>
<date year="1998"/>
</front>
<refcontent>Aegean Park Press</refcontent>
</reference>
</section> <reference anchor="Miller2020" target="https://www.washingtonpost.com/grap
hics/2020/world/national-security/cia-crypto-encryption-machines-espionage/">
<front>
<title>The intelligence coup of the century</title>
<author initials="G." surname="Miller" fullname="Greg Miller">
<organization/>
</author>
<date year="2020" month="February"/>
</front>
<refcontent>The Washington Post</refcontent>
</reference>
</back> <reference anchor="Baldwin2022" target="https://drenigma.org/2022/03/02/di
d-britain-sell-enigmas-postwar/">
<front>
<title>Did Britain sell Enigmas postwar?</title>
<author initials="M." surname="Baldwin" fullname="Mark Baldwin">
<organization/>
</author>
<date month="march" year="2022"/>
</front>
<refcontent>Dr. Enigma</refcontent>
</reference>
<!-- ##markdown-source: <reference anchor="Broad1982" target="https://www.science.org/doi/abs/10.1
H4sIAAAAAAAAA7y925Ib2ZUl+O5f4UOzqoyYARAXMnhtdVbcSILJIEOBoDhS 126/science.217.4563.910">
qSztAH4AeIbDHfJLIEFajukfuh5mzGZeZj5hnvp5vqT1JbPX3vscPw4gmKlq <front>
WaurpcwA4H4u+7L2vd/vR3VaZ/ZlfGOnmZ3UaZFXcZHHtzaP/2hNWcXXpqrj <title>Evading the Soviet Ear at Glen Cove</title>
27mNR3mxSujPN/beZoa/GZnxuLT3L4Ovn05rW0ZJMcnNgh6blGZa96emLG2W <author initials="W. J." surname="Broad" fullname="William J. Broad">
9Wubr/Etgy/1D0+iiantrCjXL+M0nxZR1YwXaVXRo2/XS4s/JnZp6b/yOorS <organization/>
Zfkyrsumqo8PD18cHkd3dr0qyuRlPMzpcbmt+xd4WxQt05fxv9bFpBdXRVmX </author>
dlrRP60X+Id/iyLT1POifBnF/Sim/6R59TIeDeLXskb+m6x9VNvlnDYWflKU <date month="September" year="1982"/>
M9ptmeZpvY7PiyyzM9uLL5pxlub8hUnR5DU2NKTfmDzhP9qFSbOXcSUPHOhx </front>
/MukGtSTZJDazlpeD+Izk6RpsBJawReT23nwAS/kIp2ltcniK5s0lQlfNdVf <refcontent>Science, 217:4563, pp. 910-911</refcontent>
DMb4xb/M8NfBpFh03nQ2iEeTeW5TurH2ZWdlM7HdD/hlb015b8ok/pSn97as </reference>
6AC6G/40Ou1sVh/wL+4ftl5Ph35Fe6WTKO719PzB39O5b37Iq6Azbxbj1Pzm
ZSzGOOeJ/mxAJxVFeVEuiILv7UsiKyI8/2/44ayhXR4fHj2Wf8V/lEc+jE7p
PRnzST6Ll/Mit3FpJ0SExDTTeJFmmTDQNP6DLdMvxEgTotdiQQuNE1rP2j/S
U6H/j+z9TWbzPH5TWpuvTJYEn9P2TZ5+Yc57yRz5BitNTe6/lBA7vYyfxu+a
PMYO+IPT86vLra2cNrQq+nYSn9uyTqcpODG+MrmZ2QWxW3yZ36dlkfM/7+ER
++0jTDmz9ct4XtfL6uXBAb3V1KWZ3NEdp7aeDmilB6vZgZks7ME3Nry5peHl
7euNrRwfHssmrm25NFXVPyteb+0Fv4ufP3ffiek7cWVZjDy45tVq1a51WRYT
axO60+rg+fODpTxnMK8X2X/v8vUOzl/fvNle9w2t+7xcL+sifl2UzSLew/f+
zoOm/5tM6b/+QQd9/unm4v02vUyaMsls/PnN300F8st/2PIaotYvW8s7N5UZ
k7idmAff0++8UZjtKp3Mjc30qd/86rsmS5sqfjeIL5ckx9P8m9++nqdZuozf
/LZvvy1WEKw/FJP5xr6PXjw5jvhvSWOyvp28fPD87ZK0Uj1IzaTkoyfaOzl4
9vTZYJlMN4/rgh4WX5734lPSSaSkIEa+kCwY0/XFSVGU37yt7hbabVzQHdJh
npEu7u75Wz+6NflPJn5v8pn9Td+/acakGj6kNrHlnITVpvCjbT/lP3WIeJNW
swEJJz6mpEgP6IQOjg4HR0dPTg4ePz56cfL4ZPD48VP6p+PNk3tv6+8qEo4T
sG3cj02OI1JROglEqRwcUAJxt9Xv1yS0SaCmpY1XdvwfOuR3RTWPT0312w4L
9E2UdWYIHv22n5zR+khtEUP9tvv4k7lLSyIoEl+k8Sa/6TfXlvBafAlRUWV2
/Zt+c0rcHb/OitJW/ff/3/+7tF9+48/sz4RcMqKWhfltFPnOTIox8eR0Sr/o
n+ZJaVe/7eze0X9X8Q8EmO1ve9UlnRjh6YoQRGZ+0y9Gtp4To92nCRBa8Rvf
c1aaJP4M1LmDXV7wn65OL4YfTkdbklX//h+R/AuCnrmp/lGiX9Xy1gr17zHw
HmBZllb1g2vFl0w5mRPaa9eKPxyMy2JVWaf8/2GLJjhnynWfLswWW0v/z8FT
HYq5tYSXSYZk8bX8lpE3mUDYG1Cfs3a+iW3WRVOTpATmPliZejL//v53xR+e
Hc3nl8vfHx/+83L5u/Xs0+/N5z8c/ik9ffLx/Gw1fvOH5o//67uT4ek/Pb6g
//sHQR9YXf266D87Pnm+dQBkdVoiygmxDYnJm9fn+NbfR2hkah6U0wl+eFC6
xyXj9T/qBut0YYmu7Nba32TFmG6pasp7S8CfwIeNk7SaZAX9iTa0hyP421//
y5L+hYTqw7COLMJVepcuCYEa4R36twN5/I/h438MHv8jP/6fLo//6fnhP714
vPWSX9/0Z3rLAu+Mp2Q7JfzXhw5hdHsz/HC7bUXEnx+fHwxPz2IyxO+qebGE
72BEJnc+I13HJFsHJBufzgyZfjWg+r2piAnjq4JMaVKU9M09ecvDBwXCXj12
6ObJQVUD8vx3X/TRE/7TbUH2Tr3NpOdkFCVkb1ak4U/TclmUNZ1d/3VKv4hv
QY7473ubkTbreS/Je2vuSPvAP1D9HQv8wP8L5odLgZQDydDimweSLwXvVeq9
OaADr1dFf2XWckqHRwePjw6On754cvT88bOTAyN76K/S/jTtN7QtsCfzFf5b
NtKvZB/9jPbRN8E+Pt2ebh3Rp4qF0/sRGfbx6XKZAQOxJQy6wGezsmiW8R79
eL/7t38Ql+46nYf0UlMboZkfzDw/evHi6dZ+IGbPi8SS4qTt870e50l8maQd
Jtm1ZPZsXAz42TugvqjuzocO6b946v9UTjoPfTSalOk4t+Uj/utZUSaGrvZo
a92vwccw2U1W4SqGzrcBj97cFuWaAGuCrdH5w7tSZuk3t8O7gR8Grww/UPup
gKba+NSz1dFD+xnBVJmpb+kHW5Z0jYdbm3l0YRk1Y/Efy3RGWIJU+0Ju5z3Z
9+ppOWvKcvDo1y/l4wAeJ7xux73QC/LuZ57ADv2fKkK4toLDqPv4R8419t6s
4B5N7eoRrf/o8ZOXLw5PZGmjRVrPj54/OfkmCBBHK+2bZOV5QXitWhY5Liv+
QzEx44awy5qstsQsYW/Q5UIskeoMH3FVlJX921//DzJT4Kkqi/6VmZHwJWly
S7w9K81yTqKb6OA0qwqQyTm9o2GfVvicz2S9EJAN1gHN2oOwy6sFPiODcc3y
/YpQFfEILecj/Wu5SgPj4SGqej3AheBUtunqNb1iklbx1jc2GeN23pQV2Su9
eAhLIv5nWu2jTc6iQ98pI0hEjIvirhrMimKWCVbiP3yfJr/705OTSXb+c/X6
2eW5XGBGTyuPnj/bptTuDbozpvOGDOkB2VzmUNpys9UaZ45j05NkTxVR8o6n
LOhUX6e0RSd7Br96rjcDXer2sd4UY7JQNz92p/Ts8MFj/jygp74pzfrR33+Q
V+/+eHZK//n96ek7/vVbaxKye+5I4m1LsC1mGOb3aZWO4XuyZsmeTzoaesOi
yb2WgVATjKHqM3zKdZHR0U3oJI+enxwRIDt6ERDEQ8dIIpz27Na6fZbq7Nj1
HS/QHxSAjz7+TLwbutLjayKM6pFKxDy3yfroxbNfOZ/hgqyVlMDCucEBnW8f
CkExRFjWPb7f/tELxTrf2vn14Grg1rC972vTZPGOLzwgGx9d5jOS2vP4LVll
BPNg17QS8vnTeO/xk6P9l/Gz4+d0MyfHW8xLh/AQzQH9/ISnCv6pcQgHJ08f
vzgWE+KmWGW2rukitg2PbaFbQzuSOrk6fTM8J9VmFwUxHv5iCNOwc4P+Qdy1
WTEj7r6mY7b2m74yH9AZuNXsFnZ3u76xSTSnhMFoCdemvAvJJTys57LzKzIY
7G6t6izILEtnkOdENQTMaJcQSOcEHZryW0EK2dGbgb5iezdvSjvb/FBW99qO
y4b0V3x01Ovq1Y2NQqwTu5tqThoJzqjroqp3Sx5vFfgvL+m7LIBUBlcHeNUB
Yc4sOXDioU9guYFz7mCSmj6jjKKvTjr6Qn9hJvQ4W/VJ7+EHM/Vfn5ksWaU5
PfHYr9i5VAnWndEjyb4hMZ9lJPLT2cJUvPiVKb93398+Uw+y5OnBJ4qycOEb
H3aP7NFFOdAXxntjos59f1xboJhsM3xPrajj44PDxweHxwdJmvTHsn46nSzr
y9eq/lLW760sj4vEN3pWFiYhwts6kMt7kzj7b1QQx5MOM2Vsag5xEdnd2185
ks8DuNv5BVtn8hmhNrPY+sJuMTSapKB1kjjHR89I5JDAeXF0CFVw9Ki7L+yE
//IebvEGHLW5sT/Zsoh/yMGsycyymMUeL+zSlDXHy4ibLuzU5tWv7ZDwqLxn
a3+jpiJW7364e2+PPhSk3WzleNiLqitD/wrwD5k7KugISM3862hpJ1AZpyV9
kAGS4KH/Bmn8+CTegyw+wcEcbx/M8+BgYFluHkwoUz8RWix5PWTBmpJjp4JJ
p6T5anb3jMCElkRZek+v6NO/1kUoUXYoejJoSkNmP6FV/PR/xPG+K5oSBjkd
rzfORyo+GPD/MyOMyRpH+Icii5/14g/FIH78aJNjWt3L//uumOdkw3TU046T
3FY9a7jbHWudFxm7dnuIFZ2Qhn/+4hUZZMVdPBwOw43cWLhlJnOmUBDtjYVx
+CtHeMswSJe6dYy38wIibvsbXfH0QUPy8QMejMoQcrw/gFeCDNeDZydw6jVY
aHWQ21XVn1qD+64OEjvJDOHlaWqTfvulSauV+3MBGvTlCR3NjyS6fkzTNIyC
eXwmBP0DCbh1c7dLqIf3cNFYdi9/JMQWX3w6ff/j5fmPFzdnb5y7gNj9L434
MolWYDU1S84TCA1nuURnH4x88E1s9GsEoqvqYbruOPj5gj4MdP3bqviDSdap
ibc+337ILkb5+znFWcHbbKI8JEZxvHdMQub4+AmJmedPtrjk+PhbtDKXd+TV
T+LNWfYnBaGZvD5olhnpgeqA0DTd/dFjVW5PD4gnjx4Pq+r4Rz2JvuzmR0RB
+5fn/YubN2eePl7bkvDYr4m3y5/7SAY5n6d2Spv6bOMfSCHF17ZYkkw9M/AV
0n1e2drAC/XoV7js/UDfu8Vh763d+GhD85+enccfiEc2zvHKEM467nWkzuZ5
mvEE3EW8JxYb8U91MCdrBu7uSp2HJwf25z5xaH+CvfZXtn9HO+0veaf9MXba
B2LSnfK7Tske4jM8+dYZsvUyJaGP5AcOgLN5PFlzQJwA1ZS4vP+WsMgCoT+4
GGA4X5dmAoU3+G1M4q05WVTno9Alt/nxjof8EJ8R+c3M/c7H/EDaf57e2TUt
dsf3djzvT4MH4qa/Elnd8ahrMs9Nk5TrHc+5Tol+yD7d+saO51wNJPVox2MI
TpC+WW1+vuMhhMlOBw8EXTVQOngwMLvjeSTjyMjOW5dh92Ek5kjKbX5hg02u
2xQfB5SOj+s5kqMgujVsBJ4lK3rZID4tntIO/PACbe/8fPQwxl5Zc5fMWUCl
jsj7UyFymB4g8m2FBH4RSK1Jby4wfHx4uO2iJriZFWtWL+B/OkrkBWQz5BzM
vVb/LakFqgE2s+02TvmBnLxvPfNy8MNgd3Q7DH/v+o47kMPWJb5LGWzk9R38
b9VifLA0dOKMG/pzOpNO+suWoblBFh8uRqP4u8On6mfPzBdLMGFLE9Cv6oLe
zEKJY33q0LusJmWxItl/6W1Jr+N/g/2H9+2w/uq6+9G3SZtotIBv9z9E2Fug
/8VO7aHnT8ZFPcbKJItODt6SzYzz8Qd/PreTu2Jl1kjN2TzK03i0rmoxU+JT
wgjrKvUc+o5WuATaknQlQv+TlHOBHzzK3aTdLuEByuY0311f2vU8El5XprpL
7SqdfNn1QEkg2fmdXc87h+zeEpT6rPN5SXg2zc32dx5Y22vCZsnOZRXVvDFb
nz90ZATo7e7zmhuTwx7Z/MauJ+1UKN/WKDuf85AK+KYOeOBZNwNSl59tmtN5
7lzYjcmmfUnhW+764m5h9+uibscXdj3qbXFv7nHMk7lZ7HrYzi88AMp3KT7i
Q5YPo+Gb0en5f0RMEOZ98hQe22cvts1cL7S/kXY3SWt+5mAyXSBKcPzi2fPH
L0T/vbf3JCsOj74FHsWOEqRYu2jtjR1bAolnZC3yH98UZKtxCvPf/vrvI4J5
pC3Z2zDxIRiXQX86+y2+GlrYlnxWxRh+1hXQf0jvgsiaV23i1r4qitL+GlI+
/8NlH9/pP3t2cvLSi8XRBIzzcYRk7jnSCuWayPyY3IVJnA9s6O2AUDG/f2tP
2x9t6Jwbs0yTZ6SWitn2/Z88dP/QGSX/0hscB3AvSq7q0TH978Hk3rZ77f8k
W+1XvNWi6pvOVvtj3ap4Jy8I/CAw/k07/m0Dc+Imnc3rMHBka6/WIZOJCUzZ
DYiqcW7lV0RHpI3IBqoePuZdzE3ImJe5i69P78t069MHxPz7NEnSSWHqXQ96
V6y3v+Dv5/iBSw2Ty5zD8GGMiwR6/XIl35V0dFuRsT+Br6aY4GKPD+Y48X7J
J96ns+u73/WX7sTJitcD7y/dMfNXl/6Y5YpJC07T/M5mBE22eObRm+s3QGe2
Joj+pigSx+2/Zn+PBu2Dtxk8XVTEVVtf2Di9j9/dIE9LMixOK5wJHfimXY5l
C+ObiuQqvE6PN7eBe/iU45DyBAUaG54lf0U3dtZknbStre05Haxvaz9w+e93
dvOzzYueFEuC12l1kKXj0pTrg8YvDb4Xv7TtAIFk5twU9XyXb81vAzw8RiUN
3TzSJMuYcEqNrU6h1O7J1oe0vmmqqmWMBy4SWrjoZBSo+l0sTOeTHaT/B0sb
/ya9k+i5x5dYerF76fHBycHx8Yunx8/pXzxZux313Y7ooGYktfq8sT5trK8b
65edXTnfTTmZxye91hn2pRnP6VdI1t1FLGZmQRidTMQJydmaE2Z6/J0p2I8z
RkzMDBlPG/ahq64keymeIgEupQughy3Jjvk1DUJs86dmTAvb5pk5gU1CiRuf
b+Qcxw+gluHo7MPLmBDBEf3f8cnT5ycnO++NJPI0hb8NuQZisqHarcNT7pxG
dCptXLzelUf7YOaQq8iL47jz4YPFebsIKBGkseBSvYecl1g6fG5+tbRYWmtb
4CgPkXq/jmkbcF3U7/djM66Q+1ZH0e2cLKqFXRQx3ob8S94+7bXxOhBFbE1e
O5QIRIMYzZy0R40klWVakiRKJOyAH3AFJz+ntJk1FRNgGqSbmXHRCGXB+z9e
x5eJ+Pg0PzKVCrUBR99BhvT/p6Q5kM5dLZHLeG/p6LEEpu1iYYmjotW8iFcG
Bvd9kd3TmlZpPY+rdFpLQKTEpvi14WLqIpYUJmSSrLXkj7+15DTLnn+PiV1o
GCsycUIbR1jKYWfkIIbfZlaKRLfF9mdafN1TCnNfmThAXUkUkj/OzAryboo0
tlIOgdZSEhqyEb/K3VnKoTIVJHwM8bxNpQgOqxev5mAG4eeoItrk3GXIUSv3
FiPvIjb8xBXW1+6VlrRUZExGRZbZHPmeTCc+H11jcfT1imgnS0BPFcTbQEhu
QYgjs1FE1FoWnFBGmul3wX+i6GMO9Grjp/WcfdOPe1xBo7FIs1xaA0Ij4vgx
LHD8Mf761Zdl/vJLxIcLMsACx3aW5pxqrPcHiYJ/5i3Ozb3FypElR1+N74j+
6I2ytx0lzb04ISutTMd4IAp6ENCHx/k+rdM2ykr6uSYzelRDx++IeJwiuWId
7xHx78v1EosEjyFUkzWkQnuRWRTEdUQryJyrXsWVZP8RP5b0xzIJ/2hmBIM5
5MWSXNhvYtNlHTGP9Ce4uiR+BHd8P+CAR0KP+tYqFozGe4VzAV9hso2IYvQk
u5HXV0LUdEM7P445ZCAbjcbEOPW8NpzkSxbv0rpTo38s9QdEQpM725XELa1F
La35uy6lQl3IA/dsQKpEpywD1J4T/hyentHB0oL5UH2NW9VJKK6IbD+w+QhO
AIVwbbpQDGpA6HbiFExiFxVosyyIRVDbxeKEFwODmaUkErEIb2KfxHOc8+e4
Q+jQTjnUgTX6vX1XMUngOOaGSGHFktAz5RxybgHWx0rmaumSjIN9S8p+akiY
4EtWZGGP3xRBbsku8u/q4AE4D3lDZxHEtkAGJFCJFhQURFai9HRC3WpwYbZK
5BMEG+HAtFmI8E+IuFGmGJNQM+sKyaFjCB6YUU0lxYV0LsL2RLdEq6AQbCyV
KwZRz9NF7K+ukrNGZDhaOUKYQ06A4XtelxPRJpWthc5Ihnr9QCT5wf5MMlm9
fJEW89NDIQxVFW6LuO9AbyZADERfS5ZTyMGNhPPc54FuaJ/QCx5rknuAsiq4
hEjuEa9ZkIgR1sk3wATXkzRsc7JKIxtp0m4yco+N//bX/4Lk24xPGE+nr/Df
csV6oqDoJa+RRU1GingtosCdT+qnltc4qVi2UpG2TxdBDwIA7jO94VYDTcRI
5mfR1Sys5NhUcFW1NZloaNDukiBFNOFksxSngqIWfCrKHKxYNbMZZBPeDarA
2RI13lgDgchoga4YMnib1fSYVhaqzgSUDp6IwGnyvVbR6SW466HPSBGn0Kq8
L9IGjeAIkm679CHSM3i3ohcX5o6FhEkSpOl11Gzk1CxkKL3ii20JiJPUaJcx
KdPLLC1qVJGUJM7aNhjxyLfIqDgnmM7GqYKb1+eazhNt8u2fX/pbbVt1vOc0
4I5+Hgoq480g/kvvjldkpFvCNgRUUbEDC5exHSyGkERKO4O2JrJAaLxjjIxd
QBzL9GkbDtVwGrnAw0hXSWRJbxhCLNINLgq6bkAd1rHK2pLHUtE1ZxmdmVsn
l9hC/pCoyiBZkI63rO1iTOQhiBPI4kfEzP5YlHe2/FHUKggpYjhYzUke9eKx
4tcfWxRiKqgsIs+c7qYuBvGQJVJUTRi20DV++oGhnYXqnfAalaiKEn53oX+W
nrLIFQgmctpkbBI6XjqntB5whv4shW9Rf2Tx9CVyjaz8Li5NSpKprkj7TzkH
LAW+okfI3aU1H2BGMpu0EjTXxDSVQ0K6JNGCkFa5KkBOD8fNM3KU1TInMZwk
w7JqMusBlogi+iG9lqBMPZcolFLbCvomS+8svebP//P2/6OLqzkvzIBiSCJm
gqJTqTVYmlmI6+cNqnGl2UZdLPsqXWBheKoa0LU29EgmGQG+IrzAJ2OCqFgV
GA39WErghx6YfNpAAglqmBqC6kBFAM2kK/T0PaRmcsPJTjOAyQT/hfLFtCBA
Fb8j+Z2WXFiBk4xPm1lDmlUfUsJfArg3jTZafSDCwU8dW1ki4ydlmg3rSUtY
saUIEq5Zyo3IBQjJCe8sU/dJGSq6lgmZuEiurUwOaTq32TJmT8aSjpbLhE4n
6HDC91C0y21L3QzKSNScFGju1D5YhU9nxfQzg0uOGN7gAGsSk7BokCZJjESq
LgFeAT6Pbcq4TcTiQlhxKMBMDoekKQSNCKJJm1NFWtcJ217HqIGMTAhyJECp
Q5wYsR39IV0yQCwWHqO2Z0Syi4yOmZUj8hvng02QnUJYoF5HUFrysgZJjww2
FWKJSmT4sODsNo6xTON7Q2ixqTzRCrPrDjOyB2SbYpwSX02w34kkIapJDaYh
riPQlhAuZVROnGnGacYGxiC+WvNZtkmqYp2mlZXd801H03QGJxCOkczHCWlf
SZ4j6W4TUa5jqwiMZcXQ3bRqAZIxhpZMd450QiuylMmG/Q64eP2E82yiq7QE
GO+158nsD2yVQ+rgB4mF1UVvp2N/C1uiJJrQskUtOYpIFLoWC7TcV0wiHIjB
dYjrwdQQYnfQUwyKlArLtLoDDUyzdcRL/9tf/93EfyEhXwvNGdfIB/9LR4FY
CyQjvpeDPbn5T8Pg38S3JHxQcs7lT/JZuH4W26N4zJac8iUHohbr2Ep9FlEb
oSESQQT20Eeip9KdDp6WYn6i55KmHGd2MYhHhX6I574+G8Ywtu68kFusozlo
WaBX+kVf5HVn8EZRsWo2EbhQrwYz5cJGLC8SNGpY8Fbo4UkBvQQSIF4lEGfx
ksK7GeRJ0hSJgRz+1dRET7ldV+xiWizEpU2aln6hxWOn5+8/eSB/+fq1Y4ba
ZNC2nsz4mdiMkkpkK8llJgZZATsraXVJCDCbNsL2iNAhPSLhXG0i/EF0RnZG
wNt8QdDOC6TXgCC7EKDH0BPqftpkurYVHTksAvaLrDYwDlDCLT5z0KLIs7Ua
KaBnhk6Id+Q1bSWiY57ZunbZvZVUpTS1gxpekAB/sHSUaxsytRAV9YUregxR
jBr6Tr4Sq8EHnGW6TEIGBqaQIepge0oxT7QsiJzY9+SgR4CCksJW8qiVrgNF
wlv7jnAbxSKWVEHZAPEVW7IwI3osxq2XOEqKIvREBZGiFI08DFgCqxeCFBtu
48VGhImISljmEk9i1hGvpYlHd+sly2dUX4mL0JseIN+tPZMgiap0xjwdo0hH
JAUZD9ovi9jiVEg4Z9GCZRXou/ElFXRaESrkqweMyolUGMapPPerFz2yKBgg
CL6SnzLKbEgnp4Ap9JixIX4WLEv7mKDnjtdgLTJioMMkm8EdTRKv5uxJg85o
nHgTN0vSnAmsMO+dgWNRBA49c6WKfwVBDLZLCPEzNwmYxDoJq7B5jwxS2QIh
giIH2RGCEy5kALey9o4WIfqEvqptC+QK6Ejgm5qWRDSkResGLlDGIPrQmSW+
JyYheGGn7KtGb52k4YY7KBMkSoLma7uYwYvq/60nCiJlWzFSPRrDpHTsFtwD
XaLN2MAQfQcSZO9MWoeu5qiFDuBoEm8ZLD637gHc79b9q9su+zVK7gxULUEG
cF/RbprlgAu73ImwTQV/A/us2XXHfOFrt6pmwvniykID9aXzQlkCZhUpLfWD
CrCMuNmDIkTg/tYtBHOBMIFNVNFhaxDtlVOf7Keva5J66yria/rbX/9P3+Du
b3/9vyAKY3QUUA98u1QiBZIYi5jLYGvxhpY28kFO5mZ4cfhOVPraVv6sBdEn
BTcOIBwJeUKkOEUnRtikjHZz52aD7rY4DlyKrJtwvB7zUOWWxiYE4vCT5brc
VomGiXgIfSG3BLEeOuBLkhhrfg573khYvGSfyBocg4JdUkvyr6kV/ia8ny49
+YWfVMUUlVUWosmdNN4V8bt4R7TGlCQNIehwESCpccoOEu9sgZdS0RoEOEPR
jPNDYVT1RRAEHuGXivdapxb782i/0dXHD5d/vPl4/sPlLTHQKw0V6GLj+yYD
FzLQJLP9zcfb4eh2eH76/s3w5vT160siHrwxW/dI6pkF66GFQBSJiZB8bZb0
LTwa+vL2083Z8MOltBBxd6bbily7xXu543vLDh09CnrI5fmwx+De/jyxSxFe
AMycTsDVWDaJgm0raZuMZWyOG9Gwg9M/gSF5TuutnV/KuSYY9eWupReR7vAK
EjiX9hsQHD8Vd62lL0JmYqaAUqkh3JM3LF3NOBMXb3uzvBH+AtH0ghbwNq1c
4IrojJjtFu1PAc9WomjgQlgXjZxMXohxRYwIOi4Y6ftngwE4DsKajiR1QVLO
aRoGEgYuArKdCKTwGUWA9e7DpFmMB/GHQtzfuq+XBNLubGA+AUCyoTk3eUSs
3R8Lku4ndI+o/stzOIjHDRkltYIt+jptoaxsBuhNGoD0LNkl5QIZdbjNV3Qc
xP60/qVZc1oAXRW9xmSwxD/mkh9gJP7VU3nd85iBOENE2dzToIJcyM1lLxKL
rVmqxQivuikhJfHYSVpOMjYaGX8J7pGYhGhnIvaE1XPLSXSxRI5sorJV4DGb
R3E/4RolJKMepJp+nbHdNKw1rgE5zARKgoh0I9lcGYnBfwfPbFphofewBbMV
3ENKh/RfzmHNK+AWqJkAZ0FoMa/BwhvlNGIbTW25guN7rQrSICYzXsWYXZeE
ZSZpBcXEgWXsNEWg6F7cGpGoCOhidtnIQULmNiSW2jKvB6LKvFs2gme0einx
h4HTRq6ZMXhPIAGn4kUQwnxHyiOdKL88GlvmDUDCFP2jnKzK1nG7TlLb7J7A
zbPVKoKO9JFsqRc5UKQZFQACSExNKwZE05p9FwVu+Y+IdU8NWZhr+jgimieC
BoXIBzi1RP3c/qNbv356YPfPWGkkFH5nLbsDsH1W0vpNsImeDPzlbENUNW2B
wzftgUfebQBa5H1yE0HxeRIssmh6xQEvNTOAY8zaqVd4+yCrhtMIS+AzZCNc
AjgSggVYEJWsLjU4ZUisBi4UENAbRXw/wCPENSMGXxCrbDM2TwKpxyIOYbWy
qNgWqNBVmhY7IX1VNKRyhrIigGoY+nlDEm1aKmc4IRbCZxELw0jZgw9A6Fnc
WGRHwi5gwizEaK9RcYOWDMC7+CuD09B3hjCWVc5H5Vii8RFvOE9h59Aj+QbV
suW7gE2ec+psfLsqJEwW/SQFdmkF6AoNyz/jQ1HGUftaAqL+0x/fEuRqyLwB
4ImM9oOp2WWnDkhe0TwlaXwaq0IgC5o35pMw2nbFpJ/mgTeCLpFkRVwWxaIH
Z7b6BOmE5qRP4qSEE5OeCPKo6mYKty6pneLOCR85fPdUHIhBCzGYW85TlyKX
yW+oNVNnYgBbzqbyvrF1uzFOlxhGmkdQWr1o9mzUgWeDTwAe+d83EpJ6KWJz
7fzM7KVneRa8Bkwh73Zy1CBJx4w1WYaDJIJyeq1EAXabcsMXYWZwEJ8HycDv
49O8oot6yfqS1bpQYKCXLODkB/WfCvDN145BjCsPUkggzjHm4YhNI/+FqnWc
tT6smU+nZowvzkCJahQi+UP/sFMDKOcgcgqNS+eiZQzvPd4kd0uSloBFRArL
VPobOaeOQlvuT+bJsuP4dx6ogLQG0mJnCnak30zZndf6wFh4k/CVAH1bspMy
EoNIqlFd3W5JfeVMJ+9NU5r4ukhpTcTFc+efqKw0bGKDO4CJ8nK6CUJScEH5
ZXNcHJFBhNznaiQkZq3YpheHzmcRxwVSDGDGsIeMeY0zYehJa4hqzjAqGIYi
QnB7eXV9ObqVXBG4POhWEuFSOTF6etX1EcESI8pxHiFDtpb3+izQhYT9XSCw
DuWFTvJKHcPYMvsF2ItPz3G/SPM7RVLij065Z0AHUGyYjQYcPW5yYqpiGolr
tKXKqjUQyH60CHcVy7XmszmrrRVVtEL4CtZiMcVjjp6PDcEEUol0Lc1i6Q6X
gNNcRScfGZv6bJZDDlbi4FH1kBTNuFa/KwjfB3/ZEZWgXGzgnQ6dLDlGM3Na
hXyinnx2msH3KqxYgPkHaEoIQMXeX/XgevIlbAXJC0JgLvgeiZJibxCnozKz
0vgE23sOEt/Ru+CU9g+KvM2XEM+Nwb+wwlDdaHNn4+OkF96FA45N6+8j90JS
GqVYQGjVXFfcnFX6QqZsSS0QPM+yNjtEZM33yMZdR0v/mHMmEX0IGx0cmC8y
1Uc+yQ7UEIdJRVE6VWKVAFddfI/uHOo3IAILPOBDxIjSxLu7F4giV2yoRLAV
OGa6bi8ubRF9LXm4+WQtWjrw6InTMcvYsR2p2YDfBDE+595kFOpdoAhaAjh5
IoOk/450U6YYD8HvnobLAgWdtmuq5pbevjAz2i/8R8Q3rVsRq/+uEgzHzCW6
Qn9uGN/G6nb07hT6QkOANVdg3IJzT+lhxkUi8SwCl3QeXauYNa94dELoiHiz
BCdWVi10xdkV/ZbDiRyk5chVEjkGUn+X5gQVIguCDzjIS1YlAvgw/wxcKJEz
BOChElkgOJRTOOgcyPYjBihF3XCWh0EHDnUEISMVaFZhdQIXKWNzWnbK/ahe
iWREpte4KrKGOYgMdXeoQkgcNSXobyWeVoJrNebuvtjzDlc6FYm9OOMdYCDD
L5BHwGFsYSTI15ZOb9UV0SoegQd0DDUfvC4CnW28oSw2G6QvDKGysV23BgIl
nRCkmnUBbpb7TTnSVMGyI9BNpniRSGIUwF0xZqeGyTkASPpYNKAz0QTcEU2x
CifrHO1KOffNg2XQh88V5DVHDvC626dz0kSztPKLYp5i1DsVe78OUYiP8eI4
YVUJQwlm4wONWrgpUUzt34EzQ4yFnfl+t9CwC5JPYuFO0SYcICPiGTlEli4Q
4rNllFF5bQPJD/PpOJJi5/QHUjD053LsG5+7Hwy4qyNLDkW9Zrl+5VwlxJB3
cM45XEByhw6tKX1kYVGUbd6dRG/gCsOjhWMl4tLUDPJrxIUYySIElyFVCGGD
deGSrLAGDYu5PBRVRutOlg8gZKOJNPSR4GO3Q4lei8OeTA3xWo05REOH+51i
h1SCTwiugTrBeLAjYvWjKd4RY2pR5I00UQ3ym5SR+X1iskmENAh4ERRxWB+E
RRRBdz230MNII/XOGJ8bY/R3iVkgzUA7/ThTmLbHuQUuC9nRN3tjbCW6fFRg
1I+6lmH4eZuM7xCeBS2aZkS2CbQ3A5mGD1tT+hPVx5IVNRkEmfrsF9/IIZk4
BJwizFuJw7Zc4PFk1IlelzvMC7ZRGSLma44T5M78lnert2YhYsu/SPMuORmh
9OsMQ7L0UtqbQZrwYCOsO0TYySLADt62Yx7ZwAccGI2WU+oq78BZAZMjt5l5
gMOxEZysmChVI7nPi8qVS8qCNrU/I5M/tJi8nx6IaR06ijS04QKePgzBEhZG
bHBfWUMI/1Ws6beMmqHmJIYiOorupkKent4azI2lKNbzOTGgNYiPgYtZYnEC
e9i7bAKtxcZA1Sy5HAG0ywTPLxzQl6tlWosm6CmtpgskallNUob9ZMHsrad4
4PK8GqUr56Xib4vpP7YwAUg6ZjUq/pzEkIxSRhYvoxnn28tOycJCf1TDOp3L
A3ArZmp5hImLpQJGowM/RzmjMFfIu7dwY7pbl/HCqR3O0ghNSij3SOK6vfgN
Ny9Zizvq0w/6vyMXVCtiAQcSXsPhI+JJ4hvkGWlEFmkQ7GvohMt5XQWdkCQg
t+yphmZR6j9FWLykryqNaeYN6+YqVQfmDMnGgLKd+OFU+ldgS/iSpPN6i8mf
D4mnL534jeSThBQ4Z99txJrNSFBSI+pEe3WN4o4Jlxipe0SOSB5Q5TBi4A3U
ypcIfhLJSdJkntJw3JvFhdy7uj0TdZIig5gjE1/QnY/VkK80Em4WraErF3iP
d70iecqbVJf81hcjhoLKTF4Ap0l7OjEOlttuswNEXJats1KQAZfTuZ/PncOG
5TGnimoIFMGPgU+K9MB8ZQNbW5KMuqK7zXpLnSMJd9WUUVD8MOUfiQorWoCF
nhHOW6hd+iT/A5lqqV31yMoVGYU7EqvbY31kUyGQtOb4jStrGaiFo0UgtA9b
uWy91rOPeBP61/biSUlSKnNS38diOPPL/xWmuMBLQKcxknFr9yIefsS5V14p
LUwJBwiiZh+vo9Hl+c3l7cH5x6vhh9uDDx9ff7z5ACc0G1nipcyK8Xgt2UcF
O17g/ynEvGavfRR6LSUdiWmOTHmGrkTirGrZWCHVdO+CDk3u/UARe2dTLtMR
/Npma7RrT/Ou89SbmSaPkGAFvEzMSpT5qvXExGPkMo2zht2CU5exQOI5jKmL
kOI04nWbVQPHPiJxC6vp5LAGyXLDo67AdczlK20J3kZ4hBbZax9EFTqFqBzL
ottXliIIqs5TCaZ4L6o8ioeVIAcOX5gQjqDVuPBgJ1TDeRYFGUI9+UdESent
tmgkBVjcpi5Oh6cJYC343WU0CftcJDCkPeSWJd1bwWzOrUhgg5PbkJ7H+xV7
ItIoIxsQuJGcJReXSHH+Z6/1TgflepxoGM3XS2BOTe4coyoYctdnMDPGhPLO
1lrnAHNb9geNBQQSsTe4Lb9hx+ql5I1r5opcXlGKt3BXUqykWZkMQTgN14j3
ruOhausj0ppBqBCTK8PiIGi2BIKAeKavuViJF3hTo9KBMwNWssFtFBpJaNub
GfoLvmgeAbq7Co0jAoUY6PhBtPUD5/fim0fsg1AcPK08tlQMM6254WD+BoJs
KwWUmMS0UcsrImBh2UkI3z/cgWhzlrXZQa3twJdAMIQT04Y5KkVSTR+ItI5h
VcSSMEkP4sJDIUOn1TbAN3M6/LsIaUbs4OigdtVUuFEJ0PPTSXqw37/jtpWL
Evdx5GIXrQeVDmuEECkEVF2myzbPLf7zv0K4cQ66Jlv++d96sRpCkivfdfNF
hauHTRC2q9UlX/GiOCEG+Rp0Xg4HOGPG+YWhIDm6teYc3HgNjXCqhicCG7l6
LIYibJjCaAcP1CKcVlIzgfoyK/5A5xGX+2YC4QNk2d2em5TgBP4A5y3DPUom
/lTr3bwpq/mvHGNqzzeqLPCSUJxIdDszPuc9YMjWLArm5HKKQEC2vro/Y34H
VF7ZcZVqqcyP7CZF6syP9LthBHtjAvHVuNQP79QASCWRN+Cch4UU1MC69ciw
da2LpspJ3SROT7okfnHowavmXMiSfoqOTFK0yMdN0pwkaVSB0kBxNWeODn39
37p1/uCOBbcqFJDsz5e+YhKCC271KrqVqI4vF+PkdZ8c7bLplGCWDdwSm1HF
oEio600TRxMO4/efTj/cfrrigMqDwQ6UotFh16ou2PMqQTuzdhnQIivETOR8
YTPjQVmJ0YznYVRzaGKypsvwkAz14qzeFzy7xtGAa8+qnft5flyB5FSe2eGS
QET6tETm5A2Hr5zjh78CYdLikogdXjUaTUoROsNoX6GZuzIuPnvEAGqWCKg/
rFfISwyC42e4wTfS+LOt8QwuwbsAeuqVEQO4WUYCIlBumKyD7Abucxrv8YPH
pWTOYFRRNb8j1hoVGSGHlL3GKIpACaonr6CKk3U3R2uROac1LVyNy249VFum
Qn89iaem7EufwE+rrzKhT+CnYizFVoN9TG1pU6E5Gj/BF6U4TihDBLqvXR7W
PubkUsZXNi0TTOvZymnX08T+kkBwsDjm6h27VmvMUbdC7lhSEGW+R/wOttAp
icdsbJoFTqLgAC7k8NqqPUMwmK18Ntx/bvjkKgM/Km3FW/crEic513tEnVQD
jahyNZSm+jspMlqmlkxmsZTU9ZNzCIpQJ2aJwzcfpD6oMXNLfFngIafC3x/b
KnQeQTXAIC/2QxBjadbiRiKQuPf12DR/yhdPbBRlVS/FzuOzYv9N7WSnEHPq
6tnVy+ZJDTvRC46C5DDZUbcCbBCkgKWblQE259RklWOOSLoKhOUG0gxlF+H2
xPhAd66XEZlIEHOXP5PxkHqV8NnaO6QZCsjDHjklRNQK/ZAr+1W9XRQXL0lQ
sf/cINMGKojNNY/HGOXzVS3g1Z1ZjQyuDJd2XmPS67JSD3RV+0pBv+Jw7B4j
IZaOyMer6iraPIBpKsk+u6tSg8Il6VHytMePizoBf9JmaVa7diGWjTR835WV
siwp1MMXFiee8ankve5LZdVSfqmqFw1dBjFrArryqHUUcoTTKHDvfnvv1tuC
KMkQtC/19tC+OLzIJXTyt5iy0KRLipcA2Qb7CIo4gapWWZs/yfVR6g0xizE4
O2lrkMOdfhbXOqiDxQy/6yYtoMZnHJwz2R1rJyMWSW25CkpbEdLKPxdFUsVv
i0yN1jNb3kGInXMOPVeHiU7rtQuMtAUGvn9ONjsXYGvDNjZ6eCxOaKDSi+Cz
uTc9lz1I9gcDr/PT24/8fdyqeufx9YvzntbC576uMxjlU0yJZPO8Wmf3pFVM
97uX18NzSa+FZ2KEoPJnmLw420+cQ19KWgq/ht0dN8PR+SjuHs17MkELpaLh
6DU3xiYoJhp6MECrqpz+R5vBcGcCV4RAX/0Dbbxo7iWd4QMRVFAdvRfAO3Xd
0YbEVcaiEYVcucxg0NAeEDrfrkTzLfxNIKPP7LDEN+80IMTLxWJceBpm60wa
kDhxKsliqvUjyQ5A/e5Ekt60zMaV82nWtSb8cVyC21iBALVYnwcDVIBoaaI2
kGp6x71hvoBLJzfIbFBPfKCzvUHA1XCq7VUUh75x7zIkBp2UpFakwUY6U81D
0tGRJzuFSWTnE+3tMpZxUBK2+Tg2CyPNWaYYes2NB9AbpmwyKY3ZhJlspHBm
uaQR+9gvHSa9g20LV64QS0gnD/9Ut8lwEi71hrpsSR15iYw4caX63TXID3Eb
bIKbGe8Ufg8JeGuG2rjJ7th24mZZiIEGnDkgRufIF9iBjqW9hSgo/QyMBkYf
iKEQo7o+Mfm6RdThw6O2QRqHaxlqcx4QIuhcw1Mk1lfcOurQOq+uMv4etgvL
UySMww01ca3WJMkQbaBB5ggBR5wLikprQpmFsvNVUU0AD1TjtPXA8rWEe2/M
kH4YIXutEQse7AZvaiAJ9bXIGmFtgkYri6KWOEP0jo4xpYfD2bGSeInLkp8j
0w3qTKbRSchiCJpYpBoWMZx9qPUtf9FcSE5j5SeQBIU+KqXykL/bQyAsQ2hC
fuRqGVBvDmaccd8qKapFHAl/k1R+o8FOV5Hn8i+IdtihzdXfmEsI7IPxCLVG
1vAYjYy6mpoWKWnhNzNGbjMfIpBwMd7I+5FAVxSBsHN28jE4EXCrirdbCmQ1
0oNItSJuUcyRKObgu5oAvf1V1eEu8lc17J7HN8SYkLA1l1pyjk7lY4qKtKRD
IlpYNX76zqxJK1dmGI2InujNZ2UhM02V2ly3j2fty+eMTxnjsIknwXL6axQW
mWMviP5JQnVTglLYWJeG2tpq588yubXba/V2RxcVV58QbbYj6bV6wyBNi2XR
GGOfMo29bXeQ6u3uuoLqOkkI1tdyxoSUe2mmjUeuHTc2i8iaOPvONUfSIK//
+o62OYTfvn51A6R/+YUgEaQBh9SLWip+mWE5MQbqjLuT9Tr5W1CoUpjiZia7
aDSeE7QUUxDsTBbWjgiVSdyMvVleNk9NWmrafo9YmeRRxP4aTu7AiphdWZv6
o7Vo6WCJcAbsKHNdZ3AtQbeknksJy3wRpOsbiG+77iSP4xCTIJtMhtEyIOAq
eHXD4FtSWZMuOV/COW+CZLLKhoeOXNyVPwUbdDJARp86P7UtVqwZPdtd8NDt
C+0SLJqr6DJct9o2xwwYwspsz4QHMrjQU2KdUGla/tv5ooWFNCI1VLmoi/jg
7c9wkyTsHpYWIgEboNdVs4wMJ86Hg++J3nSCPZFbLXnNHSRvsCA424mOGg32
lCm3WUG6JVE06njwZ67qFeuIQ6tLbhpwqsGAEDR27lJdMuID5Lw07YnLJMVx
FlNr1edSJtx7rUOLl7/00ReooC2QNHiETNbtWeKPRCixOYigM/Nm1dPydmFL
Ez8apxr6NNFUKpgf0Wuu5Yz6Z8Vrekli7wvtJOXaHtCRIpfXhwKkJWrFk0gj
1/cLgNWWi8pVMHQGWwusE4JRFVfV/QlM1xydj2WKTbR3dn69vzuVRlqxKKFi
1gJ4L27NU7/TNI/ccMUDaR6L/j9yAD9xJHd4enbw+fF5Z0z7o+rBOe2RO1ov
c+DV1zntOD+Z1E5Hx/4kb484KSm3S+8/OjmMvNyI91qUxSqjMzhevA5t8x+F
IC0DGyKptO4zlYM+1WEp6bVQSxOwlhNLQt7iZzGIKP5P+6LeZOmRf6/4Evmb
bKQ1bH75tDRkYX79+v3N6/NnT58/ox2L0jwRi1pMlggZ8VIqAp5ZSst98S0Y
Emy04HO5dz+9KO7eOwo10ynEb+QTLLvt5Lbk3qNddyOgW5nhUaQLPz55Tgvf
M3e0mPPro+fP9Sj4DQQga+4bGVK7jwHTEZV1FLiGJL7fVnnGR4eHhzHyT4jM
+4p3W/uMtXTbt9IliALJczKB+HtIoMZ5w/LEC9sHZD5J2znt1AUdIucxUuMR
PdC0AyjjDZXb2rh9xeW2yBtnW53xuNgIE6OuGjqgbl4iw3MjLbXk2O7Q6QN5
U7oj9QdLoIxbYpNG4JdFSnuSE8wLdH15sVG9G2mYgGTGR9cP3WnQdk4u11+P
BvAXKduWLvHPaiFtvK28tM2kk2aDR+LF83cM7MdxF2dPqdshIT6gf6mQfqsk
NUaoERiBTfqO9ONN0QY5jRm5NULePtKJ2lNVMLuAGk6aD9S18om1w6ZIUuSQ
9jR6hOK+RjviqbWmUCzqtqdbaFMeTWFh5J1L7SYy9xMj/lDQPrt/graO31UR
Z1i1t9C2laAvJ6C3vnybZJqLWAwvR2/iPU8gQ25nzm2BIhf42wde1hzO4Xf3
1qW6s3zUTrTqzQrIGMaQPNMLChQQSr4UP9urQ+3oouzIIfOG018zV2rb7okv
xHlLx3KtUYcRW2TpknvxMXd+q9mD9000zIC+ixxMl2xEDPMoZ2E+Rm1KmAqo
nOqsUDAVS7777fsRG45L70CH1P50e0pEWmnpTAjQfN6LeCdqTmNyNQ2cW649
p33pnJwnnPZGoQLcDJL1jrejcykn/ESdRZBJ1AcCxFdOr4foQIsjMwur2nyU
LlJUxvPZS0FEzgi1WcIejHzbJNM2w1RIGeYycjmNRIk86NDtfP16/unm4v3l
L79E3bOW0JP0npav7LgMbfv5M0fsJpxFyP2bCKahwFWXYmLtvgoYhPzCJeY5
TWBAuQ5zrszPXWdLKsMbIjPZDLbXLForTeMztIXXN2/oLm8lglre8eaaMm+f
K4QYdQhxb6mhAwSdFlK+1OScT2+T/bZxjoZEuuuW7iIiUD8MR7dtG2EHMh1s
CqeBcmYxmll//YpknL6d0LKjvZaVp00pri+0p9xXlGMifoOmgKoqlHY3NVOW
O7ywEMsBKyHHJffc5oDAUitK2pRs17QjY9LiTB4maGLJzxqtSMCoBWI0uEPW
jwJ7QbqgBCcYBAA96cHuYCmFqpAi8ofJb6Yf3R8NjqUWwZBlZ0v/zG7NWNXu
DoZbLgm4UXfFJuZOjUxqyom+0Iv9XL44vrMXWcVjxUHPnzx5SpfBkk97UMUm
XcjxaYKeABtleoI3STWXDhfSNj3SxG4WGxsd5gk3i0bTNC5oBMOWNteSoFYd
hI04qPPH7PQYuAtxhOIsAJVxHKgsufcZF/KTzdVw7hGyAhqXOR80A29LUCdZ
ygoeHX/jvcvzt/uAtsP+xSC19bRfZxh4nqckKLxRqo15JLztDyZjya8GLDxS
lWttxB5Qxbq0YEdfdEL0OpHuLDiYPQFQ0imGG9fuynwthbuPiw8jVP2iEqcX
yfbwJ759nMjeRXG77xD6c0YlxDD+K29vb6/5S2/dl54/ef6EviTqk2nBEbaW
vOkNRQ9pMUSSilKSmJAB786ByBi1earAmaBb3CoNW5AMYCRnFCuUNOcy3mOi
8/HbbL0vOkdQoqRTu43jNwMOSsB6A+myI9eXberX9MgAj+RiuJYsOG/N2UN5
cDf6wdAntGxLdNjijGNk7UhGI1CF7xbgvrgoWP9x7jCmnPS1RFN4M2MDVpMo
QAla2s+wrOp1cXnbiU7AjbS55YQJOEq5fBN5xXYV6DsRedybh+WG4gUch0OV
nhpBF14gHTv6OXlyCAFBy/r9p+G5/vUFGTj0V8eOCXEDwl9IpxcYx/cQ9J/3
d2KyFaH6fnA1gUfA15hwKxZUeUeCqIw0xiGdpP4pmcABIzUza5628NHBOG3z
l2XiBEFRa2p4dAY6TiK+26TdiBab54ulFh6xhlM30tU1sVNQRtzKABUSU/Hn
Zn16Dt3vEksi2xRpe26PJDpEu8q4EJXdXFnNLeKlxMUDZPFx5W0jPOf8EqxG
bDO8vLyMr07PR5dk15EptbCu0Axq05c0eTnLNLrBGrWU7KIjoUgyT8htroj3
crIQIJ4hIVYJl7vZG66TviMmYWnH4kKOmxqAkTL0lbhNndHda4E4Xw74J2fU
b4PmherjJpr71oAEHyp1bcvYIsuLvC8O89ZBTHh1NnMpRQ+YSV1LPBCSgW9E
RKQgARCOt/5wxA4kIeygDPhrbk8V/VBVWWUZEA02fP8rO2bl4WpmgoR6WEkc
cxVRL15OhunseiSdwcJADskVHYrRogTqex222vOzHV//MAQrsv9dij3fWxRL
62hXYgpA6oDlyE6vGiuCSmpIULjH8ra2LpnkJNZOUS6GQwCEVYm0A1w4nqcN
R45+ZUtS3Oa37Xo8KwMQMSNqz3EY1hdw8aac77VkowTju+81GXZWwPOBVvIy
vat2YRTT1IUCmlZStdcDZdE9BAmctFfekYP0vdPzq0s6KfwPdG5oXYRXzFk9
7EMKhN1YEgPZvR07hmIPjtdDkcAqPheYjJqpsmm0BSZH+kAW9SAaBcpRIjyc
rsauAr8EbrKOg7+6PY2D9ghyQqU6TqAWckm6D3ml9Zm9OPwnLrLi58r1tvQc
7jvyggQOdOkaveHPCdpiBwaLtBvuBDpIwVQpsbBEaexgNujFoytSg9jLiGPm
0i6FT78ddU0f90e3o/2BB1BPj0jOR+9JWYFwSDq7SQcajQ8mFDkkhCYAfSAF
Yo2fLfaSEWrlvkgC8aOsgAtCRWgV77WOnn2Xcemgo7TmKV2nDL1lnwcf/Zb7
ps3cFkgUQZQhGjqTBBOMSdIlRRkMCoMOen54HJRSiX0M25yIRkJucMoTEs5d
vpHPOlPEERyTdsZNtfWsjuYRezZDFzRNkFcm+vr16vRi+OF0tMlCcqkkQRQx
cxzKPZte3b0ZIKOxlQJMTXrzekXz6yMUpUpBjy/KpUtBGe9AO2PCGQl9YMJq
wVYDFKBCqE/pnk8r6LspGJJuN7y+fypAgN0snOOCarASJSjJfaE/XFa2SYq+
GsTBt+RWLLAyIkd+ez3H+ZH2tSxtP2HB6zMmnTf8CG58peXDp0/af3nxnAl7
iE4FiwU9XqRiAJtR18V9fe4xd1wETdd9tiSl3njCi3zk26u2DTPjIWcZi/Zp
wdNf5L5WhfoguVfGS+QhlG2pdGwWKK/kOBUyLhjeaNs/RtgBrzkuiwKgwg3D
MTlcKqgF8TNC9Wig5eHwPjTICM6MSC3/vNQZTfoVnUlboIlHf/OPgPIiU8Wr
VfrsS6wulSxbhLHyNXcdqnxrHwDfkls5eK8eiJb7Oav1EFxb5IptWoUpPUCU
w/nmvC0du9xtNnVxJWyGIT7OmUMan1E/PN8TqpqYALk4SlwTMijiI6oTxEvP
fJMXddtEI4SwKDfoSy8oDb5J4FUFuCv02I2m3Ea02A7/vNZhH1Lk5V2fWpjF
qRxgGMnbY6dHqfVVqDwiW0E82tzxJece5zsWJLWrkRqTtaBuyQWQYSZyFexp
jINZA1yagQE5iAyIfSjUx2/WLH55Ocqo0dw25bbXSw5H+K6DPoLZHotz1TBa
cUaPu1tJJBQotHKthbkDUfyI+YOLkx+5RtEddzAH+kCJbUATa5sUpWIQEgyu
QYqEpBFaqtN+YFPxFDFaQOQ7xLD/JJGRfJzg4zeiMTI5HTZIxMgwnP7lhgSS
NkiQodCSD9iGeApJc1nWiKXKkF+k3NEL+D+UDAIXVpBPHW0FwI5evHjKgisX
We8TudQ9zD1PCYSXnrE5yQWBoxxJLo+63dWINB7xccnwi6ELqeK4m3yBWCjq
g/mtLMgQS9NG5ZKK9o2o6vHh4b4zr4M2yO51AlG4bF7zI7WqBaHp9q/Euu+L
gnUtnyouT2PXYpkz4xieuEloJq8RhGTXR5toI/4hro5p47jFdEdKDVKQtGEh
0lN5XFfbe01LfmrtJLQy68hhyZqj41XsmljnOt1HIyXca+DhJBfQDUfRI23c
3UEFfDFtV1te417dKYnx29r3A+ewhigXijCVzHwx7LkRhzQezkB997RaotJg
2q131PGYOxQhJNzPufVCumw8XapMsfiubU+/CPofekNPm8bAcHeePj+nUKN5
wsGVx2GD+HXrREGSE6pKYfWBOvo8CmMuE8P9oX5XiYePUzKTex6+wthG5nwy
IgsdhkEM9z41kacSD/WJJt+62QlDN3bHF5ZJNJSbKqmmkhb2HC10DmNFlrsC
pMSXe3Sy2mR/n3mBH9BeJscLvSeTO63qA3mSRASCnTdsoSuJ9dNcA9rdGZpi
V7kpG5251lGYaOb6k1luxKJJoS5uzi0Jv6vbej4ZPoSEgwl3ceHBB+lCx8RF
QavAnkupq6RjeMu0TDDhdbkqYfU/sc7zfcnRcQB3jDdZghgzttCUTCphsB0h
fbbdxfHFU5P4Lsc2THTwaRxbYF1bOyChtUM0MlfQx/Xj2BPL7hTJMLkkkzue
S385o+nTbtDquo22hEwXluawMknU1yGpe1tSzsMU5bE0b6PYawSQcIDoR5Nr
kTUh2UlYdEv0QitMuRi6NcbYu0mXhy2NLaKwqO+XZF6Hrhgcmcr6/CDx0MxN
Nu3LIEIvJVrxx1nYnNGCJjg+Zswijdu76ihN1UKZDicMJbzu1AWmUJHZglFX
eSWT83quQEKn9rp6JRlCypPhZBRppykALMCgPEEGRjDxs0LT5pZoGeHcTAzZ
nIrw56WAgKShJggIe2tPoTBygFA5t1OT/haln0Kv917V60Uqr/XgBFOEOEVD
A2d5cR/YvqRxocCtZN8KxtKYoRcK6taylSRMSJ7RttJk30dTtr3OadMq7DhJ
tXV0Rnpt4P2Vda1DHzEIexQSwQc6PNpMxpUaqHPQYoE5FIaSgYkqa/oOBmv9
hB/aGUz+YgHtqWOnUoZ40dw2aXVRxQ3uCv7h8T3LFyAgbvx4r6TNDjTu+DmR
hgqqTmUKZ0ggFdchVN0+QNy4MtUBvtwMVGiNwCZn6EvpthiSUbHEkGB4/eX2
2J4lkIy597i/VqoAL7Dt2/qOcTde6u9HTKPejdLqMRw2+j6C1GQCtnQ9gRoS
h6nzyrM4QV3EA1m8Ou4GGskJxijqTln988v4IvXFHNrYPTDEkYbJfKB4ijP+
g7GqmwL6+ygYqMl1ML6hoW8nSGeQOgcZWbZuLIqfXzJtqbajpDcmurY+Kk+v
p7mdJEUtSk0JO5KpeWmdayQRHqLchPJCz03awjgzxYlymagaVFNZ5zFQl6gQ
QulrvCYaRd88sWj3iQ3ivdM2wn/ZIPea9vgJ3a8wT9O9QDxdkfMokThB0zG0
/AKwLiWhI69bK4SjpZt96yA/oy2xJQIg90N2N1b49esV6cZ0cgfA/8sv+/LQ
yCsYLZULZfs0/ZnN2DZzrz1hjhXImyPNIucwRXdc7y6/EGKhgGayXhAH2orC
gKM7bMffgNHcNfpIGH4nDj5ehl5jkFsoTpbOebSPDNfW8wB5io4oxQJingB6
abVziv6ZPSdVVUzStg89RmsvxlmHU7nKxG1NPVt2w//UIuJq3tRoBFuJG4gZ
h2RY6SojXHkYAXJasZdBLK3h9NB0JoRyJyCWyb5YJpw3CjWJhuGAaiRDv2wa
Rewf5GERpnIdcMIm1OwGaIsT1s79wwcq+eVAjBWX95M0FtJt99b+fRCHpc+b
MimsHPdE4PPWdlKddjDw/W4eEnlHh1qLbGZFbwO/qZPWVi6N0a/8Ur/HKXGG
JPdrRhp7MJ/21WWQaFkeKtSiFXckhYeMy8xyATDqWfAVosQpTnt2zf7Im/3O
cdFDTW2bQ3vVAu4h+y5OGVCjyLaTGT1e+7Hg2OEtAf1iavN05nwvsqQqABO7
WDLSxuiubEWaH1esc+cS8BOud6wTeO+ibuHjbRvOTbmp1sRqLgaaZ/Bx1EXX
hNYefkvg83HopNpb4YCUsbJ7Ky3N4YELQoU+NEqPeUDN7UvkPYzt9OINh9jY
ZvCtJWo4YJ7bkue6SLByjPhT1l23JBkWnPnPA6Y1AcyrbncJ7XlrHL7mMnYe
pxJFN7xGxvJiPrG5Wfk2x5Ksor1RPd/wPelcSHisOnk+HYOfTn06FaePlp/D
krgQCaJ3eOvbT8V75xe3+7w3dkFpHzw2A8L0fhZNUimjJdfqjvBMdYqmErXW
fJ4VJMb31XrMEl88ETT6jYKp5pwjajWg0tY11dqBrFueIuMAta9xKz24AECa
L4etpqw0hGhzCT44J6ILHEan3A2dO00Rc/EUS+5N2peSti4RaPsq4MAv/qHR
xvXsZL6vX9+YckqWu82OXrw4+eWXnvD20ydPj+HnHOYRGhz04nfFOn6fJmSj
Fppic3pfpvEFxLzvaaPVIKH5OiLlZTHnV2KQwRx0LZjYys9WvUaQ2jkBOuCn
UwjZXsLXr7wULJbW3W17sWvjro8NqxQuunEGjycvEGVaq/lpuLlVkMDcNgwR
udTbKZgCRd7qd1bXCxZrghM4RYQ4OGGaUAJ1Kkq8ldqNlKdu+oqjtyxghHkx
poDPApXx7AbRgr5uOrBPMXBHeOM+7iidG1I6mBsAqyxFBh7R1IeUu9LSQX7k
7M89uD21L54Br5HAIdI8ehGa4vudC1NbSmpCVcYEhNT79aWRhHVVkCds+qrA
ar/8hrdJd0nabOcBRd0DgkJjx+zbm+vz+OaNlvfos51fQz+U0hXBJyxqdibe
87Q56Ugqa1rNpbVd63aRag1HvW3eXS8MyzA646zxTfzIQ3o5X8H5cz9dvL3Z
MGicUDmnQ2d7hQ7lnM5cFPW1G/ul0p9u/fz8+mZfJuBdtFWny9ZpxRlOKI8P
lB8y+RPXOoYDgxBavOqom17Y084ySPibtonMHEMgu9TUocXTetn5nDm+yfuW
IsjQsvQR19ZbuAUIKusrj12vAddE2euztvooKF5xze1zOE4jYB4k/4TDPSu7
mU/CgStpzFPN0yXGY2vNN/o1WR5mwcfoXZ3o+p2kkpnOkUW4u9KcKOlo3+UL
KUC9+DCK/tJIldZemJvYTdvdfxUf70sKkVudaFPacy6lcjbu5iMF2Vi4o8f7
xFTo/aEW4QWAt3aB8ry0d3Nxer2vgPDJ80OvQehfjvy/vDh8fhz+y+Pwa0/o
X1yS+eHJU6idPbH8uc+4ZLGz55pepaNKtR2AlCV3Bkx2hHzjhzCw08mI99En
c+ZcW0ZsBDimcdOALNGFBYf6ez3tICfaH+lWCjx+oNcDENSUkRoDbDOgwg40
1COB91ZnbbsEMZ4DxQ3gOIvYTNxNREtpSh76wIUQ2jfJgWlyCSFCBaUT6Vq2
1F74xWKsQzlb6kQTOY8ROsmM7gU+HhG17fd8inabduwyAjUlyyNSZCdgwidq
DelZmpsc77wxlh+pquVlhoQa9sZvZs5pDzFEVDexQM9du/RRDKna+UG6N+ZS
JEEOEmvn6T1BJtyuxL5u8t6XbvIe8123YEi0yq8ylOvqDajN4xjYB1IuXPjt
pXbod8KZwAXSWjCSDO4ofjjsaMbGw2vv7UGHEjgNMWGrSmt2TPrejWxSc1a6
hjuNTm+LfGZgRs+WKiDXoVyhUhAEJ6nm/yz5TFPWmxsQpCdtQnmq4xSjYyXz
UyXAMWQIQ1gPNMAC56ae72urndap0Y3AO1LoX2AmCAz1z87RLX1NXLQwyDVw
YemFT8oI/CoRp/+X9xvJ56wO2lzxIIfnQZedHiyttzTS/anhseJrHlCaQewj
08QlZGqCExtMO/OMg24UkG5o2+/nSPpo5qbHQ4SAAk1HQPSqTe+Hkj0wjLNk
AJJI06VadRT5qrSOj0t9djvgeXBGiTeR5ZUdp10UfcKV1k3OurD3IH7Xmb3S
OFHRclOxE4GWIOm+En5JCqkeMBu+X3XvcetUIg/ugcSl1mD/JapU6JC+bLmr
NUTi9xi0QtH2QXOZLBRJa1aXlOWryURKsmLvLqi0wdBwwrnoWZYhr1SurZ2i
Rnpd712a9uAYnH9egIMENdkKDN4R36dF5iJH7XTareuC5ne9q+rIhU1c7C/0
V0Bv9OmPmChU+5axWw+MWE+kJGGsJluqVOkcQEsWFQ/+RSJkypNQ2mQjMdpE
7Ufxk31nO8q6WQNKDYTkh3HfPnSyJ+yZGRkpZKK5G/0kmJwt1MDVJ/3E1duk
vh/ME11xcClwy3RL8RBvd+U2fCOSqCCkyEPXjEzz4ggl528RZYo0cQ/a4JjI
5ex2HduBf2vbUdlZPT/E1Z2OMRqLswQ7vhkSxJ/ffhyOvFLlJkWZ1eopIu8i
McpBROXiHppI/3jJho682mujV1oow6YZkK5QtfNGOANB+qbJ5QX9fV0zHnFh
O+QQTiLnMPG102q8+Yc0oQQ7tZef12yhpK65SSsrwb3zm+HougMF4iH9ibkT
D3CInazENpvkRk/P3wbd+HbUyt+y7/vLEQWyFTKBtl046Hr4uZEYjBauW9F5
42Mw8d6bCzLcXIHgpO3/48zu86JEyq+fMnhaIZJJX/sg083RpZGVqtSTSrN8
7fLcdiuM9FhdAMudcll1tiebkQZ41cY4Oy51XfCYLA2OOzuPc1NTWKnibicr
66Pk8PU6MrUTcRPeRmMN+G/uNU97jmJ+NIYCz/LIO5zjxrDFDc3TyqQNRd/5
VSRSXPqFc6CIRUhRzkjtfFHV5OxJoim8u2VK9lRDEgjZxk7AV4OuQdkVaPcm
zcQz4JBzcAjcEVYcVAhFAcjIkWzKrU1hRfC780p0hYWhy7aBjF5w/UqquHUn
E0VjPFUb+DPim2JPJQwBnhvBMYqlzL2zbVyjzxnZIG2fvBhHp8gACfN+fHIm
A5t84hpQzHSt4GRueCjVLm07IbinQaVIhS0WwoZ9lEpICVNV8eA5YFSXQd4L
XiD+OM53itxfaaniRKm+kzR0IjIo+u8CDDy8vn/CIKopEWbYC4eYhxV6Eb8U
vlu9IdWn6CYRVBk07AKd/KVJnf9loS59TvsnxaPFtuNmvdVblutC9l1DzRbK
T0KHV4T8BKaN5VIGY3BVgTMU/FboqLg3pXxYaPppjVEikTBAJS16nDqV7PKf
OZuhKAP6GPPQRomOBgllnVSqJfqvBk1I2g5iIurpkMWiuX+q/hdkSjqC0vq/
QB2iXRV3NNY4unA0to6keel9bZF3l9N1OwAMBht3etnxBIF1mCcfRAiwIK31
QGIlx1SlabpAYtRFhUymYfQ2l5YdCttyqVWKftKZuJ/RHx3zBkjSJT1VbKkY
+S5bdafDORJpzR0OQs9Yz/16TpwHOcbSrAs2CCtELorGKRGavwP8zdN6XfjE
76NTZc7ukshNoEBzIWL1rG3IJE1wtbEQEKKIFgzUAT+yayfwpHFdUxmUfKnT
vuMLgaHdHrIWBOyQ/3DBqIyLuzbJhI6W2CF3SRKCByZ3iNMDR9qc88CYIFpR
INXlZHUi6w6FuhN0JCT8NnOJ7R2RG4SJlAB9jAjuTrGx3L0iN1lAfMfn1z2F
MGVZvoyBC86RyoiaOymHNLDvOte7noqwj8Wia+tlgyj4xlq19NIvc4uCeL3R
jvXqa3VJcMLlE3iRcFlpre+ABRwFbi83h4lEsKsXDmt0UZStbGCapMkQ59Yk
vZIQ26m/EJdGqjU1a5W1nLmnStn7zmBXdkFLpt71e3eJf3Fg2+9KjiM8iEj4
VbJPwG4stPm8dlGCRpOi9sS4KTi32pw8uAbIl9Ac7EWms2dWCW1Q0nV0zUj6
TtcBd9WYPMcEhHgmKgf6xXTa0qe4uScYfaIlk6FNLNFQGER+UjyLDpf9wLqP
Djq3cnf6Zgl/e7mFbPDc8mS0zSRe4KLwcAUbSXQBLW1jWzZLHjaBqHSFoCT8
UoV3RWieEv8zI3VOflrWm3FruvbIres+NRz14xSgFjiAlEtFeF2tFS4ZY+BE
UKPoX3Qzek3aupSEU5b7tPTWT9jxaUU3Lfb2ihXtQuZcUcfZDYFrUcyjbmFp
JB1ikAWRSZNA8dVxA1DuSFyFac8+EaYvo86512vIy+cFBorHX7/eEBUfHx7D
w+9HgLsaI1TIxQGe8plCLFOgIvjxzlvjj3XA6L/vrAI3r7g9dqbcyCmukoAr
nMu+dqDrpGzzj75+5axFyUNrw8R6OeJ2DZxgVVD3MF530hEMYBZ7USKlJkDM
qhKlgGIsgdGI/XzxfW4g7lAUqvONV/O2R2wQLVMB3JWjLdR7nSaZzl4basYU
t/P6+vV7t7uj3118HA6ODgcnj49PDn6C6QwBPjg6GuDTweHjZ09/+YVjvJur
5Lj31o5wPMHi2R217TkC8+ATaM2IMWHC9R6aqq5pEr0d+YLaLYHPBKZ/6D7V
5g8uBrvnOsIZ1BBpP4B9H/zkGtNyK9MzcmlcxFbrquu4a2eLwdidzTKVgfzd
L1qg0Ys4Ey8LLU+HdTHtb1a5lNrAi1O43GhEniKmH9eCW3pESDlhcBZyBPpn
qUzyreg5yhPNOd+9DW7xNJVFW7ownIKeHXVm7axhtdrFGc/WYpYSoa0n6u3Z
EU3ZomQgThbmbDBFujvXrndzf47O06ljMdqiJDNP05/l0rmjQwj81fYN6vB3
6VOUhzoHwaa/O0nR4LCTr9hrIaYTfFEn8Y/nAGI4sS9u0WGDkEX0WQ6TmMh3
GfSNJHjlRIJto/2qrRxtTzcVI5cKAXZCxW07y/e300WR4VfoZIQtHBvIDQ5v
QhJ0iN85ez0DuDxE/Re2oiLPgy0akYtxsrGNdfnuzTKeDBnBD7pFH3a07CzR
Qv9zJJteISyZZWiK9OeX8ZswQ5RWfB4073spLfikA95nU1Y+gfx3bSb5W593
F58RIpqxryPq7/xPZ4Cs0T7xLyVZL0xVdXPei5KnQunkP8yKTgWLuEKEINCI
xuHSXGogQ6u8k7snDm7+PQkhDEzttChUd8GiQhaihLa5xqxQs40na+kARak7
5r9Ghl/CXf3iCSIaNueCcUGeXh37xkC+MwEJFgg1jb/p+DGx8Lk6CCgE1QCF
Tn7UmhvOVZFHaDus2cbltcM2ZaB1d59dM4bOS3vUVjxoaoJeNTxsmCfBomy/
ijxce9dkaVPF58ZWHFfUsfGFm/PtmoS4R3IbtXk6ZedmxiKsbTWbLedmbDkd
9DFp1h/MPEdJrWTF8XyLkqsm1ZJ+zGW2+OWd1bZCoglFMopv1i2AzdroP8fn
f/7X9M//Fv8u3ruWf/pfEHuhZ8fHj6MIA4ni9/C9t6sBN6GmAy5sOFTZ83H8
WF9TDfajH9AFPzotzTiduCooRan0ctF+KUSFHyfp25Fi9c+RJyA1Xa8iuYGq
WM65ZEUYGjDSR/S8OafNohFQHksSywJri3DDfGJ4+Iv24b34dNzEf2yqZhr/
0RDv/KUZx+kYaVv/+7Cam7/E5r/91/+n/9/+6/9txmMzj0zW/wGUs+EhDyfu
TRnG5l7Hp9JCSuZhFBFSTe+IgpbgCwBBUi9IGJQ0leB+uYkF/EOl4WrLNE/R
kT/jEu3J2vnX3Pi8lZv6yUfCvCCNPQPbredidb6ytuAG4YXU10Od5DrVhWVo
jkiTzG4NZR87u4JD5/YEKZnEiIpMPF3LwJvgvuug37lEVmRcvBgbU54qdsaN
xs4JUY+1Dg8q8obEdVpVjMBxHrw6zz/S/wCC0c/Djjt1olL/J+WRAZvjBeKH
S1TYKZz1/6LXFG0x3iVwKnECiyANlSJ5ntiQdP6IyPV1CU9CRbogg6lGG4I0
j7ZrttbSSkWNWI4h2S0RwVu8QjuT6PcNcl5QXTQp6uqV2gftN2VAaBhC1+2g
PxPqrbj/hfanmOuOg/KuzOpcBFigdiLIZIMyb2VIIpg9940ZROcLY0k2kOYE
5uxrHSFnkS7jdk50UkXv4J3k+eyYqpTXmoHb9rwkPWIzvYHYl4sTmx09F28c
C4d2Ep9/jLDh0aErgJAQGgnQS0LZZO2T7v1ivfEnoQBurajQwo0JI/GKVhIw
6HQVnPTHqfefWd2Sno+Hww3qaDfGtqXLuKS9L6y2VYDMYipGBAVEua2AtDGd
H43sMgTbADzKxLa1SeSa4Hea0Ll755p37jHL7pJTQ4RBKreUyX1Hzw+f8SSJ
LJKZEixIcfe2LMleO9wUUfFlMqMjOIUPL74u0JVP85rYcrAaqGpFwBerfWCk
4Tt3GwWtpYttCpNx3XwcfFrNcqk0YvLattQ1GA16oowNX7jkuEUjs2iIfq64
IYfrRchaS8qG24ezb9V17DozaDNcyECt6LOpYOrWEJ34qR8spVMte57NRwu6
nV44c4CtTszcjBxOJXxbE1uW1Qa2cI0+mcmX0unQri3EDj/26PmTE5w2tnz0
/NlhLz5DYRSHmSXpSDK/MB5NZzAH21MP5Suk6LoymF58U5B8reORMEe4bN58
oGzZXaI7oQXxD7AKrOij3EGnNhWmtltfzfPbE9dbQ/rlobw9FRtfXNBS74fO
HYnt4FmmyrSTRez3lU4i32hM+tUkfpQrGqkz6evBcuYi+x3bfBPBnGva0lv6
KWbeEu2pEpbpukcvnh1JlxUrHCoBQRmdxJNp6Shm6likSy7+9td/Z7aF62+M
AU2xzLuOj16g1zLeioPhucPmfs1Dmt/YEpqLdYPYrdYElzdB1FA8XpMwEgfl
XZokLV5JcqEqEN8Jw0vRPyGnF6/I3VMXmgAdciVyn8tZo71sOC7mhSAuZy1S
jy/GlM7Hoc67YAs8UI4AORHGRDIVwJ6xK+jR3/ekiAHRRc6XUkX/wEVH4E/1
qjPl0NUtA9+mI07tmMQXJZ7dRVvKWBXaTVuCOH6GmOWxhq3qBGfO03EqVM/9
0zYlEzHhH9IJVxbmjtB7W8YN2oPW3DTvnq2iDcwUSd/Namlg4tPRoUxQ0iAn
aEsm0adW/ls/Pl1EBskfQBv6YeSjOwPAphJ53J/ndAkkazRm5P58Bgw70/Zx
7JfIpFUl0tLVWPbKrsIwDNI7bBSq2ae5BCRZK4k6/XZYwPBM23yHWHJTB+q7
xd/Dqf46fq9rKEJNySbGJaapgS9e+RGkoW230kxWF/MC5wTY1VmwfFvaztgg
ZUAz5J09io5aYmOvgCnY8SbD9ow6xnqxn1Tv3llIvmQp7d5bHpqg/AHkw09U
bSdqqQUWGjtGn0Woq7IolkF+KDqqZeIboeN4xaIpcg0IPW9JVwVEYdsG4i2m
KFoy5UxXx3Bo9AbZoiULLYNwspf8QCuBQuia5hFmQQ7i19JmGYpEZ+S6BKR1
sBbO5w0a8VXsRPJ97xSG8s/bvuISoEAXTSsP0x60cKkE3KUt6Xqx93B1pJSY
Gpd5OltgkggmtxL3dDAdbHnpYMXeA+5GLAnunN3Ow2/LVLpn6RP60DKY9xV1
bNxepw+RgmEyImekq2UmYUG2ThXvIQ6NykbpSpVHrn8GSmRIZcgwGHEwnxdk
PqFERF/dTlh3YlulMY6BwdzEtdp8Z5b66fWnm+v3ly5MxjYYS2veIMuIZZNP
CGoTJta+ELUZu9YksNh5v1BwzIRtJJHfIWHMxNWkRXoA/rMhRx/p3qALeUHv
PvSPTzoypYewzgpeBfr35w4YVh2SqHhuhdg5ZtZ2hyFdgdau8Wj4ZvjhlnSz
jO+s2NfpTDD6s83vU4LBkgl0BTEFkGz6AajpMgCj1vE6Yh5B+eyd18wuB8mz
xStBP8DbLVGwkSwXh5k0BHq6ThHwFvD9uQpDfqubD+9s09b+3+gOIvv1/UB8
JujKCNjGwM6YG49CnvsIVSR9Fj6Hw5/wXwRKkF9h0btGbOzg6HssFw1/N8tY
FeUdcebLdcUzevoGaXSjlU1A0XttguNoReb9Pl7QIJhBcq+MAlHBLUmZpYVO
50B7zpSSwCBpqTPSyVX8lnaepTKWHhPjMIqMv/w5pVs3ixh9wKA96GVYzRIh
QYmDO+ZRU0xmDg/ioArt6MXJIe3a7QYqVIG3NsFEAhpOL2xU9QpJTkYa1cDN
5d6uE0mJoOueWzY3oLW5gKXAdbMxUzVTkscYEIa+rKMU7n79ekVbtWqy6X2o
O9Xlp3XQKJysoAJcYj/ovMv3g2a33FtKx4E7z4JCHxGocDpAPWcFIrTxTMY0
MYlBG3OilmUPZfjegGplmjh4aGKWrPd6DDWRBZU1VdQV1tW2g5YTLJ1TGwlP
2kGiUhyXuKlsOnkvseBPrkBxPZzEk7K5F8c/qNogaNcOd3O7ECzJtyCr7OvK
cAKyolfqBxcDeWMlLrW9bRWoKSAO6/h51SSJ7Ut38JHk7jr3uJwCUc6idYrk
Np3Nx5KzEkAnN2AepUEMo9hjMohPZwxlW78iFwzwSBj6UntZJLO3XIubYpvs
6GSV5hKQ98nixtXA+VYrAtiayo3pDiIo8RlZV/nu8Ih8Wd3f6iH1lQrOlm9h
oGrDKi2tovy2ODocDM7faO1Jx1BjZOiRmOMaTDILj0UKEVqi9RG4xlRwZ7hC
hY4GNwP2i095BuUrncVWtiWBukL8YFTcE5iJpFGOU+Mdn5lLspeGyVKAjVRF
bY8PPlkwY0XyLFmYk4uk4rgRXbnwrYr1W37jvbZnGL7tzDXGq7mdFXUaJhU7
U6eVli4zY0DrZh2AE3QfV2Ehds+9vOMHRczCq0xf8It2UbHMjteFe5vUL4rr
0syCnY2RgA8i6qQKDDK3OJdTzs4BSeOopZBMYuc8oY/rnHnWs7pDe4KJOsuF
MARHaIqwgC83FAbtfHwWw0sNJstSKotXuVmYosg7E8AQLS56ki4nsq3dsbOL
3QAOjh1gtsTRC61qfVfMybjNBSntS8GP+hTQy0kIi9vy8bzi7deHQrW9XGer
KDMQgbgMcEUaGj9QtDAnXbf2V65Du4m8pH9AkCjYtu6F/NTp78CRJAmurMnZ
7ut5nnKDH1UaiZM3KJ+gnfIgdQHtXEbx9et7eHQbjLpSvz0x72MJPfM0bPbN
PBPfTOTbX5yR+jENu9h9pfzeh7PRPgHimn06RvoNS6WVnGRPpVEoE002Q/3W
nND18OyKdNl4gdBkEr9vJukUGM45b7j2tw0qRf6X2nKdw+KajSEd5WTOtHiu
j572RTa9tjBAfAt+aQRCD5qhuNjPyhGXt5QB3dn1AB3O0CqO/spzpP2OyA6g
bQvgTXGLU2eSAXegG6f1PkxCLSIVXShBDRbX+J/RGBK4XTfiZ0/VJoq4piQo
L3enHu9dXI72ey6qw79j9NF2vUD7IUnP1CMdxNFrIM/eRjRh1B8XP7tWT5Jb
7h1IHuxNItf2gBNzL0c6VrzbZNhyduOqnSI01uo3iBoe3o0SESNd7+lyZ1zt
xJaFS85gFwetaxY0mXJLZLzC+Cki6sBBc4Q0KYqS7U/2qWo/12MX43BGT102
sFYLKd8nUn0pekEf7ZoOcKFc2+IBW2MTQbEnsgKqWvtT9kC7AYirtWsK97hS
h7w0OcWheKr0oTiEEzYMYq0M4LtEo6YMWyBzVtrbuvMQGsukSVCk6d3aaRyz
cfSI3d5a0NU2X0/d7B7hBNefXP01Duj4gSTs0BAbHhzn2uKMTkWO89BYQEDG
MchflaNjg13pTwIpR8fxOJX5TERF/LeTp/wnLvR0BxV19goDjRnzyfM+fdW/
zrnAIEL0O0+f8MM4+Ldm/VvqvAh6nnsTFx7XJA7pCC/ggRFv4BVcRnn8lvSZ
WEA1MxxRUALYwUICI4lWhcyAinxfInqyW1jlpOkLzRgJIwjs1AyGbKXhSGSW
5SH0gDZBbZ7LHxE4baa8IDj4mhT/Ho2JtG1fOp96b4b3f3jfm/wcLmtI6OP/
VDXL/3zy9D8d4H/b8d/YghQAcrd+Z+EP+CIwqZydHS4/2vfmEJFG9lw0srm4
9ID9UOcqGHvBAt5quw7dtLbl0i7zsmPC9Ny/XPsPiVhyJMVXn4kg4hpK9a32
3MzDni/cCy5Wb5SpjeMgtqo7FQ2SfqDCbu26f4gAUWfTg7cp0VU+DFRzcr5f
wO38gwmvO0QUg2hvKNKmF34lUJF+cGQbvt1eFcY1vDl/+3tffLamx/hUJieM
0ALZAwApaCQs9GywHwmpPkfUi2RQEt8gn46WdJqk0WhuFmkpov29RQvGhP6e
WeSKueQAXM4NBm46reyUmjaK0AFVaIEpEtsVCPRibZJQcDoSjNSeqFPTpuSU
uWcQg/Y2C4wvJVtGRja3STPSlWwR1FArN2GgZVlHaLKJZiGnpRJf0EKhF7+x
BXytF4YsIuPwWcvv4iCpuCAml/m3ChRBARwH4TIrLS0SP/0rL7uqzHB4VhPV
JutIsiY1CTGYp6uF6CgD5njsQsSn9HY0mSQ1s8QRj/a99MQSsS80xH1ppUrV
AMPTT9qVKMpXnendUaFdyV+Zw+K2s4YwuoO4Xj86UtcMuIBcfeqwM9REcFc7
hMWCGyf5uXUkfzgcxR8N4rNijOnMOYtggco270vrhcL3e6Kn9yTUEfkucIb9
5RKqKYlAZX4ie/H4uhwJSWhJWIa5A+0aQwCimxVzQtCVHxTNb3L4mSwM73t1
bkHwqDSAV75GSxcEmZLQWfYczrKgFhE+B/fr3D8BH3IjTonbOYOjY5r4x6Lj
FcayBC4FyH6ShVxgiY5tCesV0e4vY8fgp4uiil+nPM6BzP5PdKoZAPPMtrLn
iy2LflsuRedaTLVlZocjPo0iYQpWg21UnXlqFJ+Wi/U2S8QhS/jfSxfPzci1
HiqxQQmftiQs1ihjkA5x4zXb7FBxnbLfXkA2c6tv5Kl76VRRDdMCibmS8Idk
oFYCb+QUCkcZ0C7OCnST6twIY1Fa2r8p1cnXvBjXY15iZVsUpEkbJJcPqxaA
QaVpLyWXZC5ce8ZEBf/ku4IR8YO+IN+KYI7eGUJXnSBBmm8N28ZKGPVFvJ5B
rJbDNcGtMHBeWiQm0uldv7mO965LEtzr+A2SnK/Fj0Q2iqELndzhroKePjIc
rk0dZT304jHR4u0/36KxUJ5bnbbDb+DY/e3oov/46eEhG4cIKPTrguePi0NE
n124uceYlqBZKSiRoh2zuTECluAiulqHKihp2LqakGSIw2J8v8HR6H20x90f
4SWaoLbgPbrD7IcpjK7LzMqOg3bhcN5IY2KliTERWKXpZWhsJGOqBsgWasta
NKBiNRcEPFC5zpE84lrF7OuzIdopvrnWqbMuV9RlLQA23ru5mCuHuDw8Gd6e
3oiR3+1Jdys+jTuZEQG+rYKOBtXf/vrv7D9p3TCkY3sdfeDmB0oOGmYAuHQy
MqaWknqgCroK4rIRcbclkeGbMEjPLGcSFtyjJ9VO9KqAfcttgiJR4Fr4YG2S
aZlRZVy+s/be4APW4iHOzoQAcwcUuaphrfAoluzfZ+PY7azrDBN7OUXn8f+/
sWvbbeO6ou/zFQT6oLigDMVJ08IGYsiynCixXcNU48dgJI6piUgOy+FYYYQA
+ZD2tR+WL+lea+19zhlJKfqUWCTnci777Mvaay2rwvllgcIukneNCIm7ZUL0
OC7fph7TSFgE2hzwGPNtB1OZuQW0EkgFJE3c4ka9k9g38+i03Crz15u1aT7t
nxwdfZ6qHrGZnIZLGcIVEQqPtQuduZUG47LYE/THwkuP2tmmZbSQu4L/OKQZ
oVmqBBxLW3S89OMJxl35XlWyJ1ULZL4HR/f33/7lLXO///ZvzY1Fm2gb3vh6
pPiGc+WOd0WUY0+W7Qb+/Qk52M6Lv/AyTBXNrtvNT2bdUC0LJCSg4387SuFg
KjnQryL6OCNqPRxnAOfSFS74KIUPe+iCx6TdhTDAHG/IeKG/NGNiL2nRs8Ng
Fp32LNuj9pUtAzO1fvzlnxQCyLUDj+9MVtXYfPRagNs+OEfAlQK/t6Un9hkc
t2HFPA8lCppHKWvHsulFHZSxDt3lWThGWhT5Cc8rXMaQV6MhD2Zk7sisCTus
N90GUBnNZijaPNNCxVKu0Kpi9vqCeKI3NsRAU/8SwWidtS19Ryqavb3lt+xg
AgUinKkqlRj33UDvLFZAiUIqh9mxKtNcqiLdX0ubtxkSNdE593a7nd8/oac4
fBTXKhYAJI9lcPu7dqmfd1VzGAeO/JIkxJxPN8+TaBBrZ6TqCd8FAJEYWBhU
F5CS3+b6KTdez6Ot5iH8s5S7ZbJp0Zl3kf5gUVDYjbCQT5mlSkeHcG5xcdIn
2DkQOVkOOXfbl3lXYcMVqQDQ1ClHwBN9nRipqgh8yBzG106ZQQ+hLTY97wAi
mNS5eO5V4afhmtMQ5WwSM9psSts4a8dUAkXtOg/LIRXd4rR3xC/WjBcYyuaM
qyLGowJc6revin57jxCv9hfbdq5ncDBQ4cChq8SXc2MHSM5HMqn4ZIT9vr09
ngOtB7ZeOxksRE4s3yGvkk/4JBUFNT5s1sgeOh2zp7CVt15TePNld2mrFVmo
OfZDe6FgSlSCX3zxld30KfpsZMUnXzxBxyzZ5ZGaa0HBuBZK8E1truKlmVBz
MVModbzZtnSZwI1tl9nxWWbf2Llx7cmJja2QWrpAnMHEIOtHb5HVDo0VXghs
EKmNMFldBKZ4vMQTDL6aZUHnknhi7SL0M0qCbwnJ4mT3RrAuaz0OFJyHWdfi
AaEf149dKIm/eGNtGw4NJzp9/IhVgHgyGXyegcB9fT3Z1iljQxU0Wyd6wuLV
J1ki7THmBZOL1WMPvHQ+ghhAHWkl3buPV9mH6BHd114V53ehZ1NoA2X6JDmJ
S1e5SJ5oiHk85vOo8O7PgLwRMXfUzdxqK/jxbSN5dxXimKSlXedFnYugIWm8
FIFA9ks6z6aFY8ascrMD5QVBmN1YtUQlhtQxX+ShKPYSbn7FHLxvX5orLzSx
w7CeqFqIst5y6FPB9O4ZPQddpTOaLbuuZ44Uh4vfcTssI3kwshDZh7WnoXkD
wsW8etQ/O2py8Wl+/+0/VfWnP3EhfNvO5+wDQOSJRtD7ZdIb8j6LQc7G0/vs
AnPR5YbFXEVddWt0vttXwTltLjdfgIEvfuUGpmCWO7ZFu2W/00vPCWG7jdJC
DAxyj4c3E4lYotdec6Cvux4CY8Nh0Tm78ajP/ZHsoD9QG3bwD9b5cSDaHizZ
HZ/OHk1i7URLHgxdalRTcqFisBOSSFATXJozwnyapKWV/nwW5Sq98I1oox2U
ztjBc7R4iZsuCQ/1EAuAb1kDMMsJ+kEEbZP37U8raEkHtPctwinnifOStgQ5
Y8EvbLtZ6Gvrphhnm1m4ZXEeCPSVOVCQ69BO0d6F/qEXBBDFU/aQjtICG09t
CT7sYTXkiy06MgOI/nsXGKx7ZyuSbCvXplHXowgCgLzkHxOBYUoRJVsgXzrd
Y8qxJLkZonnM5bArpf9S0Jtr+NsBvLvaBVK4Y0EtfyPxl8hdtTDF1mhZbVYt
y4bkk0rIEym4+0Z3FeRS1+T87+8ms9OT96fnY/Zfn1aPyYF86SlLd62g4wrK
Jt3EG0d5Czlr/kz90Hom8aOcS7S2th+dVMVx6sFOkTi6lY1soSHlvErb4WKE
hAwIYHBSimibvCG0oOGKjixYleIXB61lP6eF4O7RX72ZA0v/TWu+OOamLDNP
4VxUs6th5RwI0k941WwXQw+HTgvThqmbz4M5htWAunp7Njs/HJFLe8nVqY91
hpppspv84/j1j6cnP758/+IbuJpYYS9mVcoY2pvXTniNq/oazJTJcv6aMeai
HumxPH40eV/eXnwZUGBeSs5zBKRBCF68dbwv24ZjI9qsXoI1gVgpkotJnrt8
mQAA4NBxRsGkpst8mLiYBH09tLseXukAUapBj8rzk7b+Gllvaf5qDBP/1Ly9
3DGf+3EgK/N2/K4uVaz6AzG86xBBEA/OxV60thV3tb5/e/t91+/2w3UBw+ub
8S+8EyZ0xPUiHn2sAbcRDW4iu7fV0wQHFAwkI9kYPfQAjEYv65MzgWyz4Vla
FAo1qF1aSM38+eRtR6sHfwNPQu/HQwZt7Toc0TuNvOzbDd8WSILWxRN5Qya9
gTAwJ6sbkNh7sQUP3cxWVwOQvTq406aSPyvLidOnF77LNqnUieF4Mc2G1Twq
BtHmO+MHuxmYEQVVsDlmz0AXE6ynqBHshrm3wdRzrxMy/9VtiLSis033NQLr
ysnDGcmt98gniS9OBc++/bmMfELrYtUlFQ2kORTgn86hKJd4rYPudp5luwp/
ZIRUsG1duRMjExY5ppRIG7thvqMT8COVlytp9eSjlhP30V09kuiOlhNZsTiq
OfZ1hmO6UTK4dzhYdM5apLvRuRCloywgULoiSVMFL7oBc4OE4pIH7d13o+dS
QqXdpsyCQ5AdGsc7jXpjC1fIzwNemLLpe9H+j0Mw9ZlcI//PIXTzoD1M2XuC
5cxTadmJ4+JOiV/9YcMNDIBm7BPPQoYkwo5h2S4aNOt9N6zbDdYSJumhVw9E
eCv6bA6Ac6EhTZib8rOduL09Qe9dZxbUonL2Eo9MiovX0nQ8n3xAdoI2g6Yk
Zode/Cp6w3K88HxyIhCI80Ywn20hcFPlKb+ysF5eo0Pw7jTlPy/qi3XBK3Dl
/Iu6NvpbJqRBu19yv71905n58KSDG7bSnGmxPkQr70pn5IR0LGM/LNDBHzXQ
0VasVW0D+c0kpzPx1cROuFZzbMe+DxImopgJq1jFlpu6z4eqPHKzqVYYX/DP
mV1MSmNnaHEzB47YrWmij6AjRf5SewwKEfXs2Vx067W9zGbPZO65XoLNrykS
JaP8fYHbZ0Wazz1FdMV0nksSA2RGEedegDMaKk+Plys3l+xbOpheQ7FYYI+Z
whF0FWTkkgpvCkYG1h5o5+T4jgePhDc1wvsBnc1wFHyN3HPdn8bVlZOlCIay
KS1xNrl1r/PedifcSjQRU2cel6EDqH9fiMmVyR/GL1E5CnNZcF+LI3ua15N3
0ZjvChRlNuBZ12xfKSPiad/YYCxsCbztIkK8OXvtuQJPljUYT9+jNnBQJflo
6SQ3ScdkBbh4dVIDYGNRJ0C9J4M5YL/8+iuX1ZnddgWvDtt5Gv8j6tZAYC3q
lbieSDjjxyyQ+zgMkII6L3NaiWusXQ8txbH9hJXKoXMJiG+qpMU8v2oKc82B
IMJW9MvzZ7kAQx1tIEUsfA1OY2loOjl+OoGLxkmydFDNhrbW28EqOLA8MHf5
aOJRfP56poqni2R1pDCbzV57xeBT1+qk/9gSIGuWcKxuc3v7+hSaSAXSCbS+
k9Edo+EN7ohYakGQNEdOhNwyIN6too2iXMzMoqtO5MHYN123WDYsbDmDmUi7
yWgMsOc1DEOSpndqcbxvy8Y9nGIquHsicwvhxhYujAiAMCQlxJ2iK2ElPrSv
2rS8gY0mVbrNvfwv+MI3FWmxx8WtcgV8dobxy+BkFvZdE5JuxUjf2tZ9/FPE
UE4YLhgxhFThRcRXmDA40AarVNbYIElyufMiB031QKUHJZl2yoVqIaneZkNy
YJc3r7iivChelulwNgbc5HxxBPiMSKM7DLRuOMdQGrMZnjAzceFUJR0nqumj
VYp5pDEjvRSZrlqSWYE0vVspOXe247UyP3O9T+ccfVxVg9moUepCFI3E5rxe
4+ioeHQW37GtVy/DCxpJN/BVV888GzdNiTO0DJLBaSfhCfTQMD/iLLFT7+YZ
16nde0bkhqfwSnOSBOC6q4M/De7qeClzBUgWjLNSoewwbPpY2HLP3Kxs2IEQ
nd3Uk1MlVAsqtCSqmEb5YhfDQlFSquagZ3q7xWW5GuZAmWz9wRAmoPmxYmIU
QOIrR/bAL31eqZn2YQl6gclJyZKyleKJxHUVuZP5jln6ZXeBriOaiyjDR6va
lXcFqr/PvhXMwuncX9h5badrUksMVvSsf33R9EWzZJ3zYzsCLrw5OT26x3J0
HIMFGT8SGD65eLphFB4w5zfjasqciORsbXIzWtbLPi5EpBxr6HrWepZoHD9G
RcqWcX23P8zbyMHewT5G0fsPqyTTtxtDH6cVzlONHFB/W7TLlSZsthlYYRD6
nRl+NOT32fF+9eKsysRG92jI0ziqpApiV4mpx6ZaAq8u1nVbd607CPMuj6zs
kcsvi/5PxU3HV6+cNSi6VIaLFolEcvCNzmOpN7jcHrMXtDVK7qrST4aKqRO8
lzn+grspTHAi81fdPBrkMu8l8ycq/iyUpy6zkVkYL/VgrUh2sJY85LsaKhpI
tFYx77n2q51r4eGwHHp2BYBS3pziWnIL2XqRDRvWz04JWOnQWbAlmSTBSd1i
59WHRvnWkCsSGiUSlUE5XHHuPz968iUL03yINqICeWo1dSmn/t9Jgrzjxoxp
gWBVojLrK7crhzp4SCt7z4PqDrV+9EBhcFcOQ1R4iFZ5IK/HJd5HuV6L6pdc
hauELK6Us5r7qIVtJbV/5zlrWcGhbxLFLWljlyBNglclfKNGnZ0maxLQkOVQ
4X4CMmr/1QvRBrXOdQM8b+9Sj/QXLjOnFUleA7OrOSNz903SPMiNTaA5OPzn
YP7GsCp9+8mLjr2apYyMracq1hOvtXa0QHTEhF9fFNweQ3c9VT+5Tp5XHyQN
zqfZADS266bCnr18O5udnsABKRevT1dx2UpFsuckQr2hy8yzdtc6vRKvLqRX
dqmmqUm6aFmdErfmDnMnP1db11FG6LnRQpfylTclprVgTsBNk8ZC0hu+NkDH
W+bgLZgGy1Nz8AmM7KjEJJUOD1igU2vLMWhj3zdovlzWT46OvgLV9wcXWo67
KVoT4RhDNjMBtagYQnLpjfnfdbOcfFvv5816WnmDeokVF0dJHHF+RpycHaOE
xMZj8dVMETHZE1zb2AYtbOovjBsjILq9fWWeAbcTOydhxS7rwY+6XEt6VpXZ
qyt4i3EZV/T4JCfyMLRIQJ9KBooaOYhPgH4k4tTzbnu3KuS77yOQSMj9tTtn
CeuVjE+Jmcr5vCYExgC3JGr6qbCn2dlCIHD2zgKWDj4+3wgmkhqL610VeR1R
P/EeFncuBmcWaVCjtFe1G0hWxS/NitWFXfE6KQqEcISjUM+74vkt9CbvrqMQ
UBcGt8b/GE0n0kCDX+9tADkphZKEI8FIYy2rTyogZgG4qDE89ltbcLsr6nDA
ltvXJKYTW7SuXNYIFSBvnTvO0EkigxCb0ByA37zu8/KqEJDnsAaBQ8uUpc3l
xh4Q0xIih3O4Hx1uzyn2j8hwhMSHPMQUnSdvgG4VnV9CDtNZPu+4iZSLiagr
d52x/hfHcPJOR5zAlx5ISPwSOMQDndjV/VZy7zS7k7ZRCYIYs3AuL8n3B4Ji
yftOsymlOMsoPqSDvGrncwh0II1oXqWN6GnWrlLWDCpG6niLlM4u6RoyLErf
Z7oRX9jukLTcONRZIwIbmESHdIi7EgLb9oi3H5HjnD3k7KNPMArZ8MTh/G/9
dAn0a7iaWaliBCxoEqSE+Nr8dHYcXDl5K3AWfPSt5H1hDmxe7BGgg4cwJcuq
cELv8m9X1Wzo7RXVkABRCmTzEF4mcS6iCtfafSQAT+TfBxBWt/PtMQ04TMz1
5MROZVT2X3TEO5P00K5vf96QQGFqL7Y2p+qbbdf3bPP53l5niUPjDcjjbJtO
q+/sFzMz74MuMWvshdmihb92wUj2rh6Wkw+dqvDObZeZrL0JKATLwJ4VmQxt
gJw4jSwCVLCK6r3sOZklpD2a0Iy4WBC7Jf5+NjO6nKPvL7HY4E6ny9a212tW
DpBC5WlXXZIPVOB45CqjrOIasHaLlOk4KWXCHqBRj+k8JRMqK5OFRDIZX2DW
uKRsrBYdycBxTnrzvbw0sJz5Z+623eDAwXI8IAEmzuVWFEMHzlNZhzuoP4bo
PbO80i4APOn6kM1nmfWrRSIH//oIaJSNCGPdymvPgFB1mJQbYBHWOd4oeEo0
m8CUHL89/j9GqKrehlMneTj8zLvEXGiCCT0if2xqzQh1dvXDw0PiHc1n9d/y
ADt1IrIfhFX9wzmJeyMEwMR226eOMYKd6xjKI7uv09HuR4XkyeHRX55W1WTy
Z6SJ4b4B79f7p719LMaGw6Mv/WufYfyW+0eTeMrkw2jT+I7I13/iPzy2yVuL
JH633yBF/LPjtmUO6Czmn33uP7t3m7PZ6b17HPmXz6jJvOTnVD37Lxzw4mGh
RQEA
<reference anchor="Landau1988" target="https://privacyink.org/pdf/Zero_Kno
wledge.pdf">
<front>
<title>Zero Knowledge and the Department of Defense</title>
<author initials="S." surname="Landau" fullname="Susan Landau">
<organization/>
</author>
<date month="January" year="1988"/>
</front>
<refcontent>Notices of the American Mathematical Society, 35:1, pp. 5-12
</refcontent>
</reference>
<reference anchor="Landau2014" target="https://jnslp.com/wp-content/upload
s/2015/03/NSA%E2%80%99s-Efforts-to-Secure-Private-Sector-Telecommunications-Infr
astructure_2.pdf">
<front>
<title>Under the Radar: NSA's Efforts to Secure Private-Sector Telecom
munications Infrastructure</title>
<author initials="S." surname="Landau" fullname="Susan Landau">
<organization/>
</author>
<date month="September" year="2014"/>
</front>
<refcontent>Journal of National Security Law &amp; Policy, 7:3</refconte
nt>
</reference>
<reference anchor="Johnson1998" target="https://www.nsa.gov/portals/75/doc
uments/news-features/declassified-documents/cryptologic-histories/cold_war_iii.p
df">
<front>
<title>American Cryptology During the Cold War, 1945-1989; Book III: R
etrenchment and Reform, 1972-1980</title>
<author initials="T. R." surname="Johnson" fullname="Thomas R. Johnson
">
<organization/>
</author>
<date year="1998"/>
</front>
<refcontent>Center for Cryptologic History, NSA</refcontent>
</reference>
<reference anchor="Kostyuk2022" target="https://www.harvardnsj.org/wp-cont
ent/uploads/sites/13/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf">
<front>
<title>Dueling over DUAL_EC_DRBG: The Consequences of Corrupting a Cry
ptographic Standardization Process</title>
<author initials="N." surname="Kostyuk" fullname="Nadyia Kostyuk">
<organization/>
</author>
<author initials="S." surname="Landau" fullname="Susan Landau">
<organization/>
</author>
<date month="June" year="2022"/>
</front>
<refcontent>Harvard National Security Journal, 13:2, pp. 224-284</refcon
tent>
</reference>
<reference anchor="Ferran2014" target="https://abcnews.go.com/blogs/headli
nes/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata">
<front>
<title>Ex-NSA Chief: "We Kill People Based on Metadata"</title>
<author initials="L." surname="Ferran" fullname="Lee Ferran">
<organization/>
</author>
<date year="2014" month="May"/>
</front>
<refcontent>ABC News</refcontent>
</reference>
<reference anchor="Adrian2015" target="https://dl.acm.org/doi/10.1145/2810
103.2813707">
<front>
<title>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
</title>
<author initials="D." surname="Adrian" fullname="David Adrian">
<organization/>
</author>
<author initials="K." surname="Bhargavan" fullname="Karthikeyan Bharga
van">
<organization/>
</author>
<author initials="Z." surname="Durumeric" fullname="Zakir Durumeric">
<organization/>
</author>
<author initials="P." surname="Gaudry" fullname="Pierrick Gaudry">
<organization/>
</author>
<author initials="M." surname="Green" fullname="Matthew Green">
<organization/>
</author>
<author initials="J. A." surname="Halderman" fullname="J. Alex Halderm
an">
<organization/>
</author>
<author initials="N." surname="Heninger" fullname="Nadia Heninger">
<organization/>
</author>
<author initials="D." surname="Springhall" fullname="Drew Springall">
<organization/>
</author>
<author initials="E." surname="Thomé" fullname="Emmanuel Thomé">
<organization/>
</author>
<author initials="L." surname="Valenta" fullname="Luke Valenta">
<organization/>
</author>
<author initials="B." surname="VanderSloot" fullname="Benjamin VanderS
loot">
<organization/>
</author>
<author initials="E." surname="Wustrow" fullname="Eric Wustrow">
<organization/>
</author>
<author initials="S." surname="Zanella-Béguelin" fullname="Santiago Za
nella-Béguelin">
<organization/>
</author>
<author initials="P." surname="Zimmermann" fullname="Paul Zimmermann">
<organization/>
</author>
<date month="October" year="2015"/>
</front>
<refcontent>CCS '15: Proceedings of the 22th ACM Conference on Computer
and Communications Security</refcontent>
</reference>
<reference anchor="BellovinRescorla2006" target="https://www.cs.columbia.e
du/~smb/papers/new-hash.pdf">
<front>
<title>Deploying a New Hash Algorithm</title>
<author initials="S. M." surname="Bellovin" fullname="Steven M. Bellov
in">
<organization/>
</author>
<author initials="E. K." surname="Rescorla" fullname="Eric K. Rescorla
">
<organization/>
</author>
<date month="February" year="2006"/>
</front>
<refcontent>Proceedings of NDSS '06</refcontent>
</reference>
<reference anchor="Blaze1994" target="https://dl.acm.org/doi/10.1145/19117
7.191193">
<front>
<title>Protocol Failure in the Escrowed Encryption Standard</title>
<author initials="M." surname="Blaze" fullname="Matt Blaze">
<organization/>
</author>
<date year="1994"/>
</front>
<refcontent>CCS '94: Proceedings of Second ACM Conference on Computer an
d Communications Security</refcontent>
</reference>
<reference anchor="Checkoway2016" target="https://dl.acm.org/citation.cfm?
id=2978395">
<front>
<title>A Systematic Analysis of the Juniper Dual EC Incident</title>
<author initials="S." surname="Checkoway" fullname="Stephen Checkoway"
>
<organization/>
</author>
<author initials="J." surname="Maskiewicz" fullname="Jacob Maskiewicz"
>
<organization/>
</author>
<author initials="C." surname="Garman" fullname="Christina Garman">
<organization/>
</author>
<author initials="J." surname="Fried" fullname="Joshua Fried">
<organization/>
</author>
<author initials="S." surname="Cohney" fullname="Shaanan Cohney">
<organization/>
</author>
<author initials="M." surname="Green" fullname="Matthew Green">
<organization/>
</author>
<author initials="N." surname="Heninger" fullname="Nadia Heninger">
<organization/>
</author>
<author initials="R. P." surname="Weinmann" fullname="Ralf-Philipp Wei
nmann">
<organization/>
</author>
<author initials="E." surname="Rescorla" fullname="Eric Rescorla">
<organization/>
</author>
<author initials="" surname="Hovav Shacham" fullname="Hovav Shacham">
<organization/>
</author>
<date month="October" year="2016"/>
</front>
<refcontent>CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Co
mputer and Communications Security, pp. 468-479</refcontent>
</reference>
<reference anchor="Levy2001">
<front>
<title>Crypto: How the Code Rebels Beat the Government-Saving Privacy
in the Digital Age</title>
<author initials="S." surname="Levy" fullname="Steven Levy">
<organization/>
</author>
<date month="January" year="2001"/>
</front>
<refcontent>Penguin Publishing Group</refcontent>
</reference>
<reference anchor="Moore2015" target="https://www.rapid7.com/blog/post/201
5/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor/">
<front>
<title>CVE-2015-7755: Juniper ScreenOS Authentication Backdoor</title>
<author initials="H. D." surname="Moore" fullname="H.D. Moore">
<organization/>
</author>
<date month="December" year="2015"/>
</front>
<refcontent>Rapid7</refcontent>
</reference>
<reference anchor="Doria2012" target="https://www.internetsociety.org/reso
urces/doc/2012/human-rights-and-internet-protocols-comparing-processes-and-princ
iples/">
<front>
<title>Human Rights and Internet Protocols: Comparing Processes and Pr
inciples</title>
<author initials="J." surname="Liddicoat" fullname="Joy Liddicoat">
<organization/>
</author>
<author initials="A." surname="Doria" fullname="Avri Doria">
<organization/>
</author>
<date month="December" year="2012"/>
</front>
<refcontent>The Internet Society</refcontent>
</reference>
<reference anchor="Garfinkel1995">
<front>
<title>PGP: Pretty Good Privacy</title>
<author initials="S." surname="Garfinkel" fullname="Simson Garfinkel">
<organization/>
</author>
<date month="January" year="1995"/>
</front>
<refcontent>O'Reilly and Associates</refcontent>
</reference>
<reference anchor="Masnick2023" target="https://copia.is/library/unintende
d-consequences/">
<front>
<title>The Unintended Consequences of Internet Regulation</title>
<author initials="M." surname="Masnick" fullname="Mike Masnick">
<organization/>
</author>
<date month="April" year="2023"/>
</front>
<refcontent>Copia</refcontent>
</reference>
<reference anchor="Roth2022" target="https://www.theverge.com/2022/3/5/229
62822/internet-backbone-provider-cogent-shuts-off-service-russia">
<front>
<title>Internet backbone provider shuts off service in Russia</title>
<author initials="E." surname="Roth" fullname="Emma Roth">
<organization/>
</author>
<date year="2022" month="March"/>
</front>
<refcontent>The Verge</refcontent>
</reference>
<reference anchor="Zubhoff2019">
<front>
<title>The Age of Surveillance Capitalism: The Fight for a Human Futur
e at the New Frontier of Power</title>
<author initials="S." surname="Zuboff" fullname="Shoshana Zuboff">
<organization/>
</author>
<date month="January" year="2019"/>
</front>
<seriesInfo name="ISBN" value="9781781256855"/>
<refcontent>PublicAffairs</refcontent>
</reference>
<reference anchor="Badii2023" target="https://digitalmedusa.org/wp-content
/uploads/2023/05/SanctionsandtheInternet-DigitalMedusa.pdf">
<front>
<title>Sanctions and the Internet</title>
<author initials="F." surname="Badiei" fullname="Farzaneh Badiei">
<organization/>
</author>
<date year="2023"/>
</front>
<refcontent>Digital Medusa</refcontent>
</reference>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.768
7.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.725
8.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.844
6.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ie
tf-tls-esni.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.785
8.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.848
4.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.911
3.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.900
0.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ie
tf-mpls-opportunistic-encrypt.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.846
1.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.721
7.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.806
4.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.898
1.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.198
4.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.646
2.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.748
0.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.748
1.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.908
2.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.908
3.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.922
4.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.805
6.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.828
0.xml"/>
<reference anchor="Badii2021" target="https://doi.org/10.5325/jinfopoli.11
.2021.0376">
<front>
<title>The Would-Be Technocracy: Evaluating Efforts to Direct and Cont
rol Social Change with Internet Protocol Design</title>
<author fullname="Farzaneh Badiei" surname="Badiei">
<organization>Yale Law School, New Haven, US</organization>
</author>
<author fullname="Bradley Fidler" surname="Fidler">
<organization>Stevens Institute of Technology, Hoboken, US</organiza
tion>
</author>
<author>
<organization>The Pennsylvania State University Press</organization>
</author>
<date month="December" year="2021"/>
<abstract>
<t>This article discusses the shortcomings of value in design approa
ch to protect human rights on the Internet. It argues that Internet protocols do
not single handedly mitigate human rights on the Internet and in order to measu
re their impact, they need to be put in context. In other words, instead of desi
gn determinism, contextual analysis of Internet technologies that involve Intern
et protocols should take place.</t>
</abstract>
</front>
<refcontent>Journal of Information Policy, vol. 11, pp. 376-402</refcont
ent>
<seriesInfo name="DOI" value="10.5325/jinfopoli.11.2021.0376"/>
</reference>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.336
5.xml"/>
</references>
<section anchor="acknowledgments" numbered="false">
<name>Acknowledgments</name>
<t><contact fullname="Susan Landau"/> added many valuable comments to <con
tact fullname="Steve Bellovin"/>'s essay.</t>
<t>We thank <contact fullname="Carsten Bormann"/>, <contact fullname="Bria
n Carpenter"/>, <contact fullname="Wendy Grossman"/>, <contact fullname="Kathlee
n Moriarty"/>,
<contact fullname="Jan Schaumann"/>, <contact fullname="Seth David Schoen"/>, an
d <contact fullname="Paul Wouters"/> for comments and review of this text, thoug
h
that of course doesn't mean that they necessarily agree with the text.</t>
<t>This document was created at the behest of <contact fullname="Eliot Lea
r"/>, who also
cat herded and did some editing.</t>
</section>
</back>
</rfc> </rfc>
 End of changes. 288 change blocks. 
2028 lines changed or deleted 1305 lines changed or added

This html diff was produced by rfcdiff 1.48.