tag:blogger.com,1999:blog-27029723814351050502024-03-04T21:28:40.157-08:00CyberSecPoliticsDave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.comBlogger258125tag:blogger.com,1999:blog-2702972381435105050.post-36510829372680907832022-06-15T18:55:00.007-07:002022-06-15T19:34:26.107-07:00The Atlantic Council Paper and Defending Forward <span id="docs-internal-guid-e003a5a8-7fff-e99d-c619-3c1ef8a55865"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgL48yldjmcMP0si1UeDG174Q0a2Yu2E8uTc5pU-MxJBmzz6OExEsCW6tlUy8CQ-dbBNXicVxZVLRwblOa0WIUSpyBDqv7uk7aGPZGyASTA4Cnz-IvvbacBRJxgwftYjLgVxSlOWQCgq3nQ9A7Be9YVQ3whCT3D4vFC6fumyYa_7yXnZgQCQ6cYJsWx" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="740" data-original-width="587" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEgL48yldjmcMP0si1UeDG174Q0a2Yu2E8uTc5pU-MxJBmzz6OExEsCW6tlUy8CQ-dbBNXicVxZVLRwblOa0WIUSpyBDqv7uk7aGPZGyASTA4Cnz-IvvbacBRJxgwftYjLgVxSlOWQCgq3nQ9A7Be9YVQ3whCT3D4vFC6fumyYa_7yXnZgQCQ6cYJsWx" width="190" /></a></div><div class="separator" style="clear: both; text-align: center;">Paper linked <a href="https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/victory-reimagined/">here</a>.</div><br /><br /></span><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">One thing I liked about the new Cyber Statecraft paper is it had some POETRY to the language for once! Usually these things are written by a committee that sucks all the life out of it.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">I have a number of thoughts on it though.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">First of all: Defend Forward is not the totality of the shift in thinking that is happening out of the DoD, which is more properly labeled "initiative persistence" or "<a href="https://www.youtube.com/watch?v=tSZ497sE8b0&ab_channel=DaveAitel">persistent engagement</a>" perhaps? There's a LOT to it, of which Defend Forward is a tiny tiny piece.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"A revised national cyber strategy should: (1) enhance security in the face of a wider range of threats than just the most strategic adversaries, (2) better coordinate efforts toward protection and security with allies and partners, and (3) focus on bolstering the resilience of the cyber ecosystem, rather than merely reducing harm."</blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">It is EXTREMELY weird that we can plan for Finland to join NATO in a conventional sense but not a cyber sense - it feels like there is maybe a gap in terms of our coordination with NATO and other allies - meaning we don't properly understand how to project a security umbrella yet/still. Coordination is hard in cyber.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">So it's difficult to disagree with these terms on their face - the evidence says that yes, low level behavior (ransomware) IS STRATEGIC - and, yeah, <a href="https://ccdcoe.org/uploads/2020/05/CyCon_2020_14_Healey_Jenkins_Work.pdf">we</a> treat it <a href="https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/">strategically</a>. Coordination with allies always sounds good and "more partnering" does as well. Having more resilience is never a bad thing, right? </span></p><div><br /></div><span id="docs-internal-guid-c23b516e-7fff-fea7-93ca-9eb2423e1d3a"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">But a critique could easily be: Adding resilience to the internet is often about doing REALLY HARD THINGS. I</span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">t is not about making VEP choices, the way some would want us to think it is.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">It is more likely to be instituting 0patch and deny listing various untrustworthy software vendors across all US infrastructure, forcing Critical Infrastructure to use a Government EPS, and otherwise doing really unpopular things.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The FBI has been going around removing botnets. How can we get PROACTIVE ABOUT THAT - installing patches before systems even get hit? </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">That's adding resilience.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><br /></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">I mean, looking at this all through a lens of counterinsurgency is not necessarily new: </span><a href="https://t.co/gmrnIn6mPh" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">https://seclists.org/dailydave/2015/q2/12</span></a></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Nobody has the illusion that we are going to achieve cyber superiority, like we got air superiority during the Iraq war. </span><span style="font-family: Arial;"><span style="font-size: 11pt; white-space: pre-wrap;">That's by </span><span style="font-size: 14.6667px; white-space: pre-wrap;">definition</span><span style="font-size: 11pt; white-space: pre-wrap;"> not what initiative persistence is about!</span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Defend Forward itself can be instantiated in a few different ways, i.e. teams going out to help people and collect implants on Ukrainian systems, us hacking things we think someone else is going to hack, us hacking or using SIGINT/HUMINT on cyber offensive teams themselves. L</span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">iterally none of these things require or assume cyber superiority.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;"><br /></span></p><blockquote>US policy is on two potentially divergent paths: one that prioritizes the protection of US infrastructure through the pursuit of US cyber superiority, and one that seeks an open, secure cyber ecosystem.</blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">These paths are not opposed - we use defend forward in many cases to ENSURE a open and interoperable network - </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">one that supports our values</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><br /></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">It's also extremely hard to judge the value of these operations via public record. W</span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">hen they work, they largely remain covert, or occluded at the least.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">While the author claims that Defend Forward is most useful against strategic adversaries - this is probably very not true as they are hardened targets. It's more that defend forward is a high resource requirement activity, for the large part. So you use it when you MUST not just when you CAN.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">"This is not to say that Defend Forward is a bad strategy so much as it is not a strategy on its own and not a means of fully realizing the goals of the current US cybersecurity strategy. Indeed, its place as the paramount concept of US cyber strategy is in tension with broader US objectives of a secure and stable cyberspace."</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"></p></blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Yeah I don't think anyone thinks Defend Forward is the whole breakfast. </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">But making our goal "A secure and stable cyberspace" is like making our goal "A secure and stable and prosperous Afghanistan" </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">. This is basically an argument for massive ongoing subsidies from the US taxpayer to someone else, without end. </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"The Command Vision for US Cyber Command explicitly focuses on the actions of Russia and China, and relegates its considerations of a broader set of adversary operations impacting overall economic prosperity to a footnote" </blockquote></span><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Another way to put this is Cybercom is a STARTUP and doing their best with limited resources.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"The next US Cyber Strategy should take account of ongoing policy changes and redouble efforts to support public-private partnerships investing against capabilities and in infrastructure rather than just response. To aid smaller, less well-resourced companies, the US government should fund security tooling access and professional education for small-to-medium enterprises (SMEs) while working to improve the size and capacity of the cybersecurity workforce at a national scale. There have been several legislative efforts to effect such a change: HR 4515, the Small Business Development Center Cyber Training Act36 and the cybersecurity provisions within HR 5376, the Build Back Better Act.37 In addition, further legislation is required to make permanent the cybersecurity grant program under the recently passed infrastructure bill (Public Law 117-58) with the added guidance from the Cybersecurity and Infrastructure Security Agency (CISA).38"</blockquote><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Like, whatever. These are just random subsidies that don't help. If we have money sloshing around, then they probably don't hurt too much either. What we heard on the CISA call was that smaller CI companies basically want the government to take over their security responsibilities. But this is a huge deal. It's not something we can just do. Security is built into how your run your whole company. </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">"CISA, in cooperation with its Joint Cyber Defense Collaborative (JCDC), the Department of Justice, and the Treasury Department, should compile clear, updated guidance for victims of ransomware, including how victims unable or unwilling to make ransomware payments can request aid from the Cyber Response and Recovery Fund.39 Further legislation should focus on federal subsidies for access to basic, managed cybersecurity services like email filtering, secure file transfers, and identity and access management services."</span></p></blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Did a managed service provider write this? This is a very weird call for subsidies. Maybe instead the USG should make large software vendors not charge more for security features than for the base product? </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"Adversaries, knowing this point of friction, would then benefit from moving through this grey space, pairing their operational goals with the strategic impact of forcing the United States to move against the interest of US allies."</blockquote><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">I feel like whoever wrote this line has a very limited understanding of OCO. I</span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">t's not wrong that the very idea of hacking random German boxes annoys the Germans. </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">But that calls for responsible OCO efforts and communicating what those are. </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">And of course, not all Defend Forward is OCO.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"This means a shared, or at least commonly understood, vision for the state of the domain, as well as agreement and understanding as to the acceptable methods of operation outside a state’s “territory” and through privately owned infrastructure." </blockquote><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">In other words, wouldn't it be great if there was a norm against hacking certain things? Well....maybe! But this is an unreasonable ask. We are not getting real norms any time soon. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Similarly this kind of language is unrealistic: </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>United States Cyber Command (CYBERCOM) should coordinate explicitly with the defense entities of US allies to set expectations and parameters for Defend Forward operations. These should include agreed-on standards for disclosure of operations and upper limits on operational freedom to an appropriate degree, recognizing that such decisions are rarely black and white. Similarly, DoD should work with CISA’s JCDC to coordinate its offensive action with the largest private-sector entities through whose networks and technologies retaliatory blows, and subsequent operations, are likely to pass. This coordination should strive to establish a precedent for communication and cooperation as possible, recognizing the significant effect that offensive activities can have on defenders.</blockquote><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Cybercom should coordinate with Amazon and Microsoft because of potential retaliation? </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">This is nonsense. I</span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">t is someone hoping to kill a program that works and delivers results. Perhaps I'm being overly harsh - no doubt DoD already has relationships with these entities and does work through them in various aspects. But that doesn't mean they should have a veto or even pre-warning on various engagements. It's definitely true that taking side effects into consideration is a big part of being responsible when you do OCO in general (and defend forward in specific), but it's unlikely we are in a position now to have conversations about agreed-upon norms for these operations.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"However, the fallout from the incident also inspired questions about the apparent paradox of securing cyberspace by preparing weapons to compromise it.60" </blockquote><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We don't use these tools to "secure the internet". We use them to gather intelligence and help secure our nation.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"While there is language about the importance of improved ecosystem resilience throughout US cyber strategy documents, this topic deserves far richer treatment than a framing device." </blockquote><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">If we actually wanted to improve the ecosystem, we would have explained to people that running VPNs that have Perl on them was a bad idea. We would stop using Sharepoint. We would publish the penetration testing results into a lot of modern equipment and let the transparency kill them off...</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">But this is politically impossible.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"A strong example of this would be public-private investment in memory-safe code that can reduce the prevalence of entire classes of vulnerability while providing the opportunity to prioritize mission-critical code in government and industry."</blockquote><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Yeah.....like why does the public need to invest in this. </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">Rust exists. J</span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">ava exists and the USG is one of the biggest developer shops for it. </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">What are they trying to get USG to pay for exactly?</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">There's also a lot in this paper about giving more jobs to CISA JCDC </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">which already has a ton of jobs. It cannot do everything.</span></p><div><br /></div>The paper concludes:<br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>"As the United States redevelops its national cyber strategy, the question of overall political intent must stand at the forefront. This strategy needs to clearly address the dissonance between the stated policy goals of protection and domain security—a tall order, but a feasible one. Proactive offensive cyber operations that protect US infrastructure and interests are, and will continue to be, necessary. But just as in counterinsurgencies of the past, the United States must ensure that it does not fall into a “strategy of tactics,”66 losing the war by winning the battles."</blockquote><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We should at least explain things better to our allies. That much is true. They possibly are really confused and confused means annoyed. But the rest of this paper is a lot of tilting at a strawman argument nobody in the DoD or elsewhere has put forth.</span></p><br /><br />Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-14574772345846915732022-04-18T07:25:00.000-07:002022-04-18T07:25:07.694-07:00FORECASTING<p> The news is filled with cyber hot takes on Ukraine. As someone said to me a few decades ago though - "When it's in the news, it's operations. Our job is the future." And at some level, the war in Ukraine has been stamped out already in the astonishing fortitude of Ukraine, economic and political realities, and the also frankly mind-blowing efforts of various intel groups, only visible with the right set of binoculars. </p><p>One thing I struggle with when Forecasting, actually, something I see everyone struggle with, is that we don't forecast our own efforts very well. Nobody predicted we would drop a ton of highly sensitive information out into the NYT regarding Russian war plans. And if you didn't predict that (or worse, didn't notice it while it was happening), you missed a major strategic development. </p><p>A lot of the rest of it, cyber attacks on critical infrastructure networks, drone usage, face recognition being used for psyops, was easy to predict, but not as interesting other than for policy papers crowing about being correct in various journals (or, ironically, claiming coup for incorrect predictions and assessments). </p><p>Was it predictable that the Ukrainians would lap the Russians at social media information ops? I think it was, and I think the Russians would be the first to admit it was, when being honest to themselves. </p><p>But we do have conflicts closer to home. I want to say this only once, because it is a worry that not only I hold, but that nobody I know can say out loud: I worry about US.</p><p>Every recent science fiction novel has talked about a United States split to some degree along ideological grounds and I worry more about the Court's decision in June on abortion than I do the Russian conflict. You should too, and I want to illustrate why with a little sample from my neighborhood. </p><p>I took my kids to the local graveyard, a short walk away, in Wynwood, an "up and coming" neighborhood in Miami, famous for its art galleries and fine dining. It is an old graveyard by US standards. </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgqHZwbvFSZaAXrf-RhQWJg3Bs1IhN6meV6ZFnNzjYaz6JAaWs02at5mH4ZvNenU_godXDCOtnKGpJgPByUcYNguH7PhgYNV8yzHufPUNLdTOTg_etTKp0tCI5yCMFp1D_Da4clGf88eLIGwAxuz3-IR0BAGoS7j7phFYdgpuNB9QrpiuqwJZ6YkYl/s4080/PXL_20220121_171213287.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4080" data-original-width="3072" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgqHZwbvFSZaAXrf-RhQWJg3Bs1IhN6meV6ZFnNzjYaz6JAaWs02at5mH4ZvNenU_godXDCOtnKGpJgPByUcYNguH7PhgYNV8yzHufPUNLdTOTg_etTKp0tCI5yCMFp1D_Da4clGf88eLIGwAxuz3-IR0BAGoS7j7phFYdgpuNB9QrpiuqwJZ6YkYl/s320/PXL_20220121_171213287.jpg" width="241" /></a></div><div class="separator" style="clear: both; text-align: center;">William E Griffon. African American Incorporator of the City of Miami. (Dedicated 2008)</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">There are all sorts of graves there, in all sorts of conditions. There's a Jewish section, with Hebrew names. Off on the side there's a section of "African American Incorporators of Miami". And right in the center of the whole graveyard the road runs a circle around a marble totem, adorned with fresh flowers. </div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9im6LBOhDeRJdG4riJdGwZzFvOl2_VReJpeyBRr8ETHFegOM6jK9BhaYP0SuFDetsxDwgTHxlivGWaUu_3k7BH8zXuy82Pq9bqcH9Okf_-7sz0LmyMsT90cS3gzXPMsUyIOxRfiqHaHmvU2IyrcQQQErxTwtTRiGqUHwMaxgZ3Z19eFESdU1imsH0/s4080/PXL_20220121_170738341.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4080" data-original-width="3072" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9im6LBOhDeRJdG4riJdGwZzFvOl2_VReJpeyBRr8ETHFegOM6jK9BhaYP0SuFDetsxDwgTHxlivGWaUu_3k7BH8zXuy82Pq9bqcH9Okf_-7sz0LmyMsT90cS3gzXPMsUyIOxRfiqHaHmvU2IyrcQQQErxTwtTRiGqUHwMaxgZ3Z19eFESdU1imsH0/s320/PXL_20220121_170738341.jpg" width="241" /></a></div><div class="separator" style="clear: both; text-align: center;">1861-1865 - "Our Heroes"</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq4aSj2qvKdOBiE-BjieROYy5O1B_1ceD9NtdiPsUBl1em16OxGk5JaxoQIp5FnyoLwrGqGQv15pLaYIb2UPjeUnsc7ykmqCIFzfpY0Lah5nE_Fv7gnncInein9H2_GW5MYcrq44nY-8XdMp_7T9bx6advP8Z4qw7o8fMZErWCSd6v0suFefBPGFpW/s4080/PXL_20220121_170834648.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4080" data-original-width="3072" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq4aSj2qvKdOBiE-BjieROYy5O1B_1ceD9NtdiPsUBl1em16OxGk5JaxoQIp5FnyoLwrGqGQv15pLaYIb2UPjeUnsc7ykmqCIFzfpY0Lah5nE_Fv7gnncInein9H2_GW5MYcrq44nY-8XdMp_7T9bx6advP8Z4qw7o8fMZErWCSd6v0suFefBPGFpW/s320/PXL_20220121_170834648.jpg" width="241" /></a></div><div class="separator" style="clear: both; text-align: center;">"To all who wore the Grey"</div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">Who could possibly be being honored in this way, in the middle of Wynwood? </div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiND4apkI0v75UDNrEFVk-fZZwJmch-O2MeyTNbnbiZRsJjot4oDPe1FtTiC6Nro4r-mgcB_2klytd6E9a589Wx4FvLxqnlwak_e0qrXRp7RoEd3VynaNq5W4QG-OHnTH1evP4kpbJdMUKVemjG1oqDjB0fLOQwJ_Fyc4DalW54GE-O7oq6C6hybDou/s4080/PXL_20220121_170805154.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4080" data-original-width="3072" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiND4apkI0v75UDNrEFVk-fZZwJmch-O2MeyTNbnbiZRsJjot4oDPe1FtTiC6Nro4r-mgcB_2klytd6E9a589Wx4FvLxqnlwak_e0qrXRp7RoEd3VynaNq5W4QG-OHnTH1evP4kpbJdMUKVemjG1oqDjB0fLOQwJ_Fyc4DalW54GE-O7oq6C6hybDou/s320/PXL_20220121_170805154.jpg" width="241" /></a></div><div class="separator" style="clear: both; text-align: center;">SGT W.T. Heslington, 4th KY CAV CSA</div><br /><div class="separator" style="clear: both; text-align: left;"><br /></div>For people who don't immediately know: CSA is the <a href="https://en.wikipedia.org/wiki/Confederate_States_Army">Confederate States Army</a>. We get a hint as to who is leaving the flowers from this fresh meeting notice pasted next to it:<div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgY-0zNPQWSJ9fG0POTcXsscSYYJDGRqs9D9j1LSSsN5u6yE3vTC0RfMF5dcC1mxyPT_LEUB73wBWDj-Xdgv75Lwyd9PELHz5PHCNf0oWgHcfDkCjAQwRPI4h6Hsflb4kW1KGv56P6dfB4_k4AfXMEIPgpvjvS5_SU6qx3WENqeERoTtxVjH7INeoV/s4080/PXL_20220121_170752522.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4080" data-original-width="3072" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgY-0zNPQWSJ9fG0POTcXsscSYYJDGRqs9D9j1LSSsN5u6yE3vTC0RfMF5dcC1mxyPT_LEUB73wBWDj-Xdgv75Lwyd9PELHz5PHCNf0oWgHcfDkCjAQwRPI4h6Hsflb4kW1KGv56P6dfB4_k4AfXMEIPgpvjvS5_SU6qx3WENqeERoTtxVjH7INeoV/s320/PXL_20220121_170752522.jpg" width="241" /></a></div><br /><div>It's the local division of the <a href="https://www.camp1395.flscv.org/">Sons of Confederate Veterans</a>, which is still a thing.<br /><div class="separator" style="clear: both; text-align: left;"><br /></div>My point with this little photolog is not "Hey, here's a weird thing about Miami". My point is that if you're a professional forecaster, and you only read the parts of Sun Tzu that are EASY then maybe you're going to miss something important. You can't blame things that existed since the dawn of the Republic on Facebook.<br /><p><br /></p><p><br /></p></div>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-15161277467153639892021-12-30T18:52:00.002-08:002021-12-30T20:01:47.121-08:00Guest Post: HostileSpectrum’s futures: Looking back on 2021’s estimative signposts<i>Dave has kindly agreed to turn the keys to his blog over to me for a brief discussion of what may yet come to pass, as we consider the wars and rumours of wars that are the constant drumbeat which forms the backdrop of what has turned vulnerability discovery, weaponization, and employment from an obscure specialist niche to front page headlines (and barely disguised polemic all too popular in the Beltway). Since this discussion is owed in no small part to his persistent, “very annoying” but entirely helpful attempts to spur further engagement on the big questions at the intersection of technical matters and policy, it seems right and proper to find its home on his pages. JD</i><p>
We are all familiar with the constant flurry of predictions for the coming year that flood our inboxes around this time, where vendors and their marketing teams all compete for decisionmaker attention as folks take stock of where their organizations have been, and where they are going. In their best forms, such products are supposed to be formal futures intelligence estimates – crafted through deliberate tradecraft in which novel hypotheses are weighed by experienced analysts, supported or challenged based on unique collection, and tested through structured methodologies. In industry, delivering such finished intelligence (FINTEL) was originally intended to support decisionmakers setting strategy and investments for the new year, or at least considering the stance by which they would approach the problems coming down the line they had not yet anticipated.</p><p>
Like many things in the cyber threat intelligence business, the annual estimate has been copied in form without consideration of function. Along the way, it is bastardized by pressures of marketing teams which serve as both production requirement and funding lines for all too many intel shops, but introduce unique analytic pathologies to the process. Our community increasingly abandons established analytic methodologies in favour of single point predictions relying solely on “expert” judgement. Needless to say, this is generally not how good intelligence is done.</p><p>
Recent years have taken this to a breaking point of absurdity. We were fortunate, then, to be able to laugh in the face of the absurd. <a href="https://twitter.com/swagitda_">Kelly Shortridge</a> showed us all the way, letting a <a href="https://www.cyberscoop.com/2020-cyber-predictions-kelly-shortridge/">Markov generative text</a> take over one year. While almost certainly lightly edited for human readership, the piece was not only quite funny in its own right, but a biting observation of what had become formulaic repetition of evergreen tropes devoid of thought and comfortably numbing in presentation of the familiar. Of course, this hit in a year when the world we knew was reshaped.</p><p>
But when the laughter dies away, what are we left with? A void, into which the same empty imitations of FINTEL are poured, and that continues to stare back at practitioners and policymakers alike. In the darkness of the long winter’s evening, this challenges us to do better.</p><p>
Having stepped away from the production line of the intelligence machinery, and eschewing for this purpose the archaic rituals of academic publishing , one naturally turns to the medium of the age. As revolutionary as the blog format has been to the intelligence communities of practice (sufficiently so as to both result in an unusually well popularized effort <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=755904">anchored from an early paper</a> in what was the most secretive of environments), the maintenance and sustainment of lightweight publishing platforms in an ecosystem overrun by parasites and cannibalized by the major platforms has left only a few remaining bastions of both longform and relevant thought. </p><p>Last year, I published my own yearly predictions, attempting to break the analytical mold, on Twitter. They caused, for what it is worth, somewhat more of a stir than I expected, but analysis is only as good as it is re-examined, as we do below.</p><p>
There are distinct limitations to the Twitter format, to be sure. Analytic nuance is lost, supporting lines of argument and foundational evidence are nearly obscured. Even estimative language may be curtailed, if one is not cautious. All that is left is what would effectively be the key judgement (KJ) bullet points in a finished intelligence product.</p><p>
It is for this reason I argued for years against attempting to publish to consumers in this way, due to the expectations that weigh upon intelligence as an organization. The irony of doing so now is not lost on me. If it had been, I am sure many of my friends and colleagues would continue to remind me. Delivering only KJs is particularly challenging in futures intelligence estimates, where the bulk of the value of a product is actually found in the reasoning about trends, drivers, and the processes of their interactions.</p><p>
Thus it is more appropriate to consider each tweet not a KJ, but rather an estimative signpost – a marker in the unknown stream of future time, around which one may see the flow of present uncertainties as they may yet manifest, or divert. The process is much like casting stones into the water, where attention is paid as much to the ripples out from the initial point of impact.</p><p>
But looking back, how do the estimative signposts in last year’s Tweet storm of predictive analysis hold up? This is for the reader to judge. But it is worth laying out the case here. Note that the following is slightly re-ordered from the original thread, to link discussions across observed issues.</p>
<hr class="dashed" />
<p></p><h2>On medical intel / care target breaches, and political hack & leak objectives</h2>
<p>
</p>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">A few estimative signposts for debate re cyber conflict in '21 + 6 months (span of Moore). Thread follows in no particular order<br />-Major breach of medical intelligence &/or care targets will be found. First adversary use will be in hack & leak operations with political objectives.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344485331270135809?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<!--Embed https://twitter.com/HostileSpectrum/status/1344485331270135809--> <p></p>
Adversaries indeed discovered the utility of compromising private medical information for political pressure. The Iranian attributed <a href="https://www.timesofisrael.com/black-shadow-hackers-leak-medical-records-of-290000-israeli-patients/">Black Shadow operations</a> against Israeli medical targets are among the most visible of these developments. Additional criminal extortion actions against other medical services providers have also surfaced material offering potential political leverage, but it remains unclear the extent to which hostile services have been accumulating this material in circulation, or in private transactions.<p>
This CONOPs has not yet however extended to high profile leadership (at least as far as publicly known to date). Such extension is in some ways likely inevitable in an aging West, where the longevity, vigour, and even competence of major political figures is subject to frequent speculation. Yet the value of such privately held knowledge, particularly in times of crisis, remains a substantial inhibitor for random disclosure – as is the likelihood of reciprocal disclosures more likely to call into question the control that may be exerted by the heads of authoritarian regimes.</p><p>
The health of leaders will of course remain a substantial intelligence target (as <a href="https://www.amazon.com/Presidential-Leadership-Illness-Decision-Making-ebook-dp-B0017XZJN2/dp/B0017XZJN2/">Rose McDermott</a> and <a href="https://www.amazon.com/When-Illness-Strikes-Leader-Dilemma/dp/0300063148/">Jerrold Post</a> have each written about). And the impact of selectively timed disclosures will almost certainly continue to remain problematic for societies unable to adapt to the pressures of adversaries’ deliberate active measures. Even if the adversary never chooses to actively leverage such espionage take for influence operations campaigns, the value of stolen medical intelligence may nonetheless remain substantial in allowing hostile services - and competing states’ decisionmakers - to focus on the leaders they are more likely to be dealing with over the longer term. Substantial advantages also accrue here in positioning for the turbulence of unexpected political transitions caused by illness or incapacity.</p><p></p><h2>Stunning 0days disclosed with metronomic regularity</h2><p>
</p><blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Stunning game-over 0days will be disclosed with metronomic regularity in foundational elements of multiple ecosystems, but largely ignored due to complexity of vulns, scope & impact of required remediation, & inability of legacy vendors to detect exploitation ITW.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344492710955163648?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>
There is no question that 2021 saw the <a href="https://seclists.org/dailydave/2020/q2/0">exploit treadmill</a> running faster than enterprises or even the best individuals in our field could keep up. For each major bug disclosed, the rotten wood of decayed legacy software beneath yields additional exploitation value. And our adversaries have not only noticed, but seem to be pressing ever faster on these rapidly collapsing attack surfaces. Each of the stunning bugs of ’21 indeed only served as blood in the water, calling in predators for the feeding frenzy. We still have not yet come to terms with highly parallelized, independent threat evolution across multiple actors as a result of these events. Nor are we cogent what this means for ever more exhausted defenders.</p><p>
</p><h2>On the tarnishing of myths regarding US, FVEY offensive dominance</h2>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Offensive talent proliferation will notably enhance lower tier programs towards a common generalized mean in stock target environments. Higher end capabilities will increasingly be something of a separate grammar, provoking difficult debates between shops following only open</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344738670092419072?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Myth of US, FVEY unique offensive dominance will be further tarnished, if not shattered. Multiple policy proposals pre-supposing Western "original sin" in CNE, other OCO will nonetheless be advanced undaunted as if correlation unchanged. To snickers & encouragement by adversary</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344739559754629123?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>
One remains skeptical of comparative capabilities evaluation rankings, despite multiple attempts by different parties to establish varying indexes. The continued consensus that the US and Five Eyes allies remain firmly ensconced at the top of these rankings must also likewise be looked at with appropriate caution. We may in the first instance question entirely the <a href="https://www.lawfareblog.com/understanding-offenses-systemwide-advantage-cyberspace">character of offensive advantage</a> in the domain, as my friend and colleague Jay Healey does. We may also consider capabilities demonstrated by conspicuous display, as in the profligate burning of <a href="https://warontherocks.com/2021/10/china-flaunts-its-offensive-cyber-power/">bugs on parade at the Tianfu Cup</a> and other recent events hosted in China. One must be cautious not to measure only what has been caught, because here it is the things that are not seen that define the highest end edge of the capabilities spectrum. It is to be hoped that there remains stunning, game changing portfolios held in the reserve somewhere in the dark of a closely held allied program.</p><p>
But that is increasingly not the impression conveyed by those in the US government, or among allies. When a senior intelligence community official acknowledges publicly that the US now must become fast followers, we have reached a tipping point. Yet it may still take some time for this awareness to ripple through the policy community, let alone to influence its engagement with scarce technical talent and the fragile engines of capabilities development.</p><p>
</p><h2>On offensive talent proliferation, and automated exploit development</h2><p>
</p><blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Evidence of automated exploit development will emerge. In a much lower tier adversary than expected. Because the higher end programs that have adopted these capability generation approaches will still be at it, and not getting caught.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344671740283248641?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>
Red sourcing and other commodity acquisitions strategies do indeed continue to have notably dominated lower tier programs, and served to create a generalized baseline mean for intrusions leveraging all the usual implant and infrastructure tooling. Proliferation was amply demonstrated not only in direct movement of talent, but in the disclosure of playbooks and associated process tooling. It was almost certainly not the first time that adversaries had seen each other’s operator checklists, and the development of formalized stepwise action models serves to diffuse knowledge within larger numbers of less experienced cadres with reduced initial training and education burden. Quality does suffer, but as always only needs to remain “good enough” against the class of targets to be serviced. Which rapid programmatic expansion defines in part at lower thresholds of sensitivity through its own scaling. Hit enough things, and an intrusion set’s quantity of accesses has a quality of its own.</p>
<p>Higher end capabilities indeed continue to remain a separate grammar, to the point that even when publicly disclosed they go largely unexamined. There are rare exceptions, and at some delay, such as the over ten month lag in public analysis of the <a href="https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html">stunning FORCEDENTRY</a> iOS exploit – but it is the exceptions that prove the rule. </p><p>
Evidence of automated exploit development remains more elusive than expected, at least insofar as the public record has established. Lower tier adversary interest continues to be observed, but it remains unclear how many programs have effectively integrated these approaches into their capabilities development processes. The leap from mere fuzzing to a more sophisticated operational use of modern program analytic technologies seems to be for some teams harder than they anticipated.</p><p>
</p><h2>On disclosure, VEP, & exploit portfolio sales, & export control</h2><p>
</p><blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Debates over disclosure, VEP, & exploit portfolio sales still won't die. Export control proposals will still waste everyones time, energy, but rack up billable hours for lobbyists & lawyers.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344492963339132930?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>
Commerce <a href="https://www.washingtonpost.com/national-security/commerce-department-announces-new-rule-aimed-at-stemming-sale-of-hacking-tools-to-repressive-governments/2021/10/20/ecb56428-311b-11ec-93e2-dba2c2c11851_story.html">snuck its rulemaking</a> on <a href="https://www.govinfo.gov/content/pkg/FR-2021-10-21/pdf/2021-22774.pdf">export control</a> in before ’21 ended, only to see resounding silence in part because this only really bubbled up during the holidays but moreso in the otherwise largely rational response by large organizations already under substantial threat pressures to ignore this as one more government imposed paper exercise as meaningless in its implementation as it is voluminous in its word salad. Yet this merely defers reckoning to another day, and compounds billable hours for those lobbyists and lawyers as things come into effect, regardless of industry feedback. The policy community continues the unfortunate trend of treating 0day like they are only found in the US, when evidence mounts that the locus of real action has moved elsewhere. In this, other states are increasingly choosing to exercise stronger controls – not out of altruistic motivations, to protect the wider ecosystems or even to regulate negative externalities of vulnerability markets – but rather to better control early access and first mover advantage when presented with valuable portfolios. Any illusions of a Chinese government VEP policy similar to the one in US and Allied states were also very much shattered, and no one expected even the semblance of such a thing from Russian, DPRK, or Iranian offensive cyber programs.</p><p>
</p><h2>On lethal outcomes from offensive cyber effects</h2><p>
</p><blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Offensive cyber ops with lethal outcomes will again happen. They will again be ignored as higher order effects that can't be quantified, conclusively traced, or narrated simply enough for the compromised attention spans of those doomed to forget before the next time.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344669168747077634?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>
The old tired debates continue. Those that understand dependencies, and higher order effects, felt all too keenly the weight of adversary action even as mounting morbidity and mortality data continued to be ignored. And it seems that within the span of the ‘21 estimate, if not the year itself, we may well once again see lethal contributions on foreign battlefields. </p><p>
</p><h2>Inadvertent trigger of pre-positioned implants</h2>
<p>
</p><blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Long running intrusion set delivering OPE recon & implant options will be inadvertently triggered during period of heightened geopolitical tension. Attribution debate will be complicated by heavily entangled nth party access, litigation threats, competing press releases & leaks.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344675666118242304?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>
Thus far as publicly disclosed, unintended effects from the execution of implants intended for operational preparation of the environment have apparently not yet come to pass. For which we are thankful. But in multiple major crisis events, with immediate geopolitical (in the true international relations sense of that term) and other pol-mil-econ tensions, the potential for missteps by immature operators with poor oversight, limited process structure, and deeply entangled nth party access complications remains a serious concern through the estimative window. One would nonetheless continue to hope that this signpost remains wrong, and at the furthest edge of the possible.</p><p>
</p><h2>On autonomous, wormable payloads</h2><p>
</p><blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*An autonomous wormable payload will be discovered, with complex targeting logic & extensive modularity, only a fraction of which will be fully reversed or understood. But this will nonetheless be used in marketing materials for years to come.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344485772544548864?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>
Here, the distinctions between public knowledge and private intelligence holdings and researcher findings are substantially highlighted in the past year. We have seen multiple vulnerabilities in major targets that are manifestly suited to wormable RCE. Yet for some reason, there remains not only a reluctance to accept the potential for such outcomes, but even direct hostility to indications of adversary interest and development. The most recent of these cases of course being the Log4j bug, which devolved into debates over definitions of autonomy, and fundamental questions over the degree to which behavioral observables manifest in artifacts may be seen to demonstrate adversary intentions (alone, or in concert with other collection). If this is where the consensus knowledge of the year ended, there is limited prospect of taking up the other questions of worms that remain harder to find in constrained propagation dictated by complex targeting logic, and harder to reverse and understand (in the very modularity that makes such tooling powerful in application). One would have expected better from the community of practice, but such is where we are in the present moment.</p><p>
</p><h2>On Russian espionage compromise of cloud targets, and other operations in major platforms</h2><p>
</p><blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Other shoes will drop re ongoing .ru espionage compromising cloud targets. The full details, actual timelines, & adversary intent will still not be established. But the case will be continue to be cited as both policy & sales narrative takes hold.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344492335611129856?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Major operations conducted solely in platform specific environments will increase divergence between intel picture under tightly controlled NDA & common knowledge after being watered down by legal, PR. Resulting in only worse surprise, backlash in wake of future major incident</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344730869379043329?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>
The full dimensions of adversary enablement operations, and compromise of key common dependencies across the ecosystems, remain very much unclear. The continued corrosion of an effective common intelligence picture as post-incident findings are redacted, minimized, or withheld degrades our assessments. In the absence of the kind of log and artifact observables that cyber threat intelligence practitioners are more used to working with, other collection activities and analytic techniques must be brought to bear. Where this is done, or not done, has resulted in a divide between camps that simply see the world differently – often as a result of their orientation towards offensive or defensive problems, and sadly as much due to anchoring on prior estimates not revised in the face of subsequent events. Narratives have indeed taken hold, and hardened, in ways that will complicate assessment of future problems.</p><p>
In other words, the centralized control of the current dominant cloud platforms makes collaborative forensics analysis harder, and thus challenges our longer term strategic understanding.</p><p>
</p><h2>On failure to warn</h2>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Major operations conducted solely in platform specific environments will increase divergence between intel picture under tightly controlled NDA & common knowledge after being watered down by legal, PR. Resulting in only worse surprise, backlash in wake of future major incident</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344730869379043329?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote><p>Failure to warn as a theory of liability did indeed become prominent in ’21, but from an admittedly unexpected source. It has long been understood that USG desires to regulate its way into visibility, if not centrality, during cyber incidents impacting private enterprises who see little value in engaging with a host of competing agencies and their component elements that provide no meaningful assistance, and only level further conflicting demands. Proposals to advance mandatory incident disclosure notification with increasingly (if not unrealistic) ambitious scope and timeline requirements still have not achieved legislative traction, although executive actions to implement similar obligations are accumulating across multiple sectors. Beyond regulatory demands, FBI has now advanced the theory, <a href="https://www.bankinfosecurity.com/former-uber-cso-faces-new-charge-for-alleged-breach-coverup-a-18188">in comments contemporaneous to a superseding indictment</a> in the matter of the 2016 Uber extortion case, that executives may be directly charged if firms do not provide information to the government, where there exists the possibility that such disclosures could have been leveraged for future warning to other victims. One expects other civil actions will rapidly follow – especially where multiple firms increasingly seem to assert that they need provide no disclosure to customers regarding implications for their products of even known vulnerabilities exploited in the wild; or any information regarding substantial intrusion incidents on their platforms, regardless of potential impact to the customers of those platforms. As usual, it seems these things will be tested not through cool rationality of policy debate and decision – but through the heated contests and random outcomes of the courtroom. The resulting precedents will inevitably lead to risk aversion, further overlawyering, and ultimately yet more disincentives for the private sector common intelligence picture.</p><p>
</p><h2>On changing CTI production</h2>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*CTI embrace of journalism models as a substitute for analytic production will continue apace, further devolving towards clickbait. Other intelligence tradecraft standards will continue to be sacrificed quietly along the way as fewer analysts, managers are taught the difference</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344689335359201280?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">Shortly after a presently unthinkable breach of professional practices will be vigorously defended via some tortured logic as a matter of common groupthink, including prominent talks. Which will lead inexorably to generative neural network driven reporting to displace...</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344689828219203588?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">...first line FINTEL production, displacing billets & reducing roles in which collectors & analysts can grow into more seasoned, experienced professionals. But since so many spend their time as TwitterSOC or West Wing cosplayers, this subtle corrosion won't be noticed right away</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344690155806994435?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Driving emerging vendors new to market to offer increasingly loud, poorly sourced & badly supported takes that will be indistinguishable from bad Twitter drivel, but repeated verbatim by pool of tech reporters</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344690479292674049?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<!--<P> Embed https://twitter.com/HostileSpectrum/status/1344689335359201280</p>
<p>https://twitter.com/HostileSpectrum/status/1344689828219203588</p><p>
https://twitter.com/HostileSpectrum/status/1344690155806994435</p>
<p>https://twitter.com/HostileSpectrum/status/1344690479292674049</p><p><br /></p><p><br /></p><p>-->
The collapse of traditional media as its revenue sources are cannibalized by the advertising infrastructure underpinning the entirety of the technology ecosystem has displaced a lot of folks that string words together for a living. Many of these folks are used to doing so under deadlines, and with a focus on shorter and direct pieces. As intelligence organizations have long recognized, these are useful traits in a line analyst. However, these are very different professions, and the tasks of an intelligence professional are more than simply writing something the customer likes to read.<p>
Worse yet, where intelligence production is seen as useful to the organization solely as a means of generating marketing collateral that is then pushed in the hopes of generating positive media coverage, devolution to a more journalist friendly audience may creep in as a requirement. As we have seen, some shops have sought to cut out the middleman and directly hire former press talent not only in intelligence roles, but to support their own newly established “new media” model outlets. Such pseudo-journalism has in the past year very much challenged established analytic tradecraft standards, blurring the line between collection, analysis, and delivery. </p><p>This in turn spurred even further devolution in newly established shops where tradecraft remains apparently unknown. Suffice it to say such noise will always plague us, but there is an expectation that the market can be self-correcting. However, I routinely underestimate the longevity of mediocrity in this space.</p><p>
Yet there is an absolute clock running, where the tipping point for new technologies to displace the labour intensive and talent specific tasks of much of cyber threat intelligence is ticking. There are interesting start-ups this year that seem poised to disrupt the space. And the volume of reporting generated from automated processes that practitioners at multiple levels regularly consume has been ticking up inexorably this year.</p><p>
</p><h2>On economic espionage value in foreign technology production</h2>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Stakes will continue to be driven through heart of arguments re .cn integration of economic espionage take as ever larger number of deployed PLA systems will be seen directly incorporating elements unmistakably stolen from Western DIB. But debate will drag on for another decade.</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344675296897867776?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<!--<p>https://twitter.com/HostileSpectrum/status/1344675296897867776</p><p><br /></p><p><br /></p><p>-->
The continued attempts to deny the military and economic utility of cyber espionage in cumulative effects remain puzzling. But Western awareness of PLA development and deployment of new systems that bear unmistakable lineage in compromised programs has lagged, as much due to deliberate attempts to avoid considering what this means for military budgets in a time when political leadership would prefer much deeper austerity. Yet the adversary not only gets a vote, but has set the meeting agenda. <p>It remains to be seen when this argument shifts. Perhaps when other self-delusions regarding broken promises of restraint are also abandoned, or perhaps it will require a flaming datum to illustrate the point.</p><p>
</p><h2>On infosec cons</h2>
<blockquote class="twitter-tweet" data-conversation="none" data-theme="dark"><p dir="ltr" lang="en">*Infosec cons will be surprised to find that in postpandemic world when travel is again possible large swath of orgs won't fund physical presence. Will take years for knockon to industry to fully manifest, but 1st impacts will be seen on job mobility & new entrant maturity curves</p>— HostileSpectrum (@HostileSpectrum) <a href="https://twitter.com/HostileSpectrum/status/1344485648577662977?ref_src=twsrc%5Etfw">December 31, 2020</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
<!--Embed https://twitter.com/HostileSpectrum/status/1344485648577662977</p><p><br />-->
<p><br /></p><p>Pandemic travel restrictions not being over, the effect on the con scene remains as yet uncertain. The brief period of optimism of late summer and early fall ’21 does not provide sufficient basis for retrospective evaluation.</p>
<hr class="dashed" />
<p>Having laid out the predictive record, warts and all, it is traditional to close with an exhortation to intelligence professionals to take up the burden to do better than what has been presented before. If one considers the analogy of casting stones, this is all perhaps just one more thing to be slung towards those that may take up the burden. As the old Greek inscriptions on sling projectiles read: “DEXAI” (Catch!)</p>
<p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://www.britishmuseum.org/collection/image/449390001" style="margin-left: 1em; margin-right: 1em;"><img alt="a stone, with greek "CATCH" embedded." data-original-height="750" data-original-width="1000" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlHDhKaDDqSbPzdLH_NQX6V_3CVP0Fj-VeKW1OMK_ADQTZQyiq2UWYn0LUGzabYMb5jbAQcerY4QdwNpGVhewk_B_V3qE3JNQnokwcKw6RfGIJSpBIEVa7n47UE-IX2YTzMjev_PqmNe0/w320-h240/image.png" width="320" /></a></div><br /><br /><p></p>
<p>I may well throw another volley of estimative signposts for the new year (plus 6 months, to account for the span of Moore’s Law), once again via Tweet storm, in the coming days. One nonetheless hopes to see further more formalized efforts, grounded in properly rigorous tradecraft, from other shops this year. </p>
<hr class="dashed" />
<p></p><p>About the author: JD Work is a former intelligence professional turned academic.</p><p>The views and opinions expressed here are those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or other organization.</p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-71783935524803837872021-06-15T14:39:00.001-07:002021-06-23T05:41:00.245-07:00Pride Month<p>I've read several cyber policy papers on "Culture" and how to address that when trying to recruit and retain cyber security talent, especially within the US Government, and within that, especially at CISA and DHS, which are struggling to grow. A lot of times, this comes from a military background, where people talk about lowering fitness standards or letting people grow long haircuts, which is almost besides the point. Most hackers I know will definitely choke you out in a hand to hand fight.</p><p>Instead, although there's been no proper survey, but if you DID do a survey, you would find out that there are many more LGBQTIA+ people within the cyber security fields than religious people of any affiliation! This indicates a set of values that an organization looking to obtain cyber talent needs to pay close attention to, not just because they want to directly recruit people, but because all the companies and people they want to partner with likely share those same values. I said on a recent podcast that I saw something from the NSA, but not from anyone else, so I thought I would go do some research and get some ground truth.</p><p>So let's take a quick look at how various places are doing!</p><p>The gold star award this year goes to DIRNSA with a 41 second rainbow themed <a href="https://twitter.com/CYBERCOM_DIRNSA/status/1399747529248546820?s=20">heartfelt personal video message</a> to the world on behalf of the three organizations he heads. You'll note this was released right on June 1st. Someone thought ahead.</p><p></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNZVBzep4io2Ent7egrk189wIZu8KxS421dAinv3QdEfXdYCWyLdoaJLq4CASSAeMT63J4pBsVZ5-4Mlh3PFulM-fkMCIgQTqT-LzPIdhwdWX5WPR5kzF5KQBRdtILuH7df1K1fLXQrRw/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1079" data-original-width="1953" height="177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNZVBzep4io2Ent7egrk189wIZu8KxS421dAinv3QdEfXdYCWyLdoaJLq4CASSAeMT63J4pBsVZ5-4Mlh3PFulM-fkMCIgQTqT-LzPIdhwdWX5WPR5kzF5KQBRdtILuH7df1K1fLXQrRw/" width="320" /></a></div><br /><div style="text-align: left;">CISA also gets a GOLD STAR, with a <a href="https://www.cisa.gov/blog/2021/06/04/cisa-celebrates-pride-month-commitment-diversity-and-inclusion">personal message</a> from the deputy director, and two tweets about it. Slightly later than NSA, so maybe slightly smaller star?</div></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLanySNla7YDotOMMW0WBrwLC4nNNTJwWownYWJ5UCZcqmn7HYkyiQi23UKRW5IyBjVQuQtwW2C9mMix5V1XGFHzxOon3DhS5sOn2nHZE-HB7pq0X3PdAgMtKrVefZu88COADbB2JyaZ4/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="955" data-original-width="841" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLanySNla7YDotOMMW0WBrwLC4nNNTJwWownYWJ5UCZcqmn7HYkyiQi23UKRW5IyBjVQuQtwW2C9mMix5V1XGFHzxOon3DhS5sOn2nHZE-HB7pq0X3PdAgMtKrVefZu88COADbB2JyaZ4/w352-h400/image.png" width="352" /></a></div><br /><div style="text-align: left;"><br /></div><div style="text-align: left;">DHS gets a gold star as well. (There is also <a href="https://twitter.com/DHS_Pride">DHS_Pride</a>, which they mention in another tweet). It seems the previous time they posted about this was 2013?</div></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPZKBFIrrmoOgqSdPs0KqZ3eqOfix1H5T-gQXpBDxj2KzUumBejswOsR4O9ORt_Nvwy3v3AJ9RBUjyKnb2X9GGOz8gNPeOPmPkJ9xfROQizBoePPUAVik3V5Kz5M9BaHaWlu69wkH-Rkw/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="654" data-original-width="833" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPZKBFIrrmoOgqSdPs0KqZ3eqOfix1H5T-gQXpBDxj2KzUumBejswOsR4O9ORt_Nvwy3v3AJ9RBUjyKnb2X9GGOz8gNPeOPmPkJ9xfROQizBoePPUAVik3V5Kz5M9BaHaWlu69wkH-Rkw/" width="306" /></a></div><br /><br /></div><div class="separator" style="clear: both; text-align: left;">The FBI, which of course used to be <a href="https://outhistory.org/exhibits/show/fbi-history/1950-1959">rather on the other side of the issue</a>, also posted on the issue. Gold star. Weirdly nothing from 2019 though.</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiG-IWHJeDnNHBbTHiE23tv0hFUt6yLBXYECZVne53_RCy1sJArWrP7YlaP8BtLdz6A7isIK1kWmfkWdignWhLxW-R9MmYONRomSTYIOpVEEM-7L6FoeLfi5Vp0tbIUpm1uzagTRXQCbhs/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="559" data-original-width="824" height="217" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiG-IWHJeDnNHBbTHiE23tv0hFUt6yLBXYECZVne53_RCy1sJArWrP7YlaP8BtLdz6A7isIK1kWmfkWdignWhLxW-R9MmYONRomSTYIOpVEEM-7L6FoeLfi5Vp0tbIUpm1uzagTRXQCbhs/" width="320" /></a></div><br /><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8PE3Wj_z2Ss_pDrNaj3BBi_XHhRn0JCwiW3mcB0p83EUOzhhgpFEWAO3amEPWRIFJABQA09vINDKvnz5huMBIwuIepLKtwpfKHFLOI3Z3ZhNG5wYG2N6Vdj6uSSn-l0dR4fZHYAjHJxc/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="221" data-original-width="827" height="86" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8PE3Wj_z2Ss_pDrNaj3BBi_XHhRn0JCwiW3mcB0p83EUOzhhgpFEWAO3amEPWRIFJABQA09vINDKvnz5huMBIwuIepLKtwpfKHFLOI3Z3ZhNG5wYG2N6Vdj6uSSn-l0dR4fZHYAjHJxc/" width="320" /></a></div><br /><br /><div style="text-align: left;">And of course, the beginning of it all, the UK's GCHQ. Another gold star, although I don't think they have "pride month" in the UK, they do have a rainbow flag AS THEIR TWITTER ICON. And of course, <a href="https://www.gchq.gov.uk/news/director-gchqs-speech-stonewall-workplace-conference-delivered">this speech</a>, given the way only the Brits can. [Update: <a href="https://twitter.com/GCHQ/status/1407579287448952833?s=20">This Tweet</a> too ]</div></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYDxCLaMi7I7cjduWdtUe2f7gtM3bm6gfRfevip5a6mZMUg-9tJ_PNdPOb-6_KftuanGKKbZ0C8Sv-RyzhDPL0zKiop838g6lkVjZHwG6fvw5mrCverDgoF7AbDkodg3RdDi0ALZSW104/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="942" data-original-width="828" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYDxCLaMi7I7cjduWdtUe2f7gtM3bm6gfRfevip5a6mZMUg-9tJ_PNdPOb-6_KftuanGKKbZ0C8Sv-RyzhDPL0zKiop838g6lkVjZHwG6fvw5mrCverDgoF7AbDkodg3RdDi0ALZSW104/" width="211" /></a></div><br /><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWMPcg6jS3ZI8rJjhFg1DThhYSKDvWEO4u8NabNchxMCKXQ-PNpBQlCTpdg1usFB2k8CS-Iw70knUYY1ST5xNHvGdhctlxBo44f6nO_ZZyxs-SFUjHOkIF7fJ6W36IQjO1jXWBohc8hnw/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="812" data-original-width="819" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWMPcg6jS3ZI8rJjhFg1DThhYSKDvWEO4u8NabNchxMCKXQ-PNpBQlCTpdg1usFB2k8CS-Iw70knUYY1ST5xNHvGdhctlxBo44f6nO_ZZyxs-SFUjHOkIF7fJ6W36IQjO1jXWBohc8hnw/" width="242" /></a></div><br />In summary, looks like if you look on June 1st, only the NSA (and GCHQ) cares, but if you look on June 15th, everyone has said something. That's surprisingly good news.<p></p><p>Oh wait, almost forgot someone! The CIA recruiting LGBTQ via Glassdoor is ironic somehow. And they posted in 2019 as well, bucking the trend. So two gold stars.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLAJ0d7zg0Is1UOUXdyTvjxBanrNy_qv09LL1vEfgxPcGBX8nlnh3MhHb02ch4I69ubiiIdjNb5dQnyLp4evNmE1xeair4zhpKxMwz4imY2tJhRQ61o4cLnIrDIEPxuj-Ctzk1fSwuAjs/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="749" data-original-width="832" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLAJ0d7zg0Is1UOUXdyTvjxBanrNy_qv09LL1vEfgxPcGBX8nlnh3MhHb02ch4I69ubiiIdjNb5dQnyLp4evNmE1xeair4zhpKxMwz4imY2tJhRQ61o4cLnIrDIEPxuj-Ctzk1fSwuAjs/" width="267" /></a></div><br /><br /><p></p><br /><p></p>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-86878694188168660902021-03-21T15:48:00.009-07:002021-03-21T16:01:20.356-07:00Cyber is perfectly fine for Signaling <div>The other day I read <a href="https://www.washingtonpost.com/politics/2021/03/16/if-you-want-get-russia-stop-hacking-america-counter-hacks-probably-wont-help/">an article</a> about cyber signaling. Signaling in international relations contexts confuses me because so much of it is about an uncertain reality, and the truth behind intensions is never know, and it weaves so much geopolitical and military context together.</div><div><br /></div><div><br /></div><div>I pasted a section of the article, including links to the authors, below.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwkm10VkY0eBs_Iyiq74nIL-BmfJekoenXkz9PU7ESRlbRx1Us3uDh6SV_xspzDOBNrtIaWwSMgkrfEY0akKXZUL2d_TMKzOnsFOHB5SVOK-rb-1gCpx-9wzK0SJ60q1gFv-Pi8YgJSNY/s1019/signaling.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="625" data-original-width="1019" height="245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwkm10VkY0eBs_Iyiq74nIL-BmfJekoenXkz9PU7ESRlbRx1Us3uDh6SV_xspzDOBNrtIaWwSMgkrfEY0akKXZUL2d_TMKzOnsFOHB5SVOK-rb-1gCpx-9wzK0SJ60q1gFv-Pi8YgJSNY/w400-h245/signaling.PNG" width="400" /></a></div><br /><div>To quickly summarize the article's arguments, as I saw them, I also include the following bulleted list:</div><div><ul style="text-align: left;"><li>Cyber Signals are easily muddled or misconstrued, such as with overall noise or system outages.</li><li>Reliance on "attribution" may make Signals delayed (and hence, less powerful)</li><li>Hard to say what a cyber event was intended to Signal</li><li>Most cyber events don't cause big visible effects which makes them cheap (and hence, basically worthless)</li></ul></div><div><br /></div><div>The article mentions that yes, nations can call each other on the phone after a cyber event has happened, and point out why that event happened and provide additional threats and context.</div><div><br /></div><div>I would say these arguments are unpersuasive, and that cyber both IS and HAS BEEN great for signaling between nations and often also between non-state actors.</div><div><br /></div>First I think signaling can be split nicely into warnings and demonstrations of capabilities, and these are not the same things. But to start off, I want to tell a few stories of yesteryear.<div><br /></div><div>Back in 2002, there was a mailing list known as Bugtraq that was used the way Twitter is used now - to post flotsam and jetsam about information security, including exploits. At the time, ISS XForce was, as the name might imply, a pretty powerful force. They released a number of great exploits and had a lot of talent that went on to do great things, but that's not the story I'm trying to tell.</div><div><br /></div><div>Back in 2002 ISS XForce announced a vulnerability in the Apache Webserver - one that was only exploitable on Windows. This was essentially a "good" bug, but worthless in the sense that most people running Apache were not on Windows. </div><div><br /></div><div>Then, out of nowhere, a hacking group known mostly for shitposting published a working and reliable exploit for that same vulnerability, but that affected Apache on Unix operating systems, complete with an advanced shellcode, as you can see from the <a href="https://www.securityfocus.com/news/493">article </a>below and this made people reassess the situation.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimh8MU_2HtEmzrAX774G3kXW17QNFLRZVTL1MJLBrN7sRJEq7smK6-swDXExEP_FRNdAWKxZoGe_LsNtgcaNUikpZFocnpWI9rh1OMkaGiLco5mcAjcvsCnsO-UeazuW4pSSLz8-RM-gg/s1138/gobbles.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="792" data-original-width="1138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimh8MU_2HtEmzrAX774G3kXW17QNFLRZVTL1MJLBrN7sRJEq7smK6-swDXExEP_FRNdAWKxZoGe_LsNtgcaNUikpZFocnpWI9rh1OMkaGiLco5mcAjcvsCnsO-UeazuW4pSSLz8-RM-gg/s320/gobbles.PNG" width="320" /></a></div><br /><div>I don't mean "reassess the situation about Apache". What I mean is that a lot of us were thinking "Hey, maybe the best in the world doing commercial work and releasing exploits to vendors are not, in fact, ahead of this game". This wasn't about Signaling in the sense that one nation was trying to deter or coerce another. But it was Signaling in the sense that one community ("hackers") was pushing back on another community ("the commercial security market"). </div><div><br /></div><div>That brings me to TianFu Cup. <br /><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmQCcYVg6ROx2flEU3pdS5tHma8K6yYAVhh3X_dGhOZo7tKim4W0IHbq94ZD39V6OvwfIueBCEHG6uVIZ-yuUzkn5DgfSpK2R3-ojvv9zoAD-sAB2kGmpUzhGurku-PD_0ogeCtxUzE5M/s950/tianfucup.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="950" data-original-width="824" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmQCcYVg6ROx2flEU3pdS5tHma8K6yYAVhh3X_dGhOZo7tKim4W0IHbq94ZD39V6OvwfIueBCEHG6uVIZ-yuUzkn5DgfSpK2R3-ojvv9zoAD-sAB2kGmpUzhGurku-PD_0ogeCtxUzE5M/s320/tianfucup.PNG" /></a></div><br /><div><br /></div><div>If you don't know about it, the TianFu Cup follows in the tradition of Pwn2Own and other hacking contests in which you use an 0day on a product in a demonstration, and then you get money as a prize and the contest gives the 0day to the vendor to be fixed (in most cases). These contests are often watched carefully and vendors often drop patches to their products right before them, in an attempt to make exploiting them difficult. </div><div><br /></div><div>Except that while even the highest end contests in the US have notable successes, none have ever reached as high as TianFu Cup does effortlessly, when one of the researchers owns every major browser, and every other hard target falls as well. You can compare this to the 2020 Pwn2Own <a href="https://www.thezdi.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results">here</a>.</div><div><br /></div><div>Again, this is a stunning display of not coercion or deterrence, but capability. </div><div><br /></div><div>But there ARE lots of examples of coercion and deterrence in cyber. I will list them below in my favorite thing, a bullet-list:</div><div><br /></div><div><ul style="text-align: left;"><li><a href="https://www.fbi.gov/wanted/cyber/iranian-ddos-attacks">Iranian DDoS attacks against our financial sector (re: Sanctions)</a></li><li><a href="https://www.washingtonpost.com/national-security/cybercom-targets-iran-election-interference/2020/11/03/aa0c9790-1e11-11eb-ba21-f2f001f0554b_story.html">US Efforts against Iran re: 2020 Election</a> </li><li><a href="https://www.technologyreview.com/2019/08/28/133223/american-cyber-command-hamstrung-irans-paramilitary-force/">US rm's an Iranian Database</a></li><li><a href="https://en.wikipedia.org/wiki/The_Shadow_Brokers">ShadowBrokers</a></li><li><a href="https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html">Cybercom rm's IRA</a></li><li><a href="https://en.wikipedia.org/wiki/Sony_Pictures_hack#:~:text=The%20U.S.%20Department%20of%20Justice,of%20the%20Central%20Intelligence%20Agency.">North Korea vs Sony Pictures</a></li><li><a href="https://www.theverge.com/2014/12/11/7376249/iran-hacked-sands-hotel-in-february-cyberwar-adelson-israel">Iran vs Sands Casino</a></li><li><a href="https://en.wikipedia.org/wiki/OpIsrael">Iran vs Israel nonsense</a></li></ul></div><div>If anything cyber signals (and other covert but demonstrable effects) are extra powerful because they can say "KNOCK THIS OFF" without saying who sent it, or HOW they managed to send that signal - which in some cases is a lot scarier. </div><div><br /></div><div>Likewise, countries signal with policy changes. They announce quite clearly when the move to a more aggressive posture, or when they step back. You can't go two weeks without some country or another, like New Zealand, announcing their own private interpretation of how international law applies to Cyber. </div><div><br /></div><div>But that doesn't mean signals aren't also done with restraint, or through side notes in Track 2 meetings. The HolidayBear attack is a lot less transgressive than the NotPetya attack. The Exchange server hacks are an element of continued relationship breakdown between the US and China. Leaking data as a "signal" is an element of the original terminology of the cyber domain ("Dropping a mailspool" being the traditional term). And we continue to see that to this day. It's probably worth pointing out that while leadership-to-leadership is often required for traditional military capability signaling, Twitter with its pseudonymous accounts is often good enough for cyber.</div><div><br /></div><div>Incident response can also be used for signaling. Many major anti-virus or endpoint protection firms make efforts to signal, by exposing US or allied operations, that they are international companies, wishing to do business in China or other locations. And this can get even more complicated, since many incident response firms will downplay the findings from particular countries they wish to curry favor with or <a href="https://www.reuters.com/article/us-china-usa-cia/chinese-cybersecurity-company-accuses-cia-of-11-year-long-hacking-campaign-idUSKBN20Q2SI">exaggerate those</a> from "adversaries". </div><div><br /></div><div>In conclusion, signaling with cyber is both effective and likely to continue.</div><div><br /></div><div><br /></div></div>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-70769660248567834912021-01-21T21:29:00.002-08:002021-01-22T07:03:51.285-08:00While in Kyoto, a comprehensive review of Cyberpunk 2077<div class="separator"><p style="margin-left: 1em; margin-right: 1em;"><br /></p></div><div style="background-color: white; color: #222222; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif;"><div class="ii gt" id=":b75" style="direction: ltr; font-size: 0.875rem; margin: 8px 0px 0px; padding: 0px; position: relative;"><div class="a3s aiL" id=":b0e" style="font-family: Arial, Helvetica, sans-serif; font-size: small; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1.5; overflow: hidden;"><div dir="ltr"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpMglEnbsnPuVAPSweETXNiZzvwY6UJF-UJ66jwd7GKGMtrUKonsNKjad2PVoV81khe3A6V-DHCYdFBUx1bBOMUBrWxXu3TXzZM4AVPEntxn23xXBJLrP77OwNW-2zEuGFMKb1nN2iUxo/s868/blog1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="809" data-original-width="868" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpMglEnbsnPuVAPSweETXNiZzvwY6UJF-UJ66jwd7GKGMtrUKonsNKjad2PVoV81khe3A6V-DHCYdFBUx1bBOMUBrWxXu3TXzZM4AVPEntxn23xXBJLrP77OwNW-2zEuGFMKb1nN2iUxo/s320/blog1.png" width="320" /></a></div><br />Until recently I hadn't realized just how terrible I was at playing video games. And now after finishing Cyberpunk and watching a bunch of "spoiler" reviews I realize most people think the goal of these games is to increase some stats numbers so that the already braindead enemy AI is somehow even easier to beat up. Anyways, here's how you play open world video games, or as they will be known in the future: Games. <div><br /></div><div>1. Don't watch tips videos of any kind or read articles on the "best netrunner build" or any of that nonsense.</div><div>2. When you create a character, it's like in DnD where you are pretending to BE that character. Try to keep your roleplaying consistent! But also, the goal is to experience the world, which means doing ALL the side missions and reading all the various little texts that lay around the world explaining everything.</div><div>3. By the time you reach the cyborg-alien end-boss you will have become death, the destroyer of worlds, but you will also be OF the world, and a piece of it will stay with you even when you log off.</div><div><br /></div><div>Anyways, here's my one line review of Cyberpunk 2077:<b> it's a goddam masterpiece of art</b>. It is better in it's own way than GTAV's joyful nihilism, or RDR 2's detailed reminiscence, Skyrim's pathological weirdness, or even Breath of the Wild's cultured perfection. People online have spent gallons of ink complaining about the various bugs, but you know what else has bugs? Everything. </div><div><br /></div><div>We spent the last four years fuzzing out why having a unitary executive is as bad an idea as a monolithic kernel and so it didn't bother me in the slightest when some UI element wouldn't disappear or a car dropped in from nowhere. That's just part of the game - the world is a buggy place.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTa0-dk8gyjA3M8D-Wbm0P4yrvuE0axyrUW8EIp5FEqpVbJLgT7k1mB5_-luyDe1dpneKwk7QiC1dHhL3qu5uQb4iVAGsSZnaqr0yjuVAAah_thBv6uMjEJaFn6pm4U2VtzNxSX6lIcrg/s1527/blog2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="818" data-original-width="1527" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTa0-dk8gyjA3M8D-Wbm0P4yrvuE0axyrUW8EIp5FEqpVbJLgT7k1mB5_-luyDe1dpneKwk7QiC1dHhL3qu5uQb4iVAGsSZnaqr0yjuVAAah_thBv6uMjEJaFn6pm4U2VtzNxSX6lIcrg/s320/blog2.png" width="320" /></a></div><div><br /></div><div><br /></div><div>By "art", I don't mean the graphics, which, yes, are amazing - and in particular the animations of everything bring the characters to life in a way no other game really has - when some street busker plays a guitar, his fingers move in the correct chords in the correct times. What's truly exquisite about Cyberpunk 2077 is the writing and story and world creation. At the end, as a guard walks you to your cell/hospital room, he recites a poem to you, although the world is purple due to malfunctioning neural connections, and the concept of "you" itself has taken a royal beating.</div><div><br /></div><div><i>While in Kyoto, I hear the cuckoo calling,</i></div><div><i>and long for Kyoto.</i></div><div><br /></div><div>This is a fairly famous Basho Haiku, but it's a BETTER TRANSLATION than the most popular ones you will find on the internet or in books. And that's how the game's world building works: It's a better translation of the Cyberpunk gestalt than the books and movies that came before it.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzS3z1Wun-mvCsKl-i3YpL5UXTGsH7slX1K6GeLuJNyfLgEAtgb5pvQ7HDwMfRMkOnqdMRBpa7g1HF312uEYRvMOByb6ADCgoTcwDj7DZ-82aIXKpxRF1P9uLdddRDwp506oI4JvE3aF4/s863/blog3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="670" data-original-width="863" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzS3z1Wun-mvCsKl-i3YpL5UXTGsH7slX1K6GeLuJNyfLgEAtgb5pvQ7HDwMfRMkOnqdMRBpa7g1HF312uEYRvMOByb6ADCgoTcwDj7DZ-82aIXKpxRF1P9uLdddRDwp506oI4JvE3aF4/s320/blog3.png" width="320" /></a></div><div><br /></div><div><br /></div><div>It's possible that this game is not as good if you have not been immersed nearly from birth in hacker culture. We slip into the lingo of this game like it was tattooed on us underneath our clothes. Cyberpunk as a genre has always been about a crisis of identity as the wave of modern technology washes over it - of the concept of identity, not of any one person's identity. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifjKISq1LcwpHl4KFngLzM1B27I5xl719NSiVd8lIUOAAm-O1vC2e5loCCopIpUdDb75wEP6FgQv9ledYeTZmTCZVgc2yKey_5qdtgdjTaYjgU2q8Y-Ieh-F5XeHLL2s4TTmB7Ti90uss/s1040/blog4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="286" data-original-width="1040" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifjKISq1LcwpHl4KFngLzM1B27I5xl719NSiVd8lIUOAAm-O1vC2e5loCCopIpUdDb75wEP6FgQv9ledYeTZmTCZVgc2yKey_5qdtgdjTaYjgU2q8Y-Ieh-F5XeHLL2s4TTmB7Ti90uss/s320/blog4.png" width="320" /></a></div><div><br /></div><div><br /></div><div>Seeing a fully realized vision like this is always surprising, like the way puzzles in BOTW tie to the physics engine so beautifully. In Cyberpunk, the physics engine may be janky but it's the philosophical engine that thrums smoothly just beneath the surface of everything. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDyFzjKNVNAVPs0n8eddibqQN5FCJRbThptBLn0G4xn-KR07n1P5mjD1tsl_4ud0yPBNyKW5NYWeBQp_gqjnvaBcz9MhSh0wY9susaO5SOGPNAgI3KaPPfGOTmCGDFDllMNgDC451714o/s1488/blog5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="833" data-original-width="1488" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDyFzjKNVNAVPs0n8eddibqQN5FCJRbThptBLn0G4xn-KR07n1P5mjD1tsl_4ud0yPBNyKW5NYWeBQp_gqjnvaBcz9MhSh0wY9susaO5SOGPNAgI3KaPPfGOTmCGDFDllMNgDC451714o/s320/blog5.png" width="320" /></a></div><br /><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div>One of your first missions introduces you to a clan of post-humanoids, living like everyone else in the world does, through savage grift. They all have faces heavily augmented with metallic cybernetics and it's not until almost at the end of the story that you realize they....look down upon you. Normal humans can't see and hear the things they do. They have music you can't "get". "Dum Dum" is anything but.</div><div><br /></div><div>One thing that strikes me is how few animals there are now in the real world, compared to when I was a kid. Cyberpunk takes that to its logical extreme - there just aren't any animals. Seeing a feral cat is a treasured experience for the people in this world. Everything is covered in trash - plastic bags of it line every waterway. Various "tips and tricks" on YouTube point out that in the early game you should pick up every little dildo and ashtray and other flotsam that the world is littered with and sell it for spare cash without commenting on why this is so.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil5q9Qce7WiYUnlYCkK_TA0dn1iW4UGt57KZoNG8R_YIbau_4LsJteK96Reqh6I1ChEyq0MWQFGtYiXDCD_o2ZnbAFxG_ySyZxiFfc3v_XNtsY7YwBH29-4GIZl3OX1cEu7zyfOGEe_-0/s1547/blog6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="442" data-original-width="1547" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil5q9Qce7WiYUnlYCkK_TA0dn1iW4UGt57KZoNG8R_YIbau_4LsJteK96Reqh6I1ChEyq0MWQFGtYiXDCD_o2ZnbAFxG_ySyZxiFfc3v_XNtsY7YwBH29-4GIZl3OX1cEu7zyfOGEe_-0/s320/blog6.png" width="320" /></a></div><br /><div><br /></div><div>If we look into the future, how could this not be the world we created? A newscaster reminds you the city's population has decreased by thirty percent year on year. But this is not a dystopian vision - it's a story of survival at all costs. Of what you have to become to exist. Our society has grown so long we forget they can also contract.</div><div><br /></div><div>In Cyberpunk's Night City, which is in California, even the weather has changed - sandstorms, but also smogstorms, to the point where the giant solar power farms just outside the city are being decommissioned. All of this is relayed as news while you take an elevator, or snippets of text in documents throughout the city, or in odd bits of optional dialog. </div><div><br /></div><div>I've noticed that movies no longer hold anyone's attention - they are both too long and too short. But the characters in Cyberpunk are fully fleshed out - they get more screentime than even a major character would in a blockbuster. And the motivations and drivers behind them are carefully crafted - the ending words of the primary antagonist drive into you like a stake. You slot his inevitable and horrible death as you realize you are the unwitting tool of his evil father. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgcvEwOH3LMaaiUlrI2zqwxAxcGE-lKc8SX3qnkx11OwhrCys7RttCGtblsR2tepOtb8VcjlE1MToEa6pdpYIArrI6IZSqNo-DwJ6xJutne3PYFT41cinGJM7w79YxJ2vihYoyOgBx69Y/s892/blog7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="285" data-original-width="892" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgcvEwOH3LMaaiUlrI2zqwxAxcGE-lKc8SX3qnkx11OwhrCys7RttCGtblsR2tepOtb8VcjlE1MToEa6pdpYIArrI6IZSqNo-DwJ6xJutne3PYFT41cinGJM7w79YxJ2vihYoyOgBx69Y/s320/blog7.png" width="320" /></a></div><div><br /></div><div><br /></div><div>The most poignant missions in the game have no shooting at all. Yet they require your participation, which is the sine-qua-non of the artform that is video games at this level. You can't help but be blended at some level with the character you play.</div><div><br /></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis76QFS0MdHaXCPzcwxyewH8iLxUAUAQe37lUfWr6a9em2YUttrjYtsKB9tkI29Pi61cVilTY0r9tBConG_uYj5kDggZaNvfAED3revHQZNlNfc7o08O5PMlr6Lmn24UigwiPjC65zS6k/s988/blog8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="804" data-original-width="988" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis76QFS0MdHaXCPzcwxyewH8iLxUAUAQe37lUfWr6a9em2YUttrjYtsKB9tkI29Pi61cVilTY0r9tBConG_uYj5kDggZaNvfAED3revHQZNlNfc7o08O5PMlr6Lmn24UigwiPjC65zS6k/s320/blog8.png" width="320" /></a></div><div><br /></div><div><br /></div><div>The truth is shooting things is ultimately a futile endeavor if you don't understand the world you live in. I recommend you take the time to experience the depth of the world they created, because it's worth confronting in a way few games are.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiImeh70RG7czY8lDTUsvWMl63T6SzBkAMQOxX7GDnI_ZowEI-gcbKJ929Ix7uGg4hg9Ea9BKWCVQVm1Op1xj0U2FgLYQPtH0nrMF7DJgqeK4YfI4pb0EinAHdFVpj2XU4B0z69ShcdvZQ/s1423/blog9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="874" data-original-width="1423" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiImeh70RG7czY8lDTUsvWMl63T6SzBkAMQOxX7GDnI_ZowEI-gcbKJ929Ix7uGg4hg9Ea9BKWCVQVm1Op1xj0U2FgLYQPtH0nrMF7DJgqeK4YfI4pb0EinAHdFVpj2XU4B0z69ShcdvZQ/s320/blog9.png" width="320" /></a></div><br /><div><br /></div><div><br /></div></div></div></div></div>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-67538680633060935882020-12-09T11:02:00.003-08:002020-12-09T11:03:31.551-08:00The Deep Wrong of Kyle on Platform Speech Governance<p>Kyle <a class="author__link" href="https://www.lawfareblog.com/contributors/klangvardt" style="box-sizing: border-box; color: #003b3f; cursor: pointer; font-family: proxima-nova, sans-serif; font-size: 15.2px; font-weight: 600; opacity: 0.7; outline: 0px; transition: color 250ms ease-in-out 0ms;">Langvardt</a> (<a href="https://twitter.com/kylelangvardt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor">@kylelangvardt</a>) recently wrote a piece for Lawfare on <a href="https://www.lawfareblog.com/platform-speech-governance-and-first-amendment-user-centered-approach">Platform Speech Governance</a> - in a sense, how and when can the Government make censorship decisions for social media companies. He drives the argument with theories on how the First Amendment is interpreted and applied (as he is, in fact, a legal specialist in First Amendment law).</p><p></p><ul style="text-align: left;"><li>Editing (by social media companies) is not speech (because if it <i>is</i>, any regulation has to pass strict scrutiny, which it would probably not)</li><li>Code is not speech (because not all language is speech and therefore govt regulation of social media company code is ok)</li><li>He also includes some argument about the <i>scale</i> of social media companies meaning that the speech of their customers overrides their own first amendment rights</li></ul><p></p><p>Each of these arguments is nonsense, but he makes them because the ends justify the means, as stated quite clearly:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuY9wfIIVElU2vEz9ZU60qEF2_3Un3uopsZfTGKCuk4Cg7hPesfZsSMjN4wu5xp9AKEQ8sxSCJK1EwDZafHPofBBsEyl-Ylyv86ui0tsT3Fh6MJHzX0U7wUUPF3UmnArUNMZmGSbJYLKQ/" style="margin-left: 1em; margin-right: 1em;"><img data-original-height="252" data-original-width="1148" height="88" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuY9wfIIVElU2vEz9ZU60qEF2_3Un3uopsZfTGKCuk4Cg7hPesfZsSMjN4wu5xp9AKEQ8sxSCJK1EwDZafHPofBBsEyl-Ylyv86ui0tsT3Fh6MJHzX0U7wUUPF3UmnArUNMZmGSbJYLKQ/w400-h88/image.png" width="400" /></a></div><br />He states directly on his podcast that he does not believe there is a particular ideological intent to content moderation at modern social media companies, but that he would be worried if the Mercer family owned them. But we live in a world where the top media and news companies have been owned and controlled by just a few powerful families. He's skeptical that market pressures from the public do anything because the gravity of network effects are too strong, but this is more a feeling than any kind of data-based analytical approach. Social media networks go in and out of style all the time. They add and remove content moderation features as pressured by their customers. <p></p><p>But let's start at the top: Editing is speech and also code is speech. Writing a neural network that scans all of Trump's tweets, and downgrades any tweet that matches their political views is an act of expression. It's highly ironic that a law professor would reach for arguments that had such a keyhole sized view on human expression. </p><p>A banana taped to a wall can be art in the same way. It's not just the code itself that is expression, but also <b>my choice to write that particular code</b>. </p><p>It's hard to explain how tortured the arguments made in the paper are - he throws in a straw-man that Google could potentially claim that buying office space in a particular city is an editorial choice, but a better analogy might be a restaurant owner picking their decor and requiring that loud people keep their conversations down, which is more closely a business policy of expression.</p><p>Apple <a href="https://www.theguardian.com/technology/2016/feb/25/apple-fbi-iphone-encryption-request-response">made a First Amendment argument</a> in the San Bernardino case - essentially saying that when the Govt forced it to write a backdoor that was a violation of their First Amendment rights. And a similar argument applies here, although perhaps even more clearly.</p><p>I also don't think there's any serious reason why scale matters - even Parler has 10M users. I'm not sure we have a threshold for scale anyone could agree on and I don't think we want the courts interpreting First Amendment rights based on how much of a marketshare or stock valuation you have.</p><p>What is most worrying about Kyle's paper however, is not the speciousness of his arguments, but the collateral damage of his recommendations. Gutting prior restraint because you are scared of "Viral Content" opens a door to unknown horrors. </p><p>The ends, in this case, not only don't justify the means, but lead to unexplored dangers when it comes to government regulation of public content and the platforms we are allowed to build. For that reason, I highly recommend applying strict scrutiny not just to this paper's recommends, but to the rest of the Lawfare content moderation project.</p><p>-----</p><p>Listening to the <a href="https://lawfare.libsyn.com/kyle-langvardt-on-platform-speech-and-the-first-amendment?tdest_id=221919">podcast</a> while you run down the beach is the best way to analyze this piece.</p><p><br /></p><p> </p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p> </p>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-68117439478241599012020-11-25T06:53:00.001-08:002020-11-25T06:53:02.351-08:00Our Top Priority for US Cyber Policy<p>Progress is cyber policy is mostly apolitical and organic and international. A mistake we in the US have sometimes made is viewing our cyber policy as being purely domestic, when the key feature of the cyber domain itself is to transcend borders and to be interlinked.</p><p>If you look at what works for other countries, one policy effort in a major ally stands out as being something we desperately need to adopt: The <a href="https://www.ncsc.gov.uk/information/industry-100">UK's NCSC Industry-100 platform</a>.</p><p>At its heart, it's very simple. Essentially, you can find talent within private industry, ask them to take 20% of their time and donate that as work for the US Government. In exchange, they get experience they can't get elsewhere, and we hold their clearance. </p><p>It requires management, and funding, some basic distributed infrastructure, and the ability to scale, and it requires the will to enact a different way of recruiting and dealing with talent. But the follow-on effects would be vastly out of proportion to what we invest, and we need to do it as soon as possible. With this effort, we solve clearance issues, counterintelligence, recruitment and training, industry relationship building. We inform our government and our technical industry at the same time. Instead of saying private-public partnership, we actually build one. </p><p>It's past time. Let's get to work.</p><p><br /></p>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com1tag:blogger.com,1999:blog-2702972381435105050.post-42211424026616865642020-11-15T09:00:00.003-08:002020-11-15T12:01:38.105-08:00Fifth order effects<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDwEoFNvCStb4kPf1EP8eWBWVqi5ljna4FUd-EN7SzAnHicdxSlQtBUeo6OsOVgVzrqG8odKqSRePenz1GpRA8HuD8c5ltdbGc9tvfRz_ECQOE-UfORd2xV25Iu6_qLuhfNa0hsItYYT0/s612/Screen+Shot+2020-11-15+at+11.31.46+AM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="612" data-original-width="592" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDwEoFNvCStb4kPf1EP8eWBWVqi5ljna4FUd-EN7SzAnHicdxSlQtBUeo6OsOVgVzrqG8odKqSRePenz1GpRA8HuD8c5ltdbGc9tvfRz_ECQOE-UfORd2xV25Iu6_qLuhfNa0hsItYYT0/s320/Screen+Shot+2020-11-15+at+11.31.46+AM.png" /></a></div><br /><p></p><p>There are methods of cyber policy and strategy thought that various countries keep quiet about the way ADM/TESO kept their 0day. When it takes a long time to integrate information warfare into your techniques and operationalize it and test it and learn from the practice of it, then knowing its relative weight in hybrid warfare before your adversary does is useful enough to hide.</p><p>But of course, the same thing is true on the other side. You could call out the United State's primacy in early lessons on ICS hacking as the results of opportunistic investment, or you could see them as payoff for forethought around the policy implications of ongoing technology change, slowly evolving into the Stuxnet-shaped Stegosaurus Thagomizer that pummels any society advanced enough to have email.</p><p>Persistent engagement might be one of these. Look far enough into the future on it and what you see is a sophisticated regime of communication strategies to reduce signal error between adversaries, sometimes leveraging the information security industry (c.f. USCC sending implants to VirusTotal), but also sometimes <b>USCC silently protecting the ICS networks of Iran and Russia from other intruders</b>. </p><p>Recently I did a panel with one of the longest serving CSOs of a major financial that I know about, and one thing that struck me is how at the scale of a large financial institution, your goal is raising the bar ON AVERAGE. As an attacker, my goal is to find ways to create BINARY risk decisions, where if you lose, it's not ON AVERAGE but all at once. Your goal as a defender is to make any offense have a cost that you can mitigate on average.</p><p>Phishing is the obvious example. So many training courses (aka, scams) have been sold that provide a metric on reducing your exposure to phishing from 5% of clicked attachments to 2% of clicked attachments. But anything above 0% of clicked attachments is really all the attacker needs. There's a mismatch here in understanding of the granularity of risk that I still find it difficult to explain to otherwise smart people to this day! "It doesn't matter how deep the Thagomizer went into your heart, there's no antibiotics in the Jurassic and you're going to die!" might be my next attempt.</p><p>But other examples include things like "JITs" where any vulnerability can become EVERY vulnerability - from replacing an object to introducing a timing attack. You can't even understand the pseudo expression that defines what a JIT vulnerability is because it's written in an alien language only a specialist in x86 code optimization can even pretend to understand, and usually doesn't.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrHm2HKElvobJcFwlBjL0BkYvdinlycbojOyhABX3YC1taNLQtONu4z8xj7Mj1HJkT5TahuicuNXSkNUbRm5276_gSsDx_Mc8INi8MJM_v9u-uofEjoHI7zQlRn7EczYyO-wZ7k6jZoAc/s1202/Screen+Shot+2020-11-15+at+11.51.52+AM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="646" data-original-width="1202" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrHm2HKElvobJcFwlBjL0BkYvdinlycbojOyhABX3YC1taNLQtONu4z8xj7Mj1HJkT5TahuicuNXSkNUbRm5276_gSsDx_Mc8INi8MJM_v9u-uofEjoHI7zQlRn7EczYyO-wZ7k6jZoAc/w400-h215/Screen+Shot+2020-11-15+at+11.51.52+AM.png" width="400" /></a></div><br /><p>This is true for a large section of the new technology we rely on, especially cloud computing. What we've lost sight of is our understanding of fragility, or conversely of <i>resilience</i>. We no longer have tools to measure it, or we no longer bother to do so. What used to be clear and managed is now more often unclear and unmanaged and un-introspectable. </p><p><br /></p>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com1tag:blogger.com,1999:blog-2702972381435105050.post-79167078709666572552020-11-03T09:25:00.000-08:002020-11-03T09:25:01.827-08:00A second byte at the China apple<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfvroCyyBN7xTQRGxcTyo5DDvF6796w7RXXo015JLWinBjvKQFBZGPZSXcPYfXHlojcN3fm63opjS57z_T7ijUTf4n9fE4Z-_wgsGNqW96GHo180qzwG6bSJz-vL0uPEsHGr8vKWKz3gw/s2404/Screen+Shot+2020-11-03+at+11.58.34+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="828" data-original-width="2404" height="110" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfvroCyyBN7xTQRGxcTyo5DDvF6796w7RXXo015JLWinBjvKQFBZGPZSXcPYfXHlojcN3fm63opjS57z_T7ijUTf4n9fE4Z-_wgsGNqW96GHo180qzwG6bSJz-vL0uPEsHGr8vKWKz3gw/w320-h110/Screen+Shot+2020-11-03+at+11.58.34+AM.png" title="Paywalled, sadly." width="320" /></a></div><br /><p><br /></p><p>Recently I read <a href="https://www.nbr.org/publication/opportunity-seldom-knocks-twice-influencing-chinas-trajectory-via-defend-forward-and-persistent-engagement-in-cyberspace/">an interesting paper</a> by Michael Fischerkeller, who works at IDA (a US Govt contractor that does cutting-edge cyber policy work). The first concept in the paper is that the Chinese HAD to implement a massive program of cyber economic espionage in order to avoid a common economic trap that developing countries fall into, the "<a href="https://en.wikipedia.org/wiki/Middle_income_trap#:~:text=The%20middle%20income%20trap%20is,gets%20stuck%20at%20that%20level.">middle-income trap</a>". </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgKiXDqJoYo4e5sjEl9YCzzTtnv2RhUd0ayTx6CsQpOSCC4ef_jz-d1EPtPJXuvSRQmoiZJvXYPXQoirbAGhuXhaag8O9y265ffK3xgjIZq8zmg-BnhjxSpRJJs7cEywx3boNm_dI5hWM/s1616/Screen+Shot+2020-11-03+at+12.08.47+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="730" data-original-width="1616" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgKiXDqJoYo4e5sjEl9YCzzTtnv2RhUd0ayTx6CsQpOSCC4ef_jz-d1EPtPJXuvSRQmoiZJvXYPXQoirbAGhuXhaag8O9y265ffK3xgjIZq8zmg-BnhjxSpRJJs7cEywx3boNm_dI5hWM/s320/Screen+Shot+2020-11-03+at+12.08.47+PM.png" width="320" /></a></div><p>One thing that always surprises me is that most people have missed the <a href="https://ustr.gov/sites/default/files/Section%20301%20FINAL.PDF">public and declassified</a> announcement that the USG made when it came to how primary the effort of cyber economic espionage was to the Chinese strategy - to the point of having fusion centers to coordinate the integration of stolen IP into Chinese companies.</p><p>It shouldn't surprise anyone on this blog that security policy and economic policy are tightly linked, but it's worth taking a second look a this paper's recommendations and perhaps tweaking them. Especially in light of US Government actions against Huawei, which demonstrate a clear path towards US power projection. </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiyRJ3mpJGPGIh72Lqnm8PWm8FuQ2MGnAp7WBn6qzKjIYemRRlXbbfkHG-kWhLHf7gF30UbwlOaXA-GoWhe09cbhgvACgqg9Id0m7hsqp8g7-aedHx536uWCvxIyQtQy1YvOSA9UhMWDE/s1326/Screen+Shot+2020-11-03+at+12.17.36+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="524" data-original-width="1326" height="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiyRJ3mpJGPGIh72Lqnm8PWm8FuQ2MGnAp7WBn6qzKjIYemRRlXbbfkHG-kWhLHf7gF30UbwlOaXA-GoWhe09cbhgvACgqg9Id0m7hsqp8g7-aedHx536uWCvxIyQtQy1YvOSA9UhMWDE/w400-h158/Screen+Shot+2020-11-03+at+12.17.36+PM.png" width="400" /></a></div><div><br /></div>But our path probably runs more efficiently in a different direction - protecting Intel, AMD, Synopsys, ASML, TSMC, and other firms key to building the chips <a href="https://www.ft.com/content/84eb666e-0af3-48eb-8b60-3f53b19435cb">China desperately needs</a>, and which the US has recently restricted via export control. Because TSMC and ASML are not US companies, we would need to flesh out policy that would enable US "Hunt Forward" teams to operate on their networks proactively, instead of reactively.<div><br /></div><div>And offensive cyber operations could be levied against the fusion centers distributing stolen IP, and against companies that receive that IP. "Hacking the hackers" is flashy and sounds good in terms of defensive operations that USCC can do, but as a long term strategy, it might simply be training up the hackers to have better OPSEC. Deploying an intelligence capability against the fusion centers, or the companies LIKELY to receive stolen information maybe have better return on investment, especially if that intelligence capability can be turned into a deterrent effort with the push of a button (something we also need to build policy around).</div><div><br /></div><div><br /></div><div> <br /><p><br /></p><br /><p><br /></p><p><br /></p><p><br /></p><p><br /></p></div>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-44547761839223997322020-10-20T05:29:00.001-07:002020-10-20T05:29:06.841-07:00Projecting Cyber Power via Beneficience<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc8ak0ozKkphYrdDPdelUau0ozxs_fHQ2Gg0GyQAmUidHH6Ufllxd5QETTJtb-Vyubouwkr0fFnX251GE9nt5obfxbS0e5_4_GumhpJdBWE4DTvS7hwwoRrzHEco_fM5nnFW4VlgrfAhU/s500/offense.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="500" data-original-width="500" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc8ak0ozKkphYrdDPdelUau0ozxs_fHQ2Gg0GyQAmUidHH6Ufllxd5QETTJtb-Vyubouwkr0fFnX251GE9nt5obfxbS0e5_4_GumhpJdBWE4DTvS7hwwoRrzHEco_fM5nnFW4VlgrfAhU/s320/offense.jpg" /></a></div><br /><p><br /></p><p>So many articles come out decrying Europe's inability to create another Google or AWS or Azure or even a DigitalOcean, Oracle Cloud, IBM Cloud, Rackspace, Alibaba, or Tencent. Look, when you list it out loud, it's even more obvious how <a href="https://ec.europa.eu/digital-single-market/en/%20european-cloud-initiative">far behind Europe</a> is in this space compared to where it should be.</p><p>And of course, projecting power via regulatory action only gets you so far. Governments like to negotiate with other governments, and you see this in cyber policy a lot, but it's worth mentioning that the European populace has a vastly different opinion on the value of Privacy than everyone else. We talk a lot at RSAC about Confidentiality, Integrity, and Availability, but in Europe personal Privacy is in the Triad, so to speak.</p><p>I think this is a unique strength. But I also think: Why try to beat the rest of the world at creating giant warehouses full of k8s clusters, when you can just pick almost any vendor now and get roughly the same thing. Moving the bits around and storing them redundantly is the BORING part. </p><p>But there are things Silicon Valley categorically, for reasons built into the bones of the system, cannot do. Some of those things hold great power.</p><p>Education is the obvious market vertical for Europe. There's massive power projection in being able to provide useful services, as Hezbollah does, as the local city council does. Look at the disaster that is the underfunded US education system, and think about the opportunity there. And in smaller countries, it's even more useful as strength projection. You just need to invest in translation and customer service. The key is NOT to exploit it for the obvious opportunities it would present to an aggressive intelligence service<b>. Trust </b>is as important an element of cyber power as <b>deterrence</b> is in nuclear policy. </p><p>I don't mean to understate the difficulty in doing good customer support across time zones and translation into the specific cultural dialects worldwide, but there's real technical innovation to be done in education as well. And innovation in software scales and has network effects and can provide the basis for a 21st century economy a lot easier than something built purely on advertising and surveillance. </p><p><br /></p><p><br /></p>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-54779046746856239692020-10-14T12:41:00.006-07:002020-10-14T12:48:33.961-07:00A 2020 Look at the Vulnerability Equities Process<p style="text-align: center;"> <img alt="I stole this picture from Marco Ivaldi's presentation on Solaris. :)" height="149" src="https://lh3.googleusercontent.com/MhOE-5MXdgL6a_BNcOintRFROOsaKitnNu_f8fXZPwf9oLgsTX5dxos6bbce-CyQEgjrJ8czw1WqeZEDr_M8z2qesYX9gVdevqUNeNczpT5uNE5NjqRRyOq5RDNzS3cuu2cNFdgq=w320-h149" style="font-family: Arial; font-size: 11pt; margin-left: 0px; margin-top: 0px; text-align: center; white-space: pre-wrap;" width="320" /></p><span id="docs-internal-guid-62788026-7fff-07e3-f093-dc90216539ab"><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The Vulnerability Equity Process’s original sin is that it attempts to address complex equities on a per-bug basis. But the equities involved are complex and interlinked. You cannot reduce a vulnerability to a list of components with a numerical score and make any kind of sane decision on whether to release it to a vendor or not. The VEP shares this weakness with the often maligned CVSS vulnerability scoring system. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">That said, an understanding of the equities around sensitive subjects in the cyber security world is valuable for the United State’s larger strategic goals. So what this paper tries to do is present some revisions to the policy, first made public under the Obama NSC, that would attempt to harmonize it with our strategic goals.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">There are several areas where the VEP policy can be drastically improved, and we will go over each in turn.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Integrating Understanding of Attack Paths </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Scoring individual vulnerabilities is most difficult because exploits are not built from just one vulnerability, so much as a </span><a href="https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">chain of vulnerabilities</span></a><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. In a sense, the value (and risk) of a vulnerability is linked to all the other vulnerabilities it enables. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Attack surfaces are another example where it makes sense to be careful when assigning any equity judgement. For example, if we release a vulnerability in a hypervisor’s 3D rendering code, it can be assumed that both the hypervisor vendor and the outside research community will spend time focusing on that area for additional vulnerabilities. This means that even if an initial new vulnerability is not useful for a mission, other vulnerabilities in that same space may be useful, more exploitable, or affect more platforms. It may be worth not releasing a particular vulnerability based on how it may inform the broader research community about attack surfaces.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Exploitability and discoverability also needs to be understood in terms of modern automation techniques. </span><a href="https://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Automatic exploit generation</span></a><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, fuzzing, </span><a href="https://securitylab.github.com/tools/codeql" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">source code analysis</span></a><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> and other new static analysis techniques change the profile for how likely a new vulnerability is to be rediscovered by our adversaries and the wider research community. Likewise, we need a model of the sizes and capabilities of our adversaries - if the Chinese have essentially unlimited Microsoft Word exploits, then killing one of ours has little impact on their capabilities.</span></p><br /><br /><br /><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Aligning Equities to Mission Tempo</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">As we move into adopting persistent engagement, we are going to find more and more that our decisions around exploits cannot wait for a bureaucratic process to complete. For some missions, especially special task forces conducting counter-cyber operations or other high-tempo mission types, we are going to need to have a blanket approval for exploitation use and deal with the VEP process on the backend. On the reverse side, we can special-case scenarios where we know we have been discovered or have found third-party exploitation of a vulnerability. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Likewise, the risks of some missions affect our understanding of how to use vulnerabilities - in some cases we want to reserve vulnerabilities for only our most least risky missions (or vice versa). </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Analysis of Supply Chains</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We clearly need to communicate to our vendors that we have a presumptive denial of release of any vulnerability we purchase. As well, a process that brings our vulnerability suppliers into the discussion would be a valuable addition. The technical details of the vulnerabilities, the attack surfaces they target, and the potential risks to other areas of research are known best by our suppliers. They may also have the best information on how to design covert mitigations that we can apply to our own systems without revealing information about the vulnerability itself. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The security of our suppliers is also a factor in our equities decisions. Coordinating around security issues is essential for long-term understanding of the equities around vulnerability use and may need some formal processes. Individual vulnerability finders often have their own style fingerprint, or method of analysis or exploitation. These impact attribution and other parts of our toolchain equities up the stack. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Currently we have no way of measuring how “close” two vulnerabilities are - even bugs that look like they collide in the code from a summary description can often be completely different. With recent advances in exploitation techniques and mitigation bypasses, fixing bugs that look unexploitable or low-impact can have massive detrimental effects on future exploit chains. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The ability to maintain capability still has many unknowns. This means our decisions must often delve into details that evade a summary analysis.</span></p><br /><br /><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Communications</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We may also want to revise how we communicate to the community when we have released a vulnerability for patching by a vendor. Do we have the ability to inform the public about the details of a particular vulnerability, when our assessment differs from the vendor’s assessment? In some cases we should be releasing and supporting mitigations and point-patches for software ourselves to the general public. The answer here is not calling up a friendly news site, but an official channel that can release and iterate on code (much as we do for Ghidra). </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Measurement of Impact</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Implementing any kind of government policy like this without attempting to measure the impact on our operations and also on the broader security of the community is difficult. Nevertheless we should find a way to put metrics, or even just historical anecdotes, on how the VEP performs over time. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> </span></p><br /><br /><br /><br /><br /><br /><br /></span>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-27599641664120583072020-05-29T07:34:00.000-07:002020-05-29T16:17:24.031-07:00Cyber Lunarium Commission #001: The Case for Cyber Letters of Marque<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;">
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 13.999999999999998pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Cyber Lunarium Commission #001: </span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 13.999999999999998pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The Case for Cyber Letters of Marque</span></div>
<b id="docs-internal-guid-20ed6516-7fff-7a2d-c789-82aa670a0041" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Introducing The Cyber Lunarium Commission</span></div>
<span style="text-align: start;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The Cyber Lunarium Commission was established to propose novel approaches to United States cyber strategy grounded in technical and operational realities. The commissioners of the CLC “moonlight” in cyber policy, drawing upon their experiences in government, military, industry, and academia.</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The Cyber Lunarium Commission can be reached at </span><a href="https://www.blogger.com/null" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">cyberlunarium@gmail.com</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> and followed at </span><a href="https://twitter.com/Cyberlunarium" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">@CyberLunarium</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. </span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">---</span><br />
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The United States is losing ground in cyberspace. We are faced with adversaries who have benefited from rapid proliferation of commercial hacking capabilities. We are blocked by outdated legal frameworks, sluggish procurement practices, and a national talent pool we struggle to harness. In order to retain our dominance we must evolve our strategies. One solution may be found within the Constitution itself - </span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">letters of marque</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">.</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">What is a Letter of Marque? </span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In 2007, Rep. Ron Paul introduced </span><a href="https://www.congress.gov/bill/110th-congress/house-bill/3216/summary/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">H.R.3216, the Marque and Reprisal Act of 2007</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, an act to allow the President to issue letters of marque against Osama bin Laden, al-Qaeda, and co-conspirators involved in 9/11. While this bill never passed, it brought up a fascinating question - do letters of marque have a place in modern conflict? </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In </span><a href="https://www.law.cornell.edu/constitution/articlei" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Article I, Section 8</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, the Constitution establishes Congress’ authority to “grant letters of marque and reprisal.” These letters are commissions allowing holders to engage in privateering - in other words, historically allowing </span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">private </span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">operators to attack or capture the maritime vessels of adversary or criminal actors, without the need for the government to provide direct command-and-control. Both Revolutionary American forces and the post-Constitutional Convention US Congress employed this authority several times, most notably to fight piracy off the Barbary Coast in 1805, and against British maritime targets during the War of 1812. </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The concept of “</span><a href="https://www.realcleardefense.com/articles/2017/05/09/next_steps_for_us_cybersecurity_in_the_trump_administration_111343.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">cyber letters of marque</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">” (CLoM) </span><a href="https://www.loc.gov/rr/frd/Military_Law/pdf/08-2013.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">comes up</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span><a href="https://docs.google.com/presentation/d/1pD_BRXg6sgWdNtIEnTpZYXqQ2MEoAGdfrQsvuj9YeDA/edit#slide=id.gc4f71039_0128" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">every few</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span><a href="https://www.politics.ox.ac.uk/materials/publications/14938/workingpaperno1egloff.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">years in</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span><a href="https://foreignpolicy.com/2014/04/29/cyber-privateers/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">online cyber</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span><a href="https://www.usni.org/magazines/proceedings/2019/october/grant-cyber-letters-marque-manage-hack-backs" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">policy discussions</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. CLoMs would harness legal reform to allow private operators to conduct limited cyber operations at the direction of the US government and - in some limited cases - </span><a href="https://www.cyberscoop.com/hack-back-bill-tom-graves-offensive-cybersecurity/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">hack back</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">.</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Why Letters of Marque?</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Cyber power depends on our national ability to leverage technical and operational prowess to </span><a href="https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-081.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">achieve desired outcomes</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> across political, military, and economic domains, at scale and over multiple concurrent operations. US cyber </span><a href="https://www.stratcom.mil/Portals/8/Documents/CYBERCOM_Fact_Sheet.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">freedom of action</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> relies on our nation’s ability to not only </span><a href="https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-081.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">discover and </span><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">create</span><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;"> vulnerabilities in technology systems</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, but to then operationalize these accesses, while simultaneously denying our adversaries the ability to do the same.</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">By </span><a href="https://www.fbi.gov/wanted/cyber/boyusec-hackers" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">stealing US intellectual property</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, and using their </span><a href="https://www.voanews.com/africa/after-allegations-spying-african-union-renews-huawei-alliance" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">indigenously developed technologies to project power</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, foreign adversaries are threatening our technical dominance. Domestically, we face a </span><a href="https://www.washingtonpost.com/world/national-security/the-nsas-top-talent-is-leaving-because-of-low-pay-and-battered-morale/2018/01/02/ff19f0c6-ec04-11e7-9f92-10a2203f6c8d_story.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">depleted workforce,</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span><a href="https://www.justice.gov/usao-sdny/pr/joshua-adam-schulte-charged-unauthorized-disclosure-classified-information-and-other" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">damaging leaks</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, and restrictive legal regimes around cyber operations.</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The international market for offensive cyber capability is also increasingly moving to “access-as-a-service” (AaaS) offerings. With AaaS, governments or other actors purchase access to compromised devices, or even fully managed cyber operations from private contractors. Successful examples of AaaS include </span><a href="https://www.justice.gov/archives/opa/blog/prosecuting-sale-botnets-and-malicious-software" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">criminal botnet sales</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, </span><a href="https://www.darkreading.com/attacks-breaches/commercialized-cyberespionage-attacks-out-of-india-targeting-us-pakistan-china-and-others/d/d-id/1139791" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">commercialized cyberespionage offered by Indian companies</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, and high-end mobile hacking operations offered by the </span><a href="https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">controversial NSO Group</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. In addition to leveraging these companies for intelligence, foreign countries that house AaaS companies gain an experienced cyber workforce and grow their cyber security economy as the companies grow. The United States, by contrast, currently has few ways to utilize its own domestic hackers aside from direct employment with government or government contractors. </span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If the US is to regain dominance in cyberspace, we must lean into the winds of change already blowing - leveraging and empowering cyber talent outside of government to operate in cyberspace without fear of prosecution - naturally with appropriate legal oversight. Paired with American free market ingenuity and robust oversight mechanisms borrowed from existing federal agencies and structures, the disruptive potential for cyber letters of marque is profound.</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Operating Concepts</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CLoMs could be employed for a variety of operating concepts, but would never eclipse government operations - instead acting as a force multiplier and enabler. As it stands, the right to conduct cyber operations is reserved for government employees under special legal authorities (Titles </span><a href="https://www.law.cornell.edu/uscode/text/10" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">10</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> and </span><a href="https://www.law.cornell.edu/uscode/text/50" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">50</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">).</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CLoMs would not be used for high risk operations (e.g., intelligence collection against foreign heads of state, or </span><a href="https://www.army.mil/article/173473/CDID_director_discusses_state_of_integrated_air_and_missile_defense_during_SMD_Symposium/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">“left-of-launch” missile defense operations</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">). These letters could provide a valuable tool against targets such as ISIL, or serve as a way to leverage niche or short-term capabilities against targets of opportunity that appear and disappear before a government program could be leveraged against them. In severe cases, CLoM authorized-operations could even be used as a deterrence measure against foreign organizations that have broken US law and threatened US national security. </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CLoM Operating Groups</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Operations under CLoM would be carried out by businesses within the US similar to those involved </span><a href="https://www.rand.org/pubs/research_reports/RR1751.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">in commercial sales of 0day exploits and other offensive cyber capabilities</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. In other words, boutique firms offering deep technical skill, specialized subject matter expertise, and innovative tooling working in conjunction with traditional defense industrial base companies managing less glamorous issues and manpower-intensive engineering problems. </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">US companies holding CLoMs could hire cyber talent in the private sector and veterans of the US intelligence community and military, providing them with an additional option other than directly working in government or its contractors to </span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">legally</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> work on offensive cyber challenges. </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CLoMs would provide indemnity from prosecution in the US legal system for otherwise “illegal” computer hacking activity in violation of the outdated 1986 </span><a href="https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Computer Fraud and Abuse Act (CFAA) and other pertinent statute</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">s, against non-US entities. As private citizens protected inside the US, CLoM operators would have to assume the risks of foreign prosecution for their actions - though the US would not extradite CLoM holders. </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In order to protect CLoM operators, the specific identities of groups carrying out these operations would be kept private, but announcement and fact of issuance of CLoMs could be made public in some circumstances (e.g., after operations have taken place successfully, or upon authorization of “</span><a href="https://www.newyorker.com/magazine/2018/05/07/the-digital-vigilantes-who-hack-back" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">hackback</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">” style CLoMs to project a deterrent effect against would-be attackers).</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Funding CLoM Operations</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In traditional maritime LoM contexts, operators were allowed to keep seized assets from captured vessels, paying modest taxes on this “treasure” to the government. In cyberspace, capturing real value is much harder - digital files are infinitely and instantly reproducible non-exclusive goods. In CLoM operations, funding would come from agencies benefiting from outsourced private operations - e.g., DoD, CIA, NSA, etc. In limited reprisal contexts (explored further in later posts) funding from third parties or captured value would be possible.</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Oversight</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Congressional involvement in issuing CLoMs would help normalize cyber operations as a tool of national power, bringing them out of the shadows of classified Executive Branch programs where they have traditionally been housed.</span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Rather than holding whole-of-Congress referendums for each CLoM, Congress could delegate authority to a select or special committee drawing upon expertise from committees on defense, intelligence, foreign affairs, government oversight, etc. Congressional authorization of CLoMs would ideally also be worked in conjunction with relevant stakeholder agencies across government. </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CLoMs would only be issued to actors deemed trustworthy and qualified. While operations under CLoM would ideally be conducted at the unclassified level, members of CLoM operating companies could be required to maintain clearances to facilitate communication of targeting, deconfliction, and counterintelligence information. </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Granting authority to legally engage in cyber operations to non-government operators may be seen as “norms violating.” However, internationally, delegating authority </span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: italic; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">is in fact the norm</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> - </span><a href="https://intrusiontruth.wordpress.com/2020/01/09/what-is-the-hainan-xiandun-technology-development-company/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">a concept of operations that China has embraced with particular vigor</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. </span></div>
<b style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; caret-color: rgb(0, 0, 0); color: black; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Future Reporting</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 12pt; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">This is the first report of the Cyber Lunarium Commission. Over the coming days, we will publish three additional reports exploring various operating concepts that CLoMs could enable: privatized counter-ISIL cyber operations, access-as-a-service IoT offerings, and limited “hackback”-style reprisal operations against adversaries.</span></div>
<br class="Apple-interchange-newline" />Cyber Lunarium Commissionhttp://www.blogger.com/profile/04006638293782464041noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-14395690351695581952020-05-21T11:29:00.004-07:002020-07-14T07:10:31.540-07:00Chinese Games have Ring0 on Everything Like many of you, my kids love Doom Eternal, <a href="https://www.techspot.com/news/84841-valorant-anti-cheat-software-loads-kernel-based-driver.html">Valorant</a>, <a href="https://us.forums.blizzard.com/en/overwatch/t/anti-cheat-update-wont-work-unless-its-ring0/469605/2">Overwatch</a>, Fortnite, Plants Vs Zombies, Team Fortress 2, and many other video games that involve some shooting stuff but mostly calling each other names over the internet. I, on the other hand, often play a game called "Zoom calls where people try to explain what IS and IS NOT critical infrastructure". <div><br /></div><div>Back in the day (two decades ago) when Brandon Baker was at Microsoft writing Palladium, which then became the Next Generation Trusted Computing Base, I had a lot of questions, and the easiest way to answer those questions was "How would you create a GnuPG binary that could run on an untrusted kernel, which could still encrypt files without the kernel being able to get the keys?" You end up with memory fencing and a chain of trust that comes from Dell and signing and sealing and trusted peripherals and all that good stuff. </div><div><br /></div><div>The other thing people penciled out was "Remote Attestation" which essentially was "How do you play Quake 2 online and prove to the SERVER that you're not cheating." In this sense, Trusted Computing is not so much Trusted BY the User, but Trusted AGAINST the User. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoU6n0bEWdIMbUaP1e89vHqGMa540Pja5Q7p11A-M2wV1JUQlXzv_BhQ0quf6CeDZ17vKjgjGI8I2Q47aseWhJTYWVmhXR1Izth4JxxOg1fgwyRNcSbYOX-kmolQ7nEmg0az_gyd6O3vY/" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1412" data-original-width="1678" height="336" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoU6n0bEWdIMbUaP1e89vHqGMa540Pja5Q7p11A-M2wV1JUQlXzv_BhQ0quf6CeDZ17vKjgjGI8I2Q47aseWhJTYWVmhXR1Izth4JxxOg1fgwyRNcSbYOX-kmolQ7nEmg0az_gyd6O3vY/w400-h336/Screen+Shot+2020-05-21+at+2.08.34+PM.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;">Doom Eternal removed their Ring0 anti-cheat but it's not that competitive a game really, especially compared to Valorant or Plants vs. Zombies</div><div><br /></div><div>Because writing game cheats is somehow (in this dystopia) extremely lucrative (see <a href="https://www.immunityinc.com/downloads/Recon2019_Unveiling_the_Underground_World_of_Anti-Cheats.pdf">this</a> Immunity presentation on it), game developers have quite logically invested in a budget implementation of Remote Attestation, largely by including mandatory kernel drivers which get installed alongside your game. These kernel drivers sometimes load bytecode from the internet, are encrypted and obfuscated, and have a wide view of what is running on your system - one you as the gamer or security analyst can not interpret any more than you can what scripts are run by your AV.</div><div><br /></div><div>To add to your paranoia, as you probably DON'T know, most gaming companies <a href="https://techcrunch.com/2020/01/22/tencent-to-grow-gaming-empire-with-148m-acquisition-of-conan-publisher-funcom-in-norway/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAKExqGiaUJHBcRSYctVCaNfGl6xs5UWvAmnJvIrx5w2RKoBQEzn2HHr34hAKmZdx_LjlZI7U-VlvK8_vxIqb_ROnB2GK8HBzMv1lgdsA-JjWiP1oPjQvR1abNfnx7k9FnYCdqmqUmXG_anNiLdiyu-1foXRV62_sBGz8D__ZGXuu">are owned or controlled by Tencent</a>, a Chinese conglomerate which is also very <a href="https://blade.tencent.com/en/about_us/">active</a> in cyber security, so to speak, even though they are often headquartered in the US. </div><div><br /></div><div>To put it directly, nobody wants to say that Tencent can control nearly every machine in the world via obfuscated bytecode that runs directly in the kernel, but it's not a whole lot of steps between here and there. Of course, aside from direct manipulation gaming data, which includes lots of PII, offers a massive value to any SIGINT organization, has huge implications for running COVCOM networks (c.f. the plot of Homeland), and is generally a high value target simply because it is assumed to be such a low value target. </div><div><br /></div><div>We spend so much of our time trying to define critical infrastructure, but one easy way is to think about your network posture from an attacker's perspective, which hopefully this blogpost did without raising your quarantine-shredded anxiety levels too much. </div><div><br /></div><div>-----</div><div><br /></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img alt="" height="190" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQoAAAHQCAYAAADpt1cCAAAgAElEQVR4Aeydd1hVR9f23z++VJMnRY0t9ooVezf23nuNvffeW2xYAOlFxIYI9l5BqSpVARG7McbEDmhiy/O+93etjXMyZ9gHDhYEWee65pq995m65rc3Z9+smfmffMXKIyuEes3bg0JWaMuHakOBYhYoWawEyhUpinKlyqJmjTqoWbcRKtVsgOr1mqJ+k/Zo3qY7mrfuiqZtuqBVl95o070vegwagcHjp2LIhGn4efQk9Bk2Bj0HjkSrjj1RrW5jlK1UCyXLVUXxMlVQuXo9lK9QBeVKl0K5MmVQsFi5HG3zDzXWXG/WeO7wOPA4MAPMADPADDADzAAzwAwwA8wAM8AMmMNATtGt/sccY2RGmpxicHNsmb+oBYoWL4c6dRqgbqNmqF6vCYqXr4pSFWqiXMVaqFy1AarXbYKf2nRCi4490bHXz+jSdwjad++PFu27o36ztqhapzEqWNZF6fLVUbhEeRQuZoFS5arCslYjFClZAfmLWbBAmEVEcnOY4DT8h4sZYAaYAWaAGWAGmAFmgBlgBpgBZoAZ+HAM5BTdioXCLCwW5S9WHkXKWqJy7Uao0aA5ipezRPHSlihrUQMWlevAwrKO5i1YrW4T1G7YAhWr1UNJi6ooU6EGylWogdLlqmoCYYHCZfBjiYr4sVRlUJn8YGEbMAPMADPADDADzAAzwAwwA8wAM8AMMAPMADNgPgMsFGayoJRTDP42N2GB4hVQsHgFFC5RAcVKVUGZijVQ2qIqipaugCIly+PHouVQtFQFFC1dGT+WLI8CxQl49hx8G5tzXvMfmmwrthUzwAwwA8wAM8AMMAPMADPADDADzMDHykBO0a3YozCTBdGP9YbhfvEfA2aAGWAGmAFmgBlgBpgBZoAZYAaYAWaAGfhYGWChMJMFtJxi8I/1huF+8R8DZoAZYAaYAWaAGWAGmAFmgBlgBpgBZoAZ+FgZyCm6FXsUZrIg+rHeMNwv/mPADDADzAAzwAwwA8wAM8AMMAPMADPADDADHysDLBRmsoCWUwz+sd4w3C/+Y8AMMAPMADPADDADzAAzwAwwA8wAM8AMMAMfKwM5Rbdij8JMFkQ/1huG+8V/DJgBZoAZYAaYAWaAGWAGmAFmgBlgBpgBZuBjZYCFwkwW0HKKwT/WG4b7xX8MmAFmgBlgBpgBZoAZYAaYAWaAGWAGmAFm4GNlIKfoVuxRmMmC6Md6w3C/+I8BM8AMMAPMADPADDADzAAzwAwwA8wAM8AMfKwMsFCYyQJaTjH4x3rDcL/4jwEzwAwwA8wAM8AMMAPMADPADDADzAAzwAx8rAzkFN2KPQozWRD9WG8Y7hf/MWAGmAFmgBlgBpgBZoAZYAaYAWaAGWAGmIGPlQEWCjNZQMspBv9YbxjuF/8xYAaYAWaAGWAGmAFmgBlgBpgBZoAZYAaYgY+VgZyiW2U5j0JheI7bg23ANmAGmAFmgBlgBpgBZoAZYAaYAWaAGWAGmAFmIOsw8LEKoaJfLBQ2zzqw8Y3PY8EMMAPMADPADDADzAAzwAwwA8wAM8AMMAPMQNZlQAhqH2uc5YTCj9XQ3C92v2YGmAFmgBlgBpgBZoAZYAaYAWaAGWAGmAFmIHsyIMTbj338WCjM5LUYP3aguH/Z84HH48bjxgwwA8wAM8AMMAPMADPADDADzAAzwAyYZoCFwkwW0HKKwfmmM33TsW3YNswAM8AMMAPMADPADDADzAAzwAwwA8wAM5AVGcgpuhV7FGayIJoVYec28UOYGWAGmAFmgBlgBpgBZoAZYAaYAWaAGWAGmAHTDLBQmMkCWk4xON90pm86tg3bhhlgBpgBZoAZYAaYAWaAGWAGmAFmgBlgBrIiAzlFt2KPwkwWRLMi7NwmfggzA8wAM8AMMAPMADPADDADzAAzwAwwA8wAM2CaARYKM1lAyykG55vO9E3HtmHbMAPMADPADDADzAAzwAwwA8wAM8AMMAPMQFZkIKfoVuxRmMmCaFaEndvED2FmgBlgBpgBZoAZYAaYAWaAGWAGmAFmgBlgBkwzwEJhJgtoOcXgfNOZvunYNmwbZoAZYAaYAWaAGWAGmAFmgBlgBpgBZoAZyIoM5BTdij0KM1kQzYqwc5v4IcwMMAPMADPADDADzAAzwAwwA8wAM8AMMAPMgGkGWCjMZAEtpxicbzrTNx3bhm3DDDADzAAzwAwwA8wAM8AMMAPMADPADDADWZGBnKJbsUdhJguiWRF2bhM/hJkBZoAZYAaYAWaAGWAGmAFmgBlgBpgBZoAZMM0AC4WZLKDlFIPzTWf6pmPbsG2YAWaAGWAGmAFmgBlgBpgBZoAZYAaYAWYgKzKQU3Qr9ijMZEE0K8LObeKHMDPADDADzAAzwAwwA8wAM8AMMAPMADPADDADphlgoTCTBbScYnC+6UzfdGwbtg0zwAwwA8wAM8AMMAPMADPADDADzAAzwAxkRQZyim7FHoWZLIhmRdi5TfwQZgaYAWaAGWAGmAFmgBlgBpgBZoAZYAaYAWbANAMsFGaygJZTDM43nembjm3DtmEGmAFmgBlgBpgBZoAZYAaYAWaAGWAGmIGsyEBO0a3YozCTBdGsCDu3iR/CzAAzwAwwA8wAM8AMMAPMADPADDADzAAzwAyYZoCFwkwW0HKKwfmmM33TsW3YNswAM8AMMAPMADPADDADzAAzwAwwA8wAM5AVGcgpuhV7FGayIJoVYec28UOYGWAGmAFmgBlgBpgBZoAZYAaYAWaAGWAGmAHTDLBQmMkCWk4xeEZvuvzFK6BEueqoUbM5OrTqjZH9x2PxhF/gssAJvqs247DDTvi57sNJlwMIdj6KUOfjOGGzH7uWb4P7PHcsHb8Mo/tORMeWvVGrZnOUKFsdVGZG28HpTT8s2DZsG2aAGWAGmAFmgBlgBpgBZoAZYAaYAWbg42Ygp+hW7FGYyYJoeg8OEvEqVmmIHu0GYc1UG5x0PmoIp5yPIsD5KE45H0GA0+HX4RACnA4h0PEQgh2PIMjxKIKcjiLY5RhCXI8jxPUYQl2P4bTLMYQ6HcEJq+3wne6C8e2Go0XtVijDwiGLplnsHkjvHuHvP+4/vjy+PL7MADPADDADzAAzwAwwA8wAM5AVGWChMJPFg5xicD3YC5SoiNq1WmDW4NkIdDiMIC0cRbDDcQQ5HEeI4wmEOPrhtJM/zjidxBknf5x18keYsz/Cnf0R4XwS4S4nEe7qj7OuJxDm7o9wj5MIc/NDmJs/otadRJDtfhxb5g3fyfaw6jwJE+v2xLxWQ7Co/XAMrdYaP5WtgxLFKyN/Jo+7nj34Gv9RYAaYAWaAGWAGmAFmgBlgBpgBZoAZYAaYgazEQE7Rrdij8AMKY+Uq1MHInuMQZH/032B3FMF2RxFqfxynHY4jzNEP4Y5+iHD01+JwBz9QiHDwR6TDSUQ5poRIp1OIcDmFCNdTiHIPRJRrAKJdAxDjHogwu6PYPX0d9s5whWPfORheoRWWtBmBOa0GoX+lFmhVqCqaFqyCKl8VRfXcpVEsXynkL1KOPe0+IBtZ6WHIbeE/zswAM8AMMAPMADPADDADzAAzwAwwAzmdARYKM1kkySkGpxurZvWmsBm/GsG2h7QQYnMYp9cexVm744jQREASAk8g3PEYIpyOIdLpOCIdjyOCgsMxhGvhOCId/BDl6J8SnE4iyikA51yDtRDjGoJYt1CccwzAnmme8BqzFtsnO2K0ZSdMb9gP81sPRb8KzdEsvyXqfFsGlb4qhirfl0aRz/Kh4Gc/IP/nefDD1wWQr1AZFgwz+V7I6Q9f7j//AGEGmAFmgBlgBpgBZoAZYAaYAWaAGchqDOQU3Yo9CjNRBKpVvSk8ptjhzJp9OGt9AGG2hxBuexgRtkcQaXcM0XbHtXDO/gSiHUgcPIxI56OIcjmGKGcSDI8h0pHCCS1EOfohWgv+iHY8hfPOwbjgegYXnE8jwTUCF13CccbqODYMtoPXKEe4DFyGUdW7Y3670eht0RwtClZHjf+URuVcxVHuq2Io9Gk+5Pv0B+T+NA+++eQ7fPdZbuQmwfA/BVkwzEROstrDkNvDf6CZAWaAGWAGmAFmgBlgBpgBZoAZYAZyOgMsFGayMPIxG5ymGK8avRTB1nsQYrsXp+32I9zxsCb+RTmTIHhUEwFJDIxyOY5oZz9EO/khxvkkYp1PIsY5ICU4BSDGKRDnnQIR4xyshVjnEMQ6n0acyxlcdD2LS64RuOwajQSXc7jkfB7HZ++HxwB7bB7phnmtp2BZrzkY2ag/qn9dFrVzV0C9/JawzF0WJb4sjAKfF0DuT3/AN5/kwTef5cH3X/6A77/Ig9yf5UaeT3Mj7zcFka8wT0nO6Q9H7n/2+4EwdPRETJg2B+279c3xHsJlqtRB6Uq1c7wd+D7Ofvcxj1nWH7OCJSqicBlLfr5k8jsE3xtZ/97gMeIxYgaYgY+FgY9Zt5LHiD0K3+OPmQLFK2JQ++E4Y3UUp1cfxWnb4wi390eUcwCiXYIM4ZxbEM65h2jhvHswzrmFIMY1FPEuZxDvfPbf4BSGC05huOhM3oKRr0M0LrpEI4HEQfdIXHKPwlWPOFxxu4CLjjHYP3k3NgxeB6cB9hhcdQDGtxiNzpbtYfF1GdTKXwV1C1VF+W9LocjnhZDv03z4/pO8+OaT3Pj2szzI88UPyPN5XuT5NA/yfpobeT75Drk//Q758hXnH8HvkRv5BhXHtOFNXHwCnj17jqTkJ1r466+/0ahlRx6LTB4LMSbZIa5atykSE5Mgf8Iioj84M7679uLlq1cGlul44PBx761dcxYuw+3f78hm0I5DTodpdZarWg8PHj7C338/09pE8fWbv+LH0lXMbtPkmfPx3//+998+vXwJl3Ubzc6fHXjKDm0sWKoyBoyZhuFT5qPn4HGgZ2d2aDe3Mfu/QP3UtgdWu23VwsR5ViDR8GMa1wIlK8GiRiOUfx2KlK32UfXvYxor7kv2f57wGPIYMgNZlwEWCjP55ftjM7hl5UY4MNcHkav8EbnqFKJtTuO8QxRinc4h1uk8Yp3PI8b53OsQjfOu0YhxO6eFWLdziHM7j4uu55HgEoME1xgkuMXgklssLrnF4apHPK4YwkVc9riIy+vjccXrAi5vicN1r0u4uj4BF13jcWTWEWwdsxVreq1Bx+Id0bNaT9T+sQ7KfFMWlvkrokpeCxT7vBAKfZpf8yjM+9kPyP1Jbm36cb4v8iHfZz/gh0/zIP9neZDvk9zI91leFPwyH3744gfk+7Fstv2R2GvAMNy4eQtXr98whJu//ga/k4FZsk/0snv33n0joeP//u//0Knnz1myvZn9x23xstX49dZtw1jSuN767Tas1tibbZ/ZC5ZqeWQmqMwZ834xu4zM7nd69fns2GPEDJ2QmNWsbdcP1qeR46emahOJeBkR5dLrt/x9cOjZVPWJC+di4jQ7NGzRAf/8819xWYtJiC9RvobZdipUshIePXpsVEZm3qNlLOuhafte6DlkAvqOmIQu/Udi+OR5mljWsFUXvIuX+tbdfsak+VYYP3sZfh4zHfmLVzDbPvKYvM/jYuVrwspliybWLHXw/OjEmvdpu7cp26JaQ0yav1JjY/KClWjQsssbsdG57wgDY+NmL0WRMlXfqJy36cub5KV7YeZSW4NQuMrVC3RPvklZWS1P6Sp1MXr6IkPfhBhK8Zzl9qjRqPUb9ZNsRoL+hDnLNW6InzbdB75RWVnNZtyerPuCz2PDY8MMMANvy8DHpluZsgd7FL4HQbRXywE4bXUUYav9EbU2FHGOkbjoFIvLTpdwxfkSrrpexlW3y7iihUu46kEhQRP/Lq+7gEvrLuCiRyziN8biwqYYxG2JxQUpxGw6h7gtMbiwNQ4JPgm4vOMSLu24iIgtYTjrGYqLPhfwx74/ce/AA0TaRcF7gg+WdlmGAdUGYvBPQ2DxjQWK5SqG8rnLoNy3JVD4s/wo8nkBFPmyIAp++gPy/7/cyP//vkfBz/KgwKevjz/Ng0Kf5UWRz/Pjxy/yaxueFPoiHwrkK5Utf9Sd8A8weqEXJySi1G3cJsv1iYTCP+/eE83UYhIhOnTvl+Xaauph8z6vBwSHGtlGnDx89MgsAYrs+9vt30U2o9jR1SPb2pg899RPZopX6piTmKYnePcZNPK92HjIqAlq943OyUuX2lijQQu8+ucfo+9IKCxmkTGPGfIqVD/0DwnVDu/qvGDJymjXcxAW2bjpvsTLL/R0PGHuClSq3eSN2kP3iFwPCSEkDr2rvryrckgQtXLapNljkY07yLP/XZXN5Zh+uajdtIMRgyQgETMZsRmJgmLsiNfsJLaR6DVjyccnFLbq0t9oXNVnijgfOHZGhv9x0G3gmFRl0z83MsIMpzV9T7Jt2DbMADPADLwfBlgofA8CWlqwfgwGL1SyMpYMXYQQm6M46xiAc+7huLAxFpe2XsLlrZdxectlXN16GVe3XcFVnyu44nMJV3wScMU3Hld3xOPqznhc230R1/Yk4Or+BFw5cglXj1/BNf9ruBn4K24F38JvobfwR9gd3Iu8i0fnHyLpQiKeXnqCp5ee4o/IP3HxaAKitkcjbH0Ervhcx+XNV7Bp7BYs77ECfS37oW25NiidqyQKf14Ihb8ogCJfFEChT/Ki2BcFUSrXjyjxeQEUo/NP8qDYZz+g6Kd5UeST3NpxiS8KoOSXhVDii4Io/mUhFM9VCEW+KIiC3xVDvqLv50ZMi5k3/Y48l548faq+zxvO3dZvynI/VFkoTJsvU8IviWK0Pl96rHTsMQCUVu+TnYVCvX6RUPe+vPfSs/PCpStTmfjK1evpjk965Zr6Xo8LGufYCxdBnoZr7Jy1ut+VUGjqPh07aeY77yNNcxSec+JlnWISWmavsMf0X2ywYI1LqhdxSjNs0twMe9pVa9AyVVk9Br+/6eKmxjS96ywUpv2sTM9+b/p9rcZtjfggka9SrcYZ4p68yWSWqQzyZnvTNmV2PrIBebEud9yk3WMZFUozu73p1degVRej8aCxmWPlgMHjZ2PWMrtU33X9ebTZY1WxZmNNCJbHWzyb0msXf/9h7nG2O9udGWAGmIEUBj4G3cqcsWSPwnckiJa2qAGf+etx0vYgzqwLQtzOOFw7fBO/+v2BO8H38Gf4fdw7fx/3Y+7jQdx9PLhwHw/i7+FRwn0kX3uEpzcS8detJDz7/Qme33mKF3/8hRd/PseLuy/x6t4r/Pf+f/HPw//in0f/4NWDl/jnwUu8evACL+8/w8t7z7S0SdeS8Sg+CffCHyBq6zmEu0ciYHUgbPvaYlqzKWhWqCnKf1kORT4tiMKfF8CPn+dHsS8Lovjn+VH6i4Io93kBWHyWHxU+L4CKXxRExVyFUP7LgrD4sgDKf1UIFb4uCouviqBcrsIo91URlM5VGCVzFUHJr4ui8NeFka9I9tjoZNSEaanECvnC73f+yLAnhDk329ukMSVAsEdhygNbTxASYxoeeS7dlxeacm7qk52FQmKuRYceoCnInpu84eqx6YOJhMSwntfmvMUr0h2fN7139LhYZeuYqr53JRRSO53c1qdCSXguvmk/1Hw0PVN+wSZBhaYcl6taP1XfaF2xes07GXk7Ud5lDht006t1iXMSB+Q66Zg89rLaOmwsFH6YFxlVKCQ+SJAW/KQXk0fevJVORoxlN6EwvT5mp+9prU96Roh7no6r1m9pNJ7VG7SClXOK9y6lo39clKhQyyiNXp9prOdYORrKFnVklBm9svnah7n/2e5sd2aAGchJDLBQ+I4ENHOhyc4Gr1K5AfytduHEmn045x2Gh5EP8eTqX/j75gs8u/0Sf//2Cs/uvMKzP56/Ds/w7M4z/H3nbzz//Rme336GZ7ee4a+bT/HkejKSrybiSUIy/o5/gb9in+NJ9N9IinyCxPBkJIYl4uHph3gY+hAPKITcx/2gu7h/6k/cPXwbV30vI8w1HJe3XMLNTZdxZok/bNovxkCLnqjxH0sU+aQwCn1REDRtuPiXBVDmiwKo9GVB1Pm6KBp/Uwxtc5dCpx/KaaFDvvJonb88muYth4a5S6Ped6VR+5vSqPmfkqj2dQlU+boEKn5VAuW+Ko7SuYqixJdFkf/HrC8WmpqmKt7u//d//1cTV8xlVy8drW1GO6vSZhJ632f0WmYKhVVqN9baTW2nHWIz2tYPkV5PEBLjSdPJazUyfsGR20gbWbx8+VIkTxWbKxSS3SzrNNFsl13sJttBPqa+vOvdgWldUNVr88WLF2bvQEz3lLBvyQo1zeLy4JHjRuNJ97be0gLvUiisXr95qmnM73JdyKbtexu9YA8aO9Nssa5u805GL/YrnTejaLn014ArVKoKljtsNKqXXupJyCGxQGbnQx+zUPhhXlb0hEISjopaVDeLDz2PVRYKP8xY0j1c46c2hvudxoE8APXubVqfUBb6mrTrpZtOztu537//6KDnyujpiw1lZERclsvk4w/HCtuebc8MMAM5jYHsrFtlZKzYo/AtBdGaVZsgYPkO+K/YDf81BxC7LQqPzj5CUuwTJF58gqfXnyP5+t94eu0Znlx+iuSLSXgU+wj3o+7hbtif+CP0Dn4P+A2/n7qN3/xu4daxX3Hz8A3cPHATN/f8hps7b+HGjl9x3fcmbvjewA2fG7ixjcJ13PC+hhtbr+GG11Xc3HQFdzZew3nbcBybdxjRNmG46nQeEQuPY13X5Rhi0Q2WuSw0b8KCn+VFsc/zosLnP6DeVz+idZ5S6FmgPIYVtcTUcnUxu0JDTLeojynlGmC8RUMMLlEbvQpXQ7dC1dCpgCXa5quElj9UQLO8FdAotwXqflcW1b8tjcpfl0SFr4qj4I8W6f5QzAik7zJtkbJVQeJEeh9v310m+0CiHe2Weu3GTcPmGaeCQrT0q2wc8PhxolHxtPbZ3gOH0/XkoinP8g61lI/qmD5nkebhmN4ahbRrLG3IIjbjoOMBQ8egXde+uHT5qiZekFBDYYmVtVH/SNQ8cPgYaF029UO7LK/bsEXXy/LIcX8jO1Cd6k7M9Zu1S5Vm975DRvXTGHts9DLakITKat+tb6p0ejykJRRSfzZs2WayHGt7F7XLRudpCYX1mrYDCc96QiOtj0h9Il702rzS2t6ov1ev3dBEM7FDL40TbbBBOwKLzUcymodE0IRLV4yYoHUL9dozddYCjRNVzKPzP/68CwcXD5N90StPvaaKdmRkseuwmlac09Rpsu/Tv/4yGhM6oZ2JDx09ARI1RXqKiTfyED1w+HiqzUUoX/T5WBC3JwNDtHuL8pgrFJI3snyP0b1GHsh0n8ltIJurn01bfY3SyOnNPS5dpZ7RdOMuA0ZluEzyFJotTRscM3NJumU0atPd8CJPGzb0GzHFcJ7eiz15D9Vt3lHb3ILEIOorra3YvFNfDBo3U9vMYNT0RejYd5jZolL1hq1BAilthEBrmvUYNNYwzVUTCl97OalrFOq1pWTFWmjfa7Dm/Ublteic+plD+Rq26prS3snztXoHjZ8F2iSGvlPHj/pXr0Unrc+0dp/6vTiv1bidloY2/ihUurJuunLVGoKmgNZv0dlkGlHeh4z1hEISkGgNTXPaNWbGLwamhPCUnlBYuLQlWnTqZxi7kdMWIq1xEe0g0UvYlMqg67Ubt0e/kVO0sSWmi1mkbGRE39NYNmzdzeCBS1OqaX094oXqFJ528ribEtaoLppO3anfCEO7iWFiMCtNs+46cLRhPNJ6RhD/tNSBGLP0hEL1GUbjR7YQ+U09T/TGge4NMQ5kQ3oeqh6NghHxrKHym3Xq81Z/ywRHHLM4wgwwA8yAaQbedE1sPZu+y7L0ys/oNRYK31JAywkGr1m1MUKWeiNomS+Clu9F4MpDCLI5jmjPCMR6x+Di7gRcO3xDCzf23cSvO67jpu81XPe+jKteCbi6KQHXNibg+oYEXPe8hOsel3B9XQKuuSXgsns8EjbE46LnBVz0jEOC5wUkeManxB4XkLAuDpc8YnF5XRyueFzAtXXxuO4ahwv2kdg1cRs2DnSB/8w9ODHJG96D1mJag8Gol7sSyn6WH6U++R6VP/0ezb8ugAEFy2JK2TpYVOUn2NVtg03Ne2Brq97Y2LQ7PJr0gHPjnrCq1R7zq7TArCrNMblSU4wp2wDDStXFwBK10KuwJboWqowOBSuj9Q8WaJ6nLJrntUDRIqYfHBll412mVzcbIBFkq89OTYyRX+zTWseNhB8SgeQPiWmBwaflS6mOKY2ehyF5bt35489U6eULx/xOaQKFfI3aLk89XrRslfy1dkzTbsmbSf3I4hfZRN3xVU1P58lPnqBN595GL30kZKofEpzkMVu8fI2aRBMk1Y0i1LKof+ZucpGeUGhqUxMaS73psHKDZVvJ/aKpvOZ8SHztPyT12k2qZyv1NzL6fKoi6brY3TqjefR28z0fc8FofIjJ9GwgGkV9URmQbWLqmOysCt1UpipYi/yUPvRMmKg2zZjsQwK9yKt3H5gqID7hspbPHKGQpnCrG55QufSsUHdH1pt+/LZrMdIL+ZSFq9J8oaYXZ/I4bNqxN0i4ITuSXWgnYApC1KJNI4SHIIkxlvVaGOwn7ChiyjNx7nJDvSToUT3ixZ68Ek2JXKJusZYiCXcknIlzUYaIqS1p7XpK7Z72i7WhbpFPxGSfUpVqG/qmCoXyjsi0fmOHPsNSlUWCg+g7xSRuLrHzTJVO1PmL7TqUr9HIKA9t8iK+X2nCq05uC6Vt0r6nURlUN9l++hIbQ1m067Tctqx0bEooJDunt6EMjRkxQeMv7EbHFEyJZ626/WyUXuQTMU2Vrd5If2OyfiMmG+ohkYo2XhH5KKZ6xY7F8iYtwyfPx+AJs4zSUnrabZzGQk5L4rc6PoXLWBp5z8l1imMSHrPCdH4Sr+n+mb/KGb2Gml7nlxiVN3FJSyiktFMXrTHYb8ZSW43xnkPGG7aad40AACAASURBVK6ZEgpl25IYTOujCpupcauuAzTbt+zcz2Qa4kO9b9Xx4vOs+Tuex4XHhRnI+gy07TFIe/7SetnmzFwxNaaUl8qg5zyVaSpdZl9noZCFwjRhtKxUD0G/eCJ4yWacXu6LMyv2IXT5QQQsOYjTK08h0v4sYt3P49KmBCRsuIgrnpdxw+Mqrq+7imtuV3CNdj52voyrTpdwzTFBC1ftL+Kq3UVcWRuPS3YxiHeORJxTBGKdwhDnFP46hCHWMRwxDmGIcTiDOPswXHAIR7xjBBIcIxBrdwZBS45i61AXbOpng6WNxmFk2Y7oVKA2qn1eCJaf5Ea9L/Kia97imFGuFmxrNsP6nzpiW8vuONCxP050GwK/7kNxottQHOk6DPs7DYVv24HY2Kwv3Jv0gmPj7rCu3wmr6nWEVb0OWFq3HRbVbos5NVtjZrXmmF61BaZWbYHJlZuhVPFKadows29qqu9MeKSRZkAiWvlqDVIJJbI4o7bTlOhhVLCJk3MxcUY20dsF1kTWVJepjbJQSJ5o5n6E+LV42Wpzs2jpyF6ylx95zKkf1RtTFbcoPU0BldtOm2uoXmMkrKoCjDoW4jw9oZBspbehhN50WLU/wlaiLorTWtNQzU/nVD95o8llpNdmUY48zhnNoyeAqQyqAq2o11SckXER/aXpuOQZKX+IAeEpKdKJWM/7UM6rHpONhKickftA2ELPTvKux+SJrPJJbSBbkDeuaLeI9bii8szlWZQjx5XrNjO89NJLLnkGiu/pBZy8m9QXZkonewbJL/Ekboj0JE6IstRYiDiUVggoVN/CNa6G/LSxippPnMtTgUV96cVyO0U55OFF/Ukv71K79YY0qlBoTltkgUed5m2qbrILeQeKttLfCNk+5K0mvhMxCTFyeXoCiTzlm+qwqJ71dpkW/ZGFQrKhvJGObBuRXo5lRsluYpypz6pQSOwNmTDHyHayHdVjvRcLWZhS09O54JzaKPdLLy1dI+9YNa06nsSEvGu4qbLoOglo6Ymrsv0+5LHMKLVd794V7ZOFO5lneTxUu4m85oyDsCmVLXs9i+tqTP/kkJ+joi6Os74IwWPEY8QMZG0GhFBIz903FQtlkZDK0ft7/qE4YKGQhcJUP+wFjGXKVUfgYlcE/uKO00s3IXyFL8KX78LZZftxdulRhC31R6RVCGJtIpBgfx6XHOOQ4BCHBPs4XLSLwwXbGMTZnEec9TnEWUfjgnU04tdE48KaKMStjkTcqnDErj6DWNsQxNgG/RvWBiFmbbAUUs5j7YIRaxeCGLsgxDudRpS1H/aOX49NA1ZhTu2f0b1AHfyUqzhqf5oXzb7Kjz75imNptUbY2rIbDrTrg6Od+sG/20AE9xqCkN5DEdxrGEL6jERAr1Hw6z4Sx3uMwqEuI7Cv01Ds7TwUuzoMwvYOA7G90yD4dh6CbV2GwKvTEGzpNFiLN3UcDI82A+DWoh9KlPz3ZVbY70PFemvR3bh5Sxtn2uxB/ezae1CXgbcRCklok9dI0xPa1HaYOpcFJLJpRgQSmuZMAqkq3lBdVC554CUmJetWLXtG6e2qK2/ckJYQKnacpba37NAjleejOZuQCJbMEdCEKCTyUKyKmHoeY6pQOHridF270MVnz56nWodPJFaFInPaTHlpPIRHYUbz6Algsh1IXNP7kJfccb9ToPtD77N0pY3uvSHbVj4ePHJCKruo9hDpaeq6noer4JLy6X0Edxm5D4R3pZ6dRPvofqfpxuqH7mVTa1/q3VuqOC76a25MXj3iRVcIE5RX9dIRafRi+SWe8okNBWinVpo2qdeW9r2GGurVBIzXXoo05U/UMXGelW5eKk9PnKMXefIcJBGIvHrUjVJI4JPbQ22VvRqpXhKiaJMWyk/rpMmed6Jd5gqFQyfOQYPWXUFChlhzkaZIUjtFWXRMtihbtb4Weg4x9mhSPSt/HjPdkJfSqrZV+6w3BpXr/CsOazYxsYyBWvaHOJeFnP6jp6FL/5GG/o+dbXp6O91fwmOTbEzTQmVvV1UolMUmGhvy2CRPy1KV6qCsZT2o40JlqtOAZWFKjO9CazetHJpm36pLf4NXn9wvkZbKJP5p6jlxTGI62VxOqwpearsHjp2hTWUmzolh8lYU5VOclvie3viSoEweeOo03PTyvcn3Lbv0N7SbxsJUneQNTDuyiz7KOyTL46HaTbRJtq0oY+qi1ahSt5k27n0lL1HxPcXUJhL8iY/aTdphwWrjneDJM1XUwXHWFh54fHh8mIHsxQAt+SCexxkVC1WRkMrKSuPPQiELhbpAkvCxe9pqhPzihjNLPRCxYjMilm9D+DJfhC/Zg4ilh3B28WGE/3ICUUtP4dyyIMRYhSJ6dQiirEMQZRNsFCJtghBpE4go25QQaRuASJtTiLY+iRhrf8RY+yHG+gTOr6Hgh3PWKeG8jT/O257E+bUncd4uJcQ6nEKsnR8SHE4hfPk+rO+3GOOrdEL7PBXR5KvCaP5VfgwsVApr6jTFgc79cKJLf5zo1BcnOveBf7f+ONl9AAJ6D0ZQv2EI7DcCJ/uMhH+fUfDvPQYneo2FX++xONl3HE71H4+T/cfBr99YHO83HicGTITfwMk4MXAKTvw8CSf6T8ThvuOwr+c4uLYbgoLF9ddoy+wbfuHSleq7vrYLLLVDT/AisUydHktp0xIKae0zEh1I+KJpjeqHxI5ps1O8d4ilR48eq0m0830Hj4C8sGjqKIkZeh8qS/bKS0sgoTUKaQrwgiVW2g641F9aq079qNOLqa0kiMgfqpeEH7IF9eHJ06fy15qXlbAbtV9PfKMMZyOiDPeY3nRRWUhMjxVVQKM20zqI8kcVdvSEYxKHVfFUFgpp7PWm6ZJNyDtT8OEfECxXbTimdf5EX9Q2i0RUFk1jn71gKVassYPXth0GT7SM5tETwGShUG+KrOoRSm1QP3prTIp+6cV6996Fi5cMtpDz6Hm5kggomKK0Lus2qk3SprOTxx6N0fCxU9Cj31BtPUI5IdmWpinT9yPHT9XuVSpPz04kFJKna1DIGbkI7ZhEP/IalNstH+s9I6huPa9WOZ+pY1nU0zaIkDYgkdcPpB9ktM5a+Zo/aSKaEFzEDzVZKKS6hNcNCR9iqqXcBrleKkNeb47ECMpH1+llvKSOZyWVpQqFi23X6U5DkQVJKlcWiEjoEX2gmERDsrHcVq0/o6YapUtPKCRbmpp+OGLKAkNZlK5U5dQbO9GGD8IGqn3kqZKywErtpLar3mVUjipoyWu3DRqftX4kq7aXhRz6QU9Tq4VtiA95POW8tPaiGFsaL/IcFYKSygHZTYiKlIdYIgFKLo+OyfuWxkyUqwqVsjBFafqPmmqYlq+WJfeL0tI0W1nEltPLaWXBi+6jCXP+nb7fc3Bq4ZjKkcXwNx1v9T6q1vD9bTZEvIoxJtuQV7NsD/mYxHgxHiTyy9Or5fGQ7Sbnl22r1aUsEUBpZdGS0pBnqjrlTb331KUG5Dr5OHuJEjxePF7MQNZj4E3EwqwuEhJnLBSyUKj7g2dZ/8k4vcgdZ35xR/hyT0Qu24TI5V6IWu6DyGU7ELViLyKWH0Dk8kOIXH4UUSuOIXrlCUSvOoEo62OItj6OaIptjuGc9VFE2RxBpM1hRFGwpXAIUbYHcc7mEGKsjyB2zRHEyMH6KM5TsDmK82uPIcbuOGLsTyDWwQ/xDsdxyfEEEuyPIWSRF+Y27I9O+S3R7NviaPlNIfT/sTRW1PwJu9r1QECXATjZqQ+Od+iFox164EjHnjjSuQ+OdRsAvz5D4d93BPz6jsLJfmNwst84+Pcdj5P9JiDg54kIGjwZwUOmImjoVAQNm4ag4dMRPGIGQkbMRuDQGQgcPA2BQ6bjyM9TsL3XOExrmXrtpQ/xMI+9cNHohV+e+qgn2tGLvRDE5PbSD0299db2HzpqxAyVef/BQ6M66UQIT70HjkjlZUXf6228oU6ZpnTUPnOEQjsnd6N2UV/0+kv2oHXY5L7SsZ6YJHtbngmLMOqjbNe0xEtZiD18zM+oDBL1TE1LVdtH56qARm0g+z5//tyoXHlDCVsHV6PvqE6ypypsivGiesjbjdKpH7219mLi4tVk2np2JD7ptZkSU9kkcOn18U3y6AlgslCot87izj0HUtVPAteEaXMMgco11Ua96zPm/ZLKFnI75Dw0lZcEbRKPKZDIKIuElJbuQfJ6lD80DVhNp3JB94we43p2ovK3bNshV6EdUxlC7JfbrR6TuKl+XD02ZchuokxtPbvXG3TI3nskQMjrFtK6XSIPxVo+yYtHFQrFC7oqyIgyKtb6V6BTvYVUEbFj3+FGdYsyVKGQvLDEd3KsikC0Q7P4XvamVD33RBqK1TalJxTSJityfnGsej/RRhbiOzUmYVYWQMSUUbnfqrirCiwiv2xD6ossHJlqq9qeD3UuCzlC7JHbr7JJ7VT5pfUvaSqr1WvWVS7lOug72lTEVH/J00/YVWVXcE/f00YcxJ6pcuQ6aRxNecxRfjmtsIHoJ20IItojj7NcL4lnJLhTeJMpsWRPeWMRqu9NBUe5XXrHdI/I/4ggUc7UWqXyzsg0bsJrV5Qrj4dsN/E9xbJtaRx+LJPyd1ROo7EjPe9kz2s5nTn1yen5OOuJDzwmPCbMQPZhICNiYXYQCYk9FgpZKEz1w7F3024IW+CG8MXrELXUE9FLNyBq6SZEL/dC9ApvRK/wQbTVdkRa7UDEip0It9qFiJW7EbFqH6JX78f51QcQs+YgYtZQvB+x1vsQa70X5633IoaCDYU9iLXdgzibvYhbsw9xa/YjzvrA63AQcTYHEWO9HzG2BxC79hDi7A8j1u4QYmwp3V7E2+xD5DIfePSbjS75q6DxN8Xw09cF0SlfMcysXBubW3XBkY69EdC+F06SSNiuJw626Yb9FOi4U18c7T4Ix3oPx/FeI3Giz2j49SVPwgk4NWAiAgZNRiAJhMOnI2jkTASNeh1Gz8LpcfMRMnoOAofNRAAJhYOmYNfgSdjQczjqlEz9oy4zH/J6UwFpt1L5BUFvXTSafqm2k/KoQqEsjsnpVaGChAMhPOl5WYnpjnIZdKw3HdMcoVBMrVbL09vkgkQq8rSSBaHxU2drXm2q4CGmbFK5eh5ncxct1+ymCoByOVQfiYFkz+s3f5W/0qY+C0FNbbveuWpnsg3tfquOqRCT9MYwOPSs5rmnTnsV40X16o2ZKFNt15BRE4z6RCfy+Kptpu9lAVYtj84zmkdPAJMFOqs19qnaSBfIs5TYJy9UdRdrvXald412/VY/cjvSy0/fk4BIG6/QZird+g5Otbs42dYcoVAW10W9enZS2yvO1zq6pXomiHLkWG+sZJbktOkdy6KT/CJNYoLwsNLEKIvqqdomTxFWhULx8q0KMqI9wuOQBAfahICECPEdxbL3Ek3pEyKZnEZue4rQUtOoDJGWytbbFIGu007LQmTpM3ySbn5RjjzFMy2hMC3BUdiF6lTLEPWIWPZ2pLTCU4raLYu48jp9wm5kd5ryLNbkk20sr/1mamxFG7JCLNtMMCp7VepNraZNX8gGZOcUNmoZeaCqXMoCj+qlqdpAFrKoHNn+cjnyFFi1DDqX+0Xjqd4Dch45rbCB+J6mGguGqT10X9K9Ib5/F7F6D1F95C35LsqWy6C/n/NWOhn1h6YAy2nEMaWVvWdVu1A6eTz0vqc0sm3lf5aIeiiW+6+yI6eTuTRVn5yej7OPIMFjxWPFDGRNBswRC7OLSEiMsVDIQqHRj56qleoifIErIhe64vyS9Yhd4omYJRsQu2wjYpdvRuyKLThv5YVzVl6IstqKCCsvRKzciohV2xC52gfnVu9EzMo9KWHVHsSu2oO4lbsRt0oKq3fjwupdUqDz3biwZg/iKVjvQbzNXsTb7sPFtfuRYH8QlxwOIX7tfsSs2gH/yfbY1m8OltTrjV4FqqDhlwVR84s8aPSf/Pi5uAWsG7bEznY9cLhtN5xo0xXH2vTAoVbdsa95F+xu2hl7WnTF/tY9cahDfxzrMgQnug+HX49R8O85BoF9JiBo4FQEDJuBgBEzETByFgJHzUbg6DkIHjsPpycsROi4+dq1U8Nn4PCACfDuOhgrGrbB9Ip1sLJhW1Qur/+CmBkPdT1BRIgy9EOW2qC39pyeCKQnMumlozLTEgv0vO1MrcunV6c5QqE6jVTYOiPCiBBI5FgWefRETLIttZnEWPEhD0J1OjCtdUcbRbx48UIk02Kauivaak6s2plsQ55jrTv1MvIApOvjJs/Spo3SsfjQMXmP6tlFFncyMmZUlio6kpglNr/Qa7OeB6vc/4zm0etPemMnbCLHtPZiTOwFDB2dtkgjt1U+1vPMk+0qpxXHNH60hqTeJiJy28RxZgiFpoR30WY5VseK2qnneSrnMXUsi23y9F/Z09CUUEfTY4VAoQqFwutK76Wa7l8hQlJ+vV151Y1O1Kmz1B+57WntgCu/5Gv1tUvZSVa9npZ3H9VHawuS6ERlqCKfuW2RRQkqh4RKWl9HDbQD8/xV/wom6hRbIQhSGcKjjvojBESxmYKYlioLgvLmNbKAaIqRD31dtpkQX4ghWSRSx072xhQb6shjpHIpC0rpecqp3Mjsy+WobVLtKPcrvTrltMIGojzaPZs4UAPdEwNGTwd5jFLfRfo3jUkEI7tRPSRAl6ta/63LlNtCdpWFe6qH1nSU08jH8vR5jW9p2QSRTh4P1W4ijWxbU+Mgj7nKjiiHYrksU/XJ6fk4awoPPC48LsxA9mIgLbEwO4mExB0LhSwUGn74kJfEoSkrELXABTGL3RC/dH1KWLYBF5dtxMXlm3BxxWbEW23GBastiFu5WQuxq7wQu2orYtdsQ9zqHbiweg/iX4eLa/YgYfUeJFC8ZrchvrRmNy6v2Y0r1hR24or1Lly12a2Fa7a7cdV2D66u3YNrdntx1W4fbjgcwDW7fUhY5YuTY1dhS9eJmGvZFq2/Loo6X+RFjS/zoMl3BTGsZEXY12+JHS06Y1+LjjjYujMOtO6GvS26YmeTTtjRuCN2NiGxsAf2t+qNw+0HwK/rMPh1GwH/7iMR2HscggZOQeCwGQgcPhOBI1KEwqDRsxE0Zg5Cxs5F6Lh5oPND/cZifbOuWFmzGVbXa40NXQbg0LCp2DViKgooHimZ9ZCnNfre5EMCkrqumJ5opydSUN/0xAIhkOiJTrKII9tGr05qm+wdpVee3rRjKldPQMqIfeR20jRmdRqoWFNOnsYbFhGNvoNHGVVzKihEdzqv8EiUbZDWsWpn2Taqt2LomTDQWpLyh9pPNtazixgvql/PxrIt5Dbq2YXaZWpjErnNcjnycVr9lNOJY73+qO0lD7mMfGgaPNlK1GFOrOdZeuDwcZNlqONjTvv07kFz7aVnJ706yXM4rbUJZVuodVN5GVl3Uy5LFk+adexjsNvbCoViSi+9VKtrFMpeNyQGUBoSNUQgEY7WiJOFDz3vJbntqnAn91F+yacyhbCjXqcNTOR86nFa9aX1nVyOLCTI/UvvWLWjPHVbiH3ytGaxdp4QbKl80T9ZZDQ1VVVu84c+lm0miy9yP4QNqK2yxyTZzbJeynIG8hjRdXltQ1lQ0mNNtoHKjeCJ0sjlyNfl/OLYVL/E93KcXlraoIT6lBZHtDYmMSKXm9Fj8mqlMsgGGc2bVnoqb8LcFUbtN7XeIpWj/SPh9TRy6rP87JLrkXe9NiUCpmdbKk8ec5UduT5zypLT83H2EiN4vHi8mIGsy4CeWJjdRELii4VCFgoNP7CGte6F8wudEbvIBZeWeuDKsvW4stwTV1dswNXlG3F1xSZctdpsFK6s9MKVlVtxddU2XF3liytrduAyiX5a2Imr1jtxzWaXFq7b7IIWrHfhhg2F3fjVZhd+tdmJW7a7UsLa3fjtdbhltwcUfrXbjduO+/Gbwz5cX+WDyClrsb7lEIwtWgstchVCjc++R7Wv86B57kIYWaIi7Gs1hW/jDtjVrAO2t+yAna27YHvLrvBp2hk+TTpie9PO2N28B/a06ImDbfvheOchONF1KE50G4ZTvUYh6OeJCB4yHSFDZyB42AwEj5iJkFGzEDJmNkLHzsHpcXMRMHwaDvUZhV2dB2JXlyHapiYnBk9F0Lh5CJ20EEOapf2S9z4e7uaKAHrCAF2jKalyu/REOz2RgvLoiQVCeNITnd61R6GoS24/HZuyCQl76QUStFSbqP0kD8vJM+cbmZQ28iDvwZcvXxquk8ehOp2XpiSb2k1W7Yc4V+uXRTe1fEPl0oGwk55dxHdUV0bGjDajUTdGob7RdSorrTaLfqlxRvPo9UcVCqkOEpxVQVUyT6pD4Y2rts/UubP7hlRlyNPX5Xx6aVNl1rmgdw+aay89O+lUoV2S19aU260eq3VTZpklNX1a57J4Iosw9CwSHluyN5pcliyKyDup0ku18AzSyztmxi9GgkBa4ob4Tm96qdz2dyEUyn2Q+ymOZSFOrc/ctshCAvVt4RpXzF/lbBBJhViqxpSGxFvRFhof4ZVJNqY13GjnVWEvseOqvMOyEErE+n4keOh5aoo6skos20xmVBazqS8WNRpp9pGniMvrBMpjpIo9MsvCTqb6L4tGZG9ZEJTLka/rlWWqX2+atnAZS3TuOwKzltkZOBA8iJhY0ds8R6/OzLw2Yuq/G/xQW3sPm2hgXa8d8jOE+kReldUbtQF5OYtAnrM0lVj0nZYfoHR1mrbXvINFueaMgzzmKjuiHIrNKUtOz8dZV3TgseGxYQayHwOqWEizNcTfAPouO4wpC4UsFGqgli9fE3GLXRC/2AVXl3rgxnJP3LTagF+tNmrh1spNuLVqM35btQW/rfTC7ZVbcXuVN26v8sGdVdvxx6qduLN6J25bb8ctWx/8ZrMNv9n44LaND3638cUdm+3403YH7truxF0t3oF7tjtxb+1O3KVgtxt37Xbhnv2elOCwG/cc9uC+0z7cd9qLR64Hcd9xH26t3Iqw0cuwq+s4jCtaHc1yFUSNL/Oi6te50SLPjxhVvALWVm0Mr4Ztsa1xW2xu3hZerTvDu3VXeLfsCu8WXeBD3oWtemBv29442LE/jnQZiKNdB+FY96E42Xc0ggdOxOnBU3F6yFScHjYNZ0ZMR9iomQgbPQtnx8xC2NjZODt6JgIHTcSJfqO13ZHPDp6JiJFzET52AQLGzIL/mJkoV+7tp9dk5CGitxmHKRFA7zoJEGK6KNX7PoVCWvuQylf7p7dDryyGUXo9EcuUMKG3RuGVq9dT1au2w9S5KgqSIBYRdc5gTrmtsiBFQpq6qzPtKqxnA1N103VVlJHro7UO05q+SsIl2ZfK0ROMZBvqiY6m2ks7X5Md5I88RT2tNpvqa0bz6PVHTygU9VWq2QjT5ywCrSl489ffdDfbof7oiXKiDL141oIlshm0Yz1RnMadhDj1Qx7B5NlL09wt6zTR+FDT6bXJXHvp2Ultg3x+MjAkzXuF+iFPuxd55V2v9exk6postsjrc9GLsZjGSj+y+o4wnhpOmyKIjSHoe3nasjy1VXi2ifplsYby0Uv3csdNJoP4gUexvAkJlSeXpQp3oj6K5Zd8KkcIOHRdCJra9fZpb45VuU4zww9OtT5z2yILCdqUbp1nstz2tI7Fbq9kw0q1m6DviMla++hceHFSH0mMpP5p9ZWsZFi3kPpgapfdtOrN7O9km8lCIbVD2ID6R2v1UX/lTTfkTSfkMVLFHlngU+tQ+5uKm9dT2SmdXI7gTM0vztPql0gj4oykpTzk+VelbnN06T/CICiTjSio96So40PF8jRxap/6rFHbpdpf9Csj8ajpiwzPWXNsS3WKdU5VduT2mVOWnJ6Ps58QwWPGY8YMZG0GZLFQ/F3ILiIhscVCIQuF2g8U58GTcWmJM24sc8NvVutxZ6Un/li1EX9SWL0Jdyms2YJ71l6vw1bcs/bGfRsfPLD1xUPbHXi4dgce2G3HAwdfPHTwwUMt3o5HjhR24LHjTiQ6ScF5J5KcdyHR6XVw3oUkl91aSHTZjUfOu5HouhdJbnuRvO4AEt324Z6dD377xR3+Q2ZjbNGqqP9lAVT5LA9qfvkDWn5XCMOLWGCVZUOsq98aG39qiw2N22Fbq+7Y3ronfFv1wPZW3bGzVXfsadsTBzv2w5GuA3Gs22Cc6D4U/j1HILDvGAQPmICQQZNwZmiKUHh6OAmFsxA+Zi7OjpmDM6Nm4ezoWQgbMxNnR89A+KhZOD9qAWLGLUL0+EU4PWYeAsbOgVX3QYYff+/7QU4v7LIwJV7Yac01Em3UQGKD3ofEE9FWKlPdzERPpKD0qlBBZQvhSW9NRBK41KnOVI7HRq9UzZLFMEqTEaGQhDF1XcC0PPmq1G6siTQk1NDacepGI3rec3KDZYHMZ8ce+atUxxn1VtOzs2obdW1EuVKa/kxlUNATjMR40fd6O1WrdYmy9OqU7aCyYaocUR7FGc2j1x9VKCQRXARiW66PzmkXbvVjinc5r3ysJ7DSdG+VIz1BnLiUhXoqV/VMpfbptclce+nZSQjIessW0FilNT1eb1dxyiOmncu2MedYFlbUTTgateluEMbox9agsTO16ZoNW3U1Egnpu6mLVmsbjpSsWMsgRNH12o3bG4277O1F9dG0EFPtpLYJ7zcqi3Z3ldPKwo8q3Mnp5Jd8KkcIOHRdFkPTE1BkEUitz9y2yGIjrTsoBD25veYey+NDG2cI0VNdU1JsHEP1NW3fy7DOYnqCmLnteN/p0hJfZFGa1s0jbzEScmicVZ7lMVLFHnm9Oz3vVbmP8kYpVI7slSkzIjiT88rHafVLTkfHGUmr5iXOaazJJhQ0gVh5Hqt5Muu828+jDe2ittGaiunVTf2RxWDRr4zEYt1Kqssc28rPEJUdub3mlCWn5+OsLTjw+PD4MAPZkwFZLMxOIiHxxkIhC4Wo8s8wagAAIABJREFUV7URbixzwa/LXXF31Xo8WO2JhzYb8NhmIx7bbkLi2s1ItNuCRHsvJDpQ8Mbj1yHRcRseO/og0ckXic7bkeTsi2QnHyQ7+SKZjl22pwTXHXjivuvfsG4XnojgthNPRHDfiWT3HUhy34HHrtuR5L4TSet2I9ljD5I9diNp3U48sNsEv6HTMbSgBap+ng8VPs2LOp/nQ8v/FNSEQqtqDeHcsA3cG7XD+kY0/bgn9rTujT2te2FP657Y17YXDnTog6NdB+BEj0Hw7zUMp3qPREDv0QjqMw5BA8YjePAknB4+DSQShgydhtMjyItwHs6OnY+zY+fi7Ng5CBs/G+Hj5yBy/DycG78YMROX4vzEJYgYtxAhY+Zp05BrVk7x4HrfD3e9jTaEAKBXNwkj5CGmfmTvp3clFOpt4kH1kpcd7T4s2rfS2l7Xs0sVljIiFFLZtI6g+qFrqnhj4+CiJoMsrlFZZBM9QVZklO2ntxuwSEd90hNKhS1MxekJQnocUJ1Un7zmnJ5gJAuFprwTybuNduQV7aOxoLLVj7wuX3ptFmXJcUbz6PVHCIV6HJMoR0KwXGeF6g10N2UpUb6GUTo5j3pMZarelSRUqwIgCc7yupZkP8pHno6iTGr32Ygo1bTvXCgUoq4pEZzaRbYR7ZJjsru6kQ2lr9u4jW56Oa+pY3n3YjFlldLSyzGt/WbuC7gQaER68tqhMkS98ss2pRk+Zb7hO5FGjWUxTJ3GLAs/qnAnl6PWKws48hp+1H5TO6xqnpdOmwy2UOszty3EmJgyTDZIS6wjAYq+Hz19MXoOGWdkS+qf7A0qbE6xunuzLF7I6dKbai3b8EMey+1X7UVjKwRSuW90rK41KI+RKvbI4h/llT1k1b7L02RVMTKzhULanZw88PqPnqYJ+abWIJQ3PMkqQmGbHoMM9xPZXB1b1e7yedsegzB4wiwMGm86kE2spHt2ucNGTYikeuRnQFp8iTrlZ4jKjkhDsTllyen5OHuKEDxuPG7MQNZnoMuAUaCQ3caKhUIWCnFk6mLctfbEw7UbkWi/GUn2W5Dk4IUnjl5IdtqCROctSHTxQpLLViS5UvCWwjYkufkg0c0HSe6+SHbzxRM3Hzxx9cUTVx8k03XXlEDfURDpH7v7gELi6/DI3QeP3Lfhods2PHD3wUOPHXjkuROPNu7Co427U2LPHfjT0RMHBo/HgPylYPlNIZT7Mh9q5SqINt8VwdhiFWFdtQGc6zaDa8PWcG/cHt4tumNXq17Y26YP9rfvi0Od+qWIhD0Hw7/3MJzqNwoB/cYgUPMknIzQIVNwetgUg1AYOnwGQobPwumRc1LEwtFzEDZ2LiJIJJw4D1ETFyB60mKcm7oU0VN/QeTERTgzYT6CJ8zH+kFpr23zrh4Yep54QigxVYfeDq2yuKgnsOh5M1H5qrBD6oYsPOlt8iAUEPJaTExMEqep4rcVCk0JduRtuWmrL9Zv3Aqajqx+TIl5vrv2qkkN5/ImDnreYCKhnnhkapzk66qdVdtQWj1hlKaH0niKsvSENXm8KJ2pNfSozouXLuPXW7dFd4xiVSgyp82iXSLOaB69/sj8X75yzaiNdEJC9Wbv7Rg5fipIJH706HGqNBmdpq4nipO9+gwaabA99ZHGQp1SLNpE4vSBw8eQ/ORJqvbQBb170Fx76dlJLk/PI5LqJG9DMTZyrE7Fp7RCeJTTZeSYBCkhsqjeVPSCTIKf+F7E9LJcq3E7yEKe+I5i2jhB5p/aI6+XR2lUb0O9NsvrAlIeWciUhR9VuJPLkl/yqQxZJNDKkDZFEOudyflp04tflM1V1PrMbQuV27nfCCN70q7F1Ea5TovqDUHCBrWXgp63I+XRE8mqN2xtVJa8uYcoj7wLS1SoZZROrj8rHacnvpCXpOiXiIlPsqHcD3mMVLGHbCl7l1I56o67lIbEJ1EHxeTJKdeR2UKhJha/3omb2qMntlG7J81faWi3vG6j3PbMPCaRWraj7OH3LtvBm5lk/Zf5dzneXBaPNzPADGR3BlgozOFCYYPqjXDXbj3u2nngkdNGPHamsAmJzhuRRMF1E5JcN2sh2W0zkt22INmdgheS3bcaQpL7VjxZ541kD28krfdGkoc3Ej288dhjKx6v25oSr9+Gx+u3IZGCpw8SN/jg8UYfPN7si0da2I6Hm7fj4ZbteOi1Aw+9duKh92482rYHj333aSHRdw8eePvAb+osDC5cFtW/LYhyX+VD1Vz50S53MUwoUQm2VerBueZPcKvfAh5N28GrRWfsaNUd+9r1xqFO/XGs20D49xyCU32GI6A/bV4yDkGDJiJk6BScGTETZ0dSmI4zI2Zo52dGzELo8JRwhsTCUXMQPnYuIsfPR/SkBTg3dRHOzViKczOXIWrmEkRMW4ywqYsROmUhzsxYhtqW+t447+rhQS/AeuuELV1pY/TSoNbXsceAVN5P9KK/xMpay0flvoupx1SvKW8lqi+9jyqGZdSjkOqPjD6fXjWpvr9w8ZKu/UwJj7RTrLw7M9WbcOlKqnLpginhRR0j9dwcQUhPvFll62jUFz3BSBUK9XYz1u2MctHbd5dRXea0+U36KefR648sFJoSwJSmG50Sd2/i9ak3hddt/SYjm1Dbg0LOGNVn7oks7AkbmGtjPTup5ZlqF03NFvWJmNZ4VD+yV61Il5GYhAR5ii9NMVbzl6vWEDRtuGWX/mjQsgvIk0mkIQGQxC/yZKNNCKo3aGX4TqShWH5pVwVJOZ16LG9cMGOprUFUk4UfVbiTy6D+ifXFSJyQhUJKJ3tUCvGC7EEiEAkY4pocq/WZ2xaqj2wnexVSuUvWemhegz0GjcU0xYuTRC1TU5Rlm1I55OEmj42ww4Q5y436QXZUhVyRNqvF6QmF1F+adiyPD4l+NO5yX+QxUoVCSkeCOV2Xy5lj5WjwWlPHjOpUbZ3ZQqF67wqWiAsS4+h+JPFb7lPD1t2M7CLbKDOO5R27RbvI8y+ttUppXOgeziiz8njoiajU3/T4ojTyM0SPHWE3c8oSaTlmQYMZYAaYAWZAZYCFwhwuFG6dMhO3Xdzxh5sH7nqsxz2P9Xiw3lMLD9d74tF6Tzxe74nE9RuQ6LkBSRs2ImnDZiRv3ILkTV5aeLJpK7Sw2RuPvbzxYNs2PNjmg4e+vni0fTse79jxb9i5E0m7diF5z2482bsXSfv2IvHgPiQe3I+kwweQdOQQko8cRvLRI3jqdxxP/f3w16mT+DsgAH8HBuLv4FP4O+QEwm2sMapUBdTOlReVvsqPal/lR8cfSmBiqcqwqVwXztXrY329ptjYpA28tN2Pu2Jvu5440rkf/LoPQmDvYQjuNxohP49D6OBJCB06BaHDpiJ0xExtDULavOQsrUU4ioTBudrU49PkVUhTkEfNRcSY+YiasADnJy3G+em/IGbuCpyfuxzn5i5F1JwliJy9BGEzl+Ds7BVwGDT+vf4Q1hP80pouKB4CpoQgIZDRj2BaX03+kKigNxVTFSoojyo8DRw+LtU0RblsOiYvqzNhEUaXSbCR1zx7E6GQ+kIChrkfaoc6XVTYTc9rjMrV86TS89qktHqiiyg/rVi1s2obykvjSsIxeUz+/fczPHiYui8kGKlTRtXxorLKVKmjbfZhrt3I21Jtvzltfts8epvWyEIhlb/v4BFzu6Gl23/oaKq+qO3UO9fzxLxx81aqsoijx48T02yTOj2ZEuvdg+baWM9Oank07fzJ06ep2kVCuDx9Xe/5QJnEPxr0bGPuNXVzEhILM/pSnlZdVJbYRZnEAT0x0lT++i06G4QOekkXnmLy1FsS7mgDB70y6CVf9rxThUL6ntojRAtTMa1zIzZwUeszty2ifWRv1UvRVL2tug7Q7ReVJa95SPnVdRxFffLakJSOvBjFd1k9Nkd86TV0otH41W3eMVX/5DEijvTEV9oxVxXW9MZlse060BiqtpOFKZUzNa05/RJ50kpLXrfUHr12qteGT56XSkAVdWRWXLtpB7PaqrZdvefMaa88Hm8rFIpniCl2qD1pjZM57eU0LBowA8wAM5CzGWChMAcLhRUq1cTtLevxu/cGPNjlhYe7vfBojzcS921D4gEfJB70wePjO/DIfxcen9yNxFN7kRS4D8mBB/A0+BD+Cj2Cv7VwDH+fPoa/zhxHcvgJJEb7IencSSTHnMLT2AD8FReEZ/HBeHEpFC8vn8HLKxTO4uXVMLy6Fo5XNyLw6mYkXt2Mwqtfo/Hq1jm8+k2E83h1m0IsXv0eh3/uxOKf25G44OWBGRWqovV/CqD+14VQ5+uC6F6oLCaXq4ZVlnXhUqM+NtVrAq+GLbC1cVv4Nu+E3a274VD73jjR+WcE9hyOoJ4jENR7NEIHTETooMkIHjIVwUOnIWT4DJweOQtntTBbEwfPjJgNEUgoDB+zAFETFuPc5CWImb4MsfNWIHbecsTOX464hSsRu3AlYhauRvTCNQifvxoWFuavc5bRh7Ket5QQ+9IrS28arRC86GVaXY9PfKeWq1eO6sVGeeo1bafrZUeCFwmEJELStEv5Q6Jns7ZdDS9BepujyFN+1bbJ5yQypiXOkEBobe9iqEvOKx/HxMXLTdSOQ06HpcpHwgr1Tf7QuSy4yOWmd6zaWc+LMb0y6Hu9NfLSEnjsndel2hRG7hOtd6lOrxXteJM2ZzRP+WoNQNPm5Q+t7yfaIGJiR2VazkNjQ16gXXoPTJVXlJFerGdbdTq2KINEXdpZWGWE2kSeibTmpOqhqHcPmmsvWl9StRMxX8zCeId22syG2qx+aOdu0Xb6B4Xa7jedUi/KlOM6zYxf4BescYFlvRaG+uW0GT0mr0MhwNCLtqm1APXKJa8tWQgRa+vRlFrhSaZu4CGXQ0LghLkrDOJEveaddPvUtGNvgxAoixTk7UdTrOn5LKYDq/WZ2xa1XeSFSfaQ66NjujZ8ygJturacRz0m28iebs069tHtG02fflP7q3Vm9rm8vp4pgZn6R+NEzE5fYqMrGstjRLYoUaGmrq2KWlTH8MnzU42JGBcSn0yJ6O17DTXkS89zTxZ5TfVL2Noo7fjUHr/EOK3FJO4HlSfyxqOlAkR5HzKu2bitwUZqO9M616ZMF9f/Z4Cp/sjjQdPG9dIZ2VbHm5rykH3Feq00bV9PJKZ0ct/SG1O9tvC1nC0Q8Pjz+DMDzAALhTlYKJw/YQwehx3Ak+ijeH7BD8/j/fAi4SReXjqFl5dP4eWVU3hxMxDPbwXixa1gvPgtFC9un8bL22fw8vczeHnnLF79fhav7oTh5Z1wvPojAi//jMDLuxF4eY9CpBZe3YuEIdyPwqv7UfjndaDjV3cpROPl3Wi8ukfhnBZe3DuHF/ei8fwuhXN4dvccnv8ZjRd3IhC/1R0LKldD79xF0TRXftTPlQ8Di1XC7Aq1sLpqXbjVagSvBs3h07AVfJq0h2/zztjdqjv2t+2FIx36w6/LEPh1HgL/rsMQ2HssgvtPRPDAKQgZTGLhdAQPm4HTw2fi9IhZ0DwJh89KEQq1qcdzETZmPsLHL0LU5KU4P205LsxejgtzViB+nhUSFqzBxUXWiF+yFnFL7RH1y1qM79xf90dhTn0Ik2BIa8O16dwbfQePSrWxyPu2C3koLl+9FouXrcaiZaswe8FSNG7VmcconechiYFktykzF2DBEittB+rsaDfaNGTc5Fna2NP4r1hjp/FIHpTvgj3VK5YEN1oP01TZJJDTxj7tuvZF/yGjQbsim0qbVa4fPHJc1REhb2LzLtpJU4vVl3WaxtmgdVcUlzaZKViysraZRqU6TbUpui069cvy9jPXPpVqNQbtpmtRoxFKVX43fKZVd4GSlVC5dlNUrd9SC+Vr/mRSiEqrHP7u3b5g/FimiiaU03jQ+BATpgTCrGT7spb1DCzR/UlTrrNS+7gt75ZTtifbkxlgBpiBj4cBFgrTeTF+17BnFYPTtKgnNwPw5NcAvLobgn/un8bLe6F4ef80Xj04g1cPT+PlgxBDePEgFC8fhILiF/elcO80nt8LxfO7KeHFH6F4eScUL39PCS9uh4DC89vBePZbEJ5TuJUSnt0KxHMSIq8H4vm1QDy/GoBnVygEauHJ5VNICQF4cikAyQmnkHTRH8nx/ohztcHiipYYmLcYWubKh+bfFsI0i9pYXqkebC3rwqNOU3g1aoMdJBC26YXd7fpgb7u+2NMmJexvOwAH2v6MQ+0H43iXETjZcywC+k5A0IDJCBo4FacGTkEACYdDZyBkyHQEDZ6G4CHTETJsJkJHzEHoqHkIHbMAZyf+gsgpyxA30wrxc1ZrIW7OasQtsEH8L3aIX+6McyucELXCGQUy+N/nd80el/fxPLh5LLP2WOp52+l5AmbXcdTbqMeU1+Tb9pHWGCTPLFUwTOv8fW1G8LZ94fym71vZSyqtsf1Q32WnDVeYM9OcsW3YNswAM8AMMAPMgHkMZBXd6n2P1/+87wrMLT+rGLxx0xZIjDqI5OiDeBZHHoWH8TzusBa/oOMLh/A85iCen9uP59H7UkLUPjwTIXIfnkXsxd/he/HX2d14emYXnp7ehb9CduFZ0C48C9yJvwN24K9TO/D01HY88fdF0oltSJZC0nFvJB/zxtMj2/DkkDeSD25F0oGUkLh/Kx7v24LH+7yQuN8bifu34fE+bzzcvxV3D3ghfpUV7Gv9hAF5i6Dl1/nQ6vtCsK3VEs6WjeBSrQE2N2mPjc07Y2OrHtjari+2teuvBe82/eHVsp8WtrUegB1tBmJPhyE41GUkTvQYC/9e4+DXdwKO95sAv/4TNbEwcNBUBAycjMCBUxA4eBoChs5AwIg5CBi9AIFjFyFk/C8In7wUUdOtED1jFSJnWiF63hrELLLD+SVOiF7hinOr16Nuzcb8n/RMFubNvS85nXl/MNhO5tvpTHhkKo87c6fIZ3U76629efTEyff6fKOpimNnLdWdGquKRz2z0Zp3WX2sM6t9JBRmVBBWx/19nqe1Flxm2YjrMf/5y7ZiWzEDzAAzwAwwA2/HQFbRrd73OLJQqAg0q8eNwp++7ri/xxP393ri4d4NeLh3PR7s8dBiOn642wOPdrjj8XYKbobwyNcNj33c8XgbBTc88nbFw62ueOTlZggPt7hBC5td8WCzKx5uouCCB5tc8WCjixYebnDBow2uSNzghkRPdzxeT8ENj9ev044febjjscc6JHp6IMnTE0kbPPF4gyfublyPW6vXYkPj9uiXtyiafp0Hbb4vAM/67bCtTmt41m0O15/aYlmtpphdpRHmWTbGAssmWFitORbVaIWltdvCql4n2DbqBscmPeHRvC+82w7E7o5DsbfjMOzvPAwHuo/A4R6jcKLPOJwcMAmnBkyC/4BJOD5gIo4OmIwjg6bh6LDZODJ8Dg4Nn4vDI+fj6OiFODpmIQ6NmosDI2Zh77CZ2DZgIrwHTcHRaSswp/eo9/oi/b5vIi7/7R62bL+cZT+9dRPJ647WHczOLLTs0CPV+oXqhijvs3/kDU/TcOu16ARax08EWtOQpmWqO7++z7Zw2e/2nq7TrKO2k7UYU3PiviMmo13PwQYO0svTrFMfDBw7A627/Wx2Hq3MDr2yxVRfZvLdMsn2ZHsyA8wAM8AM5FQGWChUBLT3DUJWMDj95/6WzRr8Zm+Le66OuOtij7uuDimxix3uu9jjvqs97rvY4ZGLfUpwtsMjQ7DHYyd7JBqCAxKdHJHo6IhHzk544OyEh87OhvDIxQWPKbi+jp1d8NjZGYnOLkh0dkOiyzokOq/DY2cPJDp7IMnFE8munkhy9kSyywYku27EE/fNKWHdZiR5bMbtZXbY0LA9+uYpip9yfYtO+QrBt3Fn7G/cGQ41GmFKqcroW6AUOucphc7fl0Cn70qg43cl0TF3aXQtUB59ilbF4JK1MKZsfcyq0hQr67SH60/d4dm0F7a27Ivt7X7G7o6DsL/LMBzpMQpHe43BwR6jsKf7cOzuPgo7e43Ftl7jsL7zMNi1GYiVrQZgeYt+WNK0JxY26ITZNVpiauXGmFihISaUr49ZtVrDtee4D77D3/vmm8vnP6bMwL8MDB45AX4nA0HedhT8TwWBhLbsbKMO3fsZ9Yn69zabv2RnW3Db/2WdbcG2YAaYAWaAGWAGmAFm4ONhICvoVpnBE3sUSoJo1Uq18cfKtbhr44jH9i5IpODoiiQHZyTZp4RkLXZCMl1zdE6J7Z2075PtXZBslxKe2LngiZ0bnti5ayHZfh2SHDyQbC8FOndYb3zN8P16JDluQJLjRiQ6btJCktMmJDtuRpLDFiQ7eOGJ01Y8cfbGE5dteOK6DY9dvHBnmbM2TXhCiSpo9XVu9C9cAofa9MbWOi0xqUhp9MpXFF3yl0XnfBXRIX8FtM5bFo2/LYE6uX5EjS8LolauH9HgP8XQ6vtS6F2oIsaVro2Flk1hXacdXBt2wqYm3eHV/P+z9x5wVR3b/vj/83/v3ndzb5Ibjb0goIAiSBcVG1Ys2LtiQwFFBBERRJHeOyq9IyA27L3XmB5jS0xMU3MTG3m3Jfe99/191tHhLsd9DgdBQ5I9n8+cmbP3zJo1a9asWbOm7OmocpmFna7zUTN+IbaNm4+KsW4oHDkLG4ZMQ2y/cfDvMRBuna0xtnUPjGndA6PfNMPYN00xtb0F3Ayssahrb/haDMIKS2cE2Y9BdzO7X7SR4GV0VrWMX88Ao7al2pYqD6g8oPKAygMqD6g8oPKAygMqD6g8oPLAL4sHVEMhM6C9DOZtDgSf7+yKL8NT8W1sBu4lbMKDpCw8Ss3Do5RcPErJQa3GZ6M2eSNqU7NRm5bz2KfmoDY1R5OuNjUXtal5T3w+alO5L8APqfmSL0BtWiFqUwue8o/SivAgrRT300pwL7UY91KL8H1qEe6lluBeWhnup23Gg4wKPMysxKMNVXiwoQrfbajEvfQKfBOVh2iHYZjSsh2WdTPH3rGzkdd7GBZ3NMbkDl0x2cASbkZ94N69P+aa9cNkQ3uMbNcTA1qaoM8bxuj7ZyMMbtEN49qaw83ABr5m/RBmOwJJDqOQ6TgK2U6uKBo8ERXDHxsMy0fORP6QyUjuNwbrbYbC16wv3DpYYNwbxhjxuiFGvNEVo1p2w5R2Flhi5oTQ3qMROWAcovu7ImHIFMQOnIwRtuo9hS+jn6ll/LIGIrW91PZSeUDlAZUHVB5QeUDlAZUHVB5QeUDlAZUHmgcPNAe71cvgBXVHITOIZs30xtXVifgyNB13wjNwJzIT38Vm4bvYHHwXl4P78Vl4FL8Jj+I34FFCFh4kZONhYg4eJeZq/IPEHHD/MCkXwj9KojT/TivyUPgwIRcPKUzMxYPEXNxPzMX3iXn4NqEQdxMKcDchD7cTc/CNxlO8CHeSSnEnqRx3kyvwbUoF7qZV4ev07bibsQ1fJxYjzMoJ81q1Q2hPO+wYMxsptkOwsIMpZhr1wpxudvDu3h8Bls4I6OWMZT0HYYFpf0wz7I0xHa0xoo0FXNpaYHwHK0zrZI2Fxr3hbzkY662HIsF2ODL6jEZO/3EaY2HJkCkocJ6EtD6jEGE7FCvNnbDQyBZzDG0wx6AXFhnZYJFJb3hbDERk/wnYSPceTliEsokLsHniPOyY443y6Z5YN2m+uqOQ8eLL6PxqGc1jsFHbQW0HlQdUHlB5QOUBlQdUHlB5QOUBlQdUHlB5oPnzgGoofMlGi5+b4O0MzXFuWSze8Y3DtVVJ+CwoGV+uS8M36zNxO2wD7oZtxPfhmXgQnoFHEel4FJmOR9FpeBSdgdqYTNTGZOBRTCYexXK/4fH/uI14FJeFh/G5eBif97SPy8f9J/5ebB6+j8nFX2JycDcmD9/EFODrmDx8FZ2DL2Ky8EVMNm7F5OJWbCFuxZXgi7gyfJmwGV8lVuDLpEp8nrINX6ZW47PYfIRZO2Fh63ZIchiAraNnIdpyAOZ37IEpXSwxuUsvuBnaYr6xHeZ2tcdMI3tM7mKH0WQkbGeJYW0tMKxNT4xo1R1j2/TA1A4WmGdoA19TR4T3GoTk3i7Y2H8s8gdP0BgJsweOR2LvkQi2HAhvsz6Ya2yP6Ua2mNTJEtM6W2GasR3mWwxEYJ+xiHGaiA1DpiN/zGxUTF6IGjcf7Fzgj4OrY9V7Cl9yn1MHouY/EKltpLaRygMqD6g8oPKAygMqD6g8oPKAygMqD6g80Dx44Oe2W70sPlB3FD4xzhibWOH4kmic847G+36xuLIyHjeDkvD5mhR8sTYFX69Lxd3QFHwfloqH4al4GJGMR5HJqI1OQW0M+dTHPjYNtbKPy9DsRCQj4QONz8eDeObjCjTGwntx+fguJhffRufgTlQOvo4qwJdRebgVmYObkdn4NCoHn0Tl43pUAa5HF+NGTBk+jd2Mm/GVuJlQiU+SqvFZciXeC0nFesu+WNKuE7IHjETFiCkIMbXH7A7dMbqdCYa06ooRLY0x6I0u6PeGAfq+0QWObxjB8c9G6NvCBP3fNMOAlqYY+EZXDG3RFaPe7IqJbU2xsEsvrLHoj1QyEg6fivLRs1Aycjo2DHBFlO0QzW7CuV2sMLatGYa3NsWgN03g3LYHBrQ3x1ADa0wy6o2FXfvC33wg1lg7I23IZJRPWowd81fiSHASuna3VXcVqsZClQdUHlB5QOUBlQdUHlB5QOUBlQdUHlB5QOUBlQdUHmh2PKAaCl8yU/7cBLez6IdDXuE4tTQCl3yj8IF/FK4ERuN6cAw+DY3DrYhEfBWZgDvRifguNgX349LwIJ4MgJl4mLgBD5Me+0dJG/EomfmUTXik8dmaew4fJeeC+4fJdDw5R3NEmY4t30vIwl/iNuJOTDa+js7Hrch83IzIw43wXFyNyMPHEQW4HFGEjyJLcDm6HB/HVuBqXBWuJmzB9eRtuBpXit3zVyLAyAIrOhmh1NkVBf1HY0UXC0w7h/MdAAAgAElEQVRq0xX93+gMm1fawup3rWH2+zdh+LsWMPyPFuj6+9bo8UoHOLQ0Rd9WZujXohsGtuiGwS2M4Px6Z4xsYYCZHcwQ2LMvNo2Yiuqpi7Fvjg+2TFiAjP5jENSjDzwMrTGxjSmGtDCC05tdYfWaAbq90h7GrxvArIUxHN4wwajWFpjeoRcWd7WHr2kfxPYZgy2zfXE0KBl9HYY0O0Hwsiz2ajnNY4VIbQe1HVQeUHlA5QGVB1QeUHlA5QGVB1QeUHlA5QGVB5R44Oe2Wynh9CKeqTsKnxhEXRxHYJ9nFI4ticGFZbF41y8Ol1fF4XpILG6FJ+B2XAq+TUjB94lpeJC0AY9SyPD35MMlaXmoTc9HLYUan//4f3o+HtFXjOldOqXJfRI+SS/y0MdP0uhjJvl4lJKnuffw+/gcfBObh1tRefg0PA9XwvLwUVgBPogowrvhRXg3sgTvRpfi/dgKfBBXhQ8TtuBy0la8F1mAQtcF8OtkiqAu3bBl+CRssHeGT2dzuLYyRJ/XO6DXK23R87/aoOefO8H4T23R5fet0O2/2qLXawYY3NEKQ9pbYmArMzi3NsWw1iZwbtkFQ1p0wpR2XRHQ0xG5Y2Zh7zxfnFqyBjXTPJHZ3xUhPZ3gaWSDSZrdhCYY2LYHrN4whOEf2qPLa53R9XVD2L9pBtdOtpjSzhLT25rCz6wv1lo6I3v0XBxZnYwpI6eqhsKXbKB/EUJFhakOqioPqDyg8oDKAyoPqDyg8oDKAyoPqDyg8oDKA782HlANhS/ZYPFzE9zNeTpqPOJxxCsJ57yT8Z5fCq4GJuOz0GTcjknD/ZRMPErbiNq0bPyQlocfMgqe+EL8sOGxr80sQG1mIX6gcEPhY7+xELUbi1C7sQC1G/Oe+HzUbhSenos0xfghs1BjNHyYkoc7CXn4IjYPNyLzcTmsAO+HF+GdiCK8FV6Ii5FFuBhTgktx5XgnvgrvJlTj/fgteDuiAPmu87Ha0ALrjXtg58gpSO7lBG8Dc4xtZQinFp1h93pn2L5mAPvWJrB4wwBmf2iPnv/VAb1fN8KYLnYY09kGw1t3x8i23TG6Qw+MaNcNQ980wJT2XbHaoi8KXefgsPtKvOUbhv2zlmHjAFeEWQ7Ayh79MLuzJUa1NsXwjhbo364HLF4zgOnrXWD+ZyMM7WyDhZZD4WHqBPcuVlhh6ohoBxcUj3PHQf9Y+M30UA2FL7nf/doEt1ofVRlReUDlAZUHVB5QeUDlAZUHVB5QeUDlAZUHVB54ETzwc9utXkSdlGCqOwqfGGZWjPbCVvdE7F2UgjNLN+D9FRtwc81GfBubjUfpuXiUmY3azBzUZuSiNiMPjzbm4OGmLOY34f6mTXiQlYWH2eSz8YB8Dvkc3MvNwfd5uRp/Lz8PGp+Xh3u55PPxILcAD3IK8CinEI+yC/BwYwHuZxbgy8Q8XIvKxQfhBXg7rBAXwgtxLqIAZ6MKcDamCOdiSnAhrgJvxVfj7fhqvBNbiopZvggyskSCmQ32ukxHimU/+BhaYHoXc7h07IEBrbthYGszDGhl9mTnIBkFe2JcBytM7WyP6QYOmGXsCDfTvphiZI3RHUwxsq0R5nTpiTDbwSifOA9H3QPw9vJwnHYPROmI6YizHYL1NkPhbdYXMzpbY2JnG7h2soLzm93Q58+GcG5rjllmTvDqMRC+Zk5Icp6EPNfZyB4xBdXTl+DEmgSk+qxRDYWqoVDlAZUHVB5QeUDlAZUHVB5QeUDlAZUHVB5QeUDlAZUHmh0PqIbCl8yUPzfBoyb7Yot7FPZ6xOOEdxIuBaTgZsxGfJuVhXvFWfiuNBPfV2ThXlUu7m0pxL0dBfi+Jg/3duU/9nsKcG9PAe7vLcSDfUWP/f5iPDhQgocHSnD/YAnuHSrB/UMluHe49LE/VIr7B0vx8GApHuwtwYPdxXi0qxgPtxfiQTkZDwvxdVohrsfl493wAlxYX4TTYUU4GV6Ak5F5OBldgNMxxTgbU4HzsVtwMWYL3o7djG3zgxBibIOMnn1waNRMpPZywiozWyzqbo8ZXW0xrnMvjG7bE67tLDGxvRWmdbLFbAN7zOvigPkGvTHPwAHzDR0wz9geM7pYYWInc0zs1B2Lu1oj2n4oKicuwLGFK/HO8vV4a0kIaia5I6u/K+IdRmKdzTD49HDCAmMHLDCyxwJDW8w2soVbt95Y1nMg1tu7IHXgJJRNXoi9C/2wd54PjngF4UxoMqrWJTQ7QaBkXVefqatTKg+oPKDygMoDKg+oPKDygMoDKg+oPKDygMoDKg/8tnjg57ZbvSx+U3cUPjGIZs72Q6X7WuzxisQRn2hcWBOHL7Ky8KimCH89WYq/XSrD3z+owt8v78Dfr+zGP67vwT9u7ME/PtmDf366F/+8uQ///Gw/fiT/+RN/6wB+FP6Lffjxy734SeMpvg8/0rPP9+DHT2rw4/Vd+OeVnfjnB9vw13NleLSnELUlxfg2qww3EktwKawIp9cV4XhoEY6FFeBoRB6OReXhRFQxTkVX4Ex0Nc5FbcXFqArs8ghDmIkj8m2cccSFDIX9EGLhiOWW/eDRoy/czfpirpED5hnYw92wN5Z07YdlJv3hY+IEn679sNS4DzyNHbDIyB5zDW0wq4sVZhn2wtJudoizH4pqMhQu8MfbPqF4b/l6HJu7HFtc3ZA9aAKibIYiyHwA/E37wdfYAUFm/bDGeihC7EciqvdobHKehqrx7qiZvRQnlq7GueVrcW5lJC5EpONYYrZqKHzJBvqXJWjUcn5bA6ja3mp7qzyg8oDKAyoPqDyg8oDKAyoPqDyg8sCvjQdUQ+FLNlj83ATPmx+AMvcg7PRcjwPLInAuNBZfFmaj9mAR/vl+JX76bCv+9dUO/PT1Hvx05wh++uYQ/vXNwX/724fwL+Z/un0QP94+iH/ePoAfvzmAn77eh399vRv/+mbX45DiX+3Gv77YhZ9u7cJPN3fhp+s78M8Pt+CH0wW4V5ONByXFuJNVjhtJZbgUXo5ToeU4tr4ch9cX4XB4AY5EFOBYRClORlbhdOR2XIzaiQuRldjnHYd4i8HY7DgKR0bOQIbNAIRZ9cMqKyes6NkfARaDEdDTWeNX9XTGKgtnrOo5GAHmA7Gy+wCsNB8Ivx794W3aB4u7OmC+kS3mGVpjmbEdYqydUTV+Po4s9Mel5aF4f2UYTnsEYO9MT2ybOB/5Qycjtc8YxNuNRLzNMGQ4uGDj4CnIGjkbRaPnYdtETxyYvRwnPFbjrE8ILq4Iw6WgOFyM3oCLGSWqofAl97tfm+BW66MqIyoPqDyg8oDKAyoPqDyg8oDKAyoPqDyg8oDKAy+CB35uu9WLqJMSTHVH4RPDTPb8UBQsiECVexz2eMbjVEASriVk4vvyXNTuK8APR/Pww4lCPDpZitpTVfjv05X46+mKf/szFfjvMxX465OQ4j+c2YzaM+X44XQ5fji1GT+cLMcPJzejlvyJctQeL0ft0TL8cLgUtfuLUVtTgNptuXiweQO+zc/AVxkb8UlCDt6PKMSZdeU4FrIZh0I24+C6EhxYX4RDYUU4ElaG4+HVOBm+A+cjd+F8xBYc8ktBqo0LKvqMwZHh07HRfjAibZyw1m4QQiwHIdRyKNb3Go6QXkOxxmooQqyHafwa62Ga3X9B1kOwqtdg+Jj1g4exPRZ2sdH45cZ2iO41GJtd5+LQghW46BuKDwIjcX5ZMA7N88a+WV7YPd0TW1znoXjoNBQ7T0X50GkocZmD0nHu2DbFGwdn++PkwtU4szQE55eH4lJAJN5dm4x3E3LxQW6laihUDYUqD6g8oPKAygMqD6g8oPKAygMqD6g8oPKAygMqD6g80Ox4QDUUvmSm/LkJnu4Wi+x5CSidn4pt7uk45JWKC/4puJWwCXc3bMJfsjLwff4mfJeXjW+zs3EvdxPu527A/dyNeEA+byPuS/5e/kbU+bzsJx8zycd3eXn4S24uvs3JxV+yc3EvOx/3NuXhfmYOHqbn4mFaLr5NzsaN2A14PzwL59bm43hwKQ4GlWNPUBn2hJRi77pi7FtXikOhFTgSuhXHQ3fg9PqdOBe+DUf8M5FqNxbF9qOwb+hUbLAdhCib/gh3GIoI22GIshqGWKsRiLIdiUh7F82R4GjHMYjsPRphDi4IsR2OVVaDNTsK3bvYYH6nXljUxRYrutojptcglI2ajUPzfPGWbyg+Co7B2/7rcMLDHwfneuPA7CU4Ps8PJ9z8cGjaUuyb5Ikdkz2xfZo39s1eiWPzg3DafQ3OLQvFpZWReC84Ae+FpeO9lEJ8mFvV7ASBknVdffbLXp2y6TtE5bOXLN/VPvPL7jNq+6ntp/KAygMqD6g8oPLAr48HSCdub2yh6sWqXqzyQAN44Oe2W70sWazuKHzCFBvcYrHJLRZF8xOxeWESajzTcMQnHe+E5OCTmCLcTSvHXzLK8F16Me6lF+FRejFq04r+7dOLUEtePBP/656VoDa9FLXpZXj0xD9ML8PDjHI8zKjAg/QK3E/djO+TNuNuXCk+iyrGe6GFOB9ShONBhdgfVIzdQSWoCS7FjjWl2LmmDLtDKnAgZCsOh2zH0ZAdOL5uJ86s34YTAXlI6zsNGVYjUNF/IhLMnbCuRx8E9RqIUJthiLF1QardGKQ5uCLdcRzSe49DmuM4pPYZj7jeYzQfJPEz74/Fxo8/RjLf0AaLjGwR0K03EslQOHQqjs72wbs+obgcGIMPAqNwwW8tji1egSPzfXBy3nJcWOCPs/NW4MS8FTg6LwCH563G0fnBOLVwLc55rMdbPuF4yy8Cl4Ji8W5kBt5JzsOHORW/WCFl5TgYsxZ4wc19KVzGT4fHspUYOGJck9Rn3FQ3ePqs1MCes3AJ7PsPbxK4L0vINJdyxk+bi5/+9S+Q+9vf/o6xk2f9Juk4wnUq3n3/Q7z/4WXsPXBYVRAboBg0F15W8XgxkzWaLFVW78A3t+/g+3v38d3397Ble81vUk780nhs976D+ODDj/HeBx/BzmmY2maqXFN54BfGA6SjkQ5NftSEGc/dfk5Dx2j0cdKXB4+c8Nxwmhs+XCZvrtqmkXck86ie/J2+8U4mVpqxjnTi//u//0N4TNJzwdG3PDXdi9FbdNHV1KoPzl+8pOGVQ0dPgNpcV3r1nf5tpBoKX/IA83MTPGNGLDbMjEX+nCQUz0tG1cI07PLMxHG/XFwKLsbViM34LKYCX8aV45v4MtxJ2Iy7CRUa/21iJb5NeuITK3E3sQJ1z578v5tQiTvxlbhDYUIFbidU4pvESnyVUIkv4qvwWWwlPo2pxLXIzbgcWop3QkpxenUZjq0qxQH/Yuz2L0bNymLsCCjFdo0vw85VFdi7uhr7g7Zi/+ptOByyC0fXbMOJoFKkOM1FjPkIZDuMwzojB6w0sscKs34IsnRGuPVwJFm7IMVmNNLsxyKz9zhkOo5HhuMEJNqPRajVMPj36A+vrg5YbGQL2lW41Ngea7v3Rbq1MyqHTcPx2T54z3sdPloZictBMfhgdRROLw3EycX+ODXfF+cX+OHcfD+cdg/AKffVOOkejFPuITjrEYqLS8Lw9hND4VuBMbgUkYFLiXl4b0P5SxNgNCG8+Pa7uPn5Ldz64iuUVW59rrJXBoXiq6+/0RiflH5qf/gBG7LzGwy7Y1dL7Nl/CD/+9JMSWPzw3/+twVkV+voL9SPHTj5Fy5yC3+admGHRCXV0+Oc//wljc/sG8+evVZmY7rZIIw8+/exzjXKl9i/9+9cvnSdocvnjjz/W9Q0RoYmYvnVLzczGF19+3agxRd+y1HT/5k0az+/dv69pMprw0gRfpc+/6aPSQqVFc+UBE0tHnDh9Fv/zP/8jRG5d+Pe//wMFxZv17svF5VX477/+tS6/iJC+nFdUphec5oaPUrtxeUd1fF5dds36aEEiTXj5yjW9aKSEk/qsecqYAcNd6/qWqu83bRv93Harl9Xn1B2FTwyiiZPikD4lCdnT0pE3Ix0lszegau4m7PHIx5FlhTi3shTvBm/G5XUVuLp+M66EVeHjiC24Ekm+Glejt+Ja9FZcjdqKK1HVmpDiV6OqNe8/jqjGx+FbcDl8Cz6KqMKHEVX4IKIK74VX4Z2wKrwVWoVzIZU4HVyB46vKcHhFGfYvL8eeZeXYtbQMNUvLsNO7DDuXlWPHsnJs99mM7b4V2OW/BbsDqrE7YBv2BO7C4ZA9OBhQjjinhVhnNhIp1uMQaOCIZZ3sscS4D3zNBiHYfAiiLIYjrtdIJNmORroDGQonaAyFyQ5jEWk9AqvMnOBtaIslXWywxMAG/l17I9piILLth6N6+DScmOmNd7zW4EO/MFwJisHVtQm46LsWZ5cE4uzilTi/yB+n5y3H2UUBOLNoNU4tCtL4s4vX4LxnCM57heCs9zqcWRGOC6FpuBibhzMJL89wQ7v0aEIh3F//+rcGGUzIkEcTSH3d/fsPQDu59OnYS3xX1e18qw8+GRJXrF6nF1x9yv6lpiEDD62wkp84Y54iPfYfOvoUOZ9Xufql0kjgzZVD4nvDHraK9BLpfwkhKc7Z+SWa9s/YlPfcuyS5EbWhMuGXQCcVR+2KIu2ylR2NEWfOXdS7f5w8c64OREMMjGq7aG8XfWhD/f/ut3/R0J7azHXKbL3bTB/4aprGtc+Lpp8+4/+LxkGF33AeIV33X/961kBYJ0SfRL79y3fobtNPa58mffzzW1/K2Z75f+OTmzp3VDU3fLTxFJd3VMnn2YxAsAPXRjxFI9VQ2HAe1tZGzeU5nUATJ6l+Lfp+c6Gtaij8je0oDBsdg7QJG5E1KQ/Zk/NQMC0fpdMLUO1WjB3zS7B3USmOLK3ACZ9KnPKtxKmVW3ByVTVOB27FmdXbcCZoO84G7cCZ1dtxmuKrt2vimucUD3zsTwduw8nArZq8J1ZV41hANQ6vqMIB3y3Yt7wae3yqUeO9BTuWVGGbxxZsXVyFrYuqsM29Cjvct2Dnoi2oWVyNnR5bsHNJNXb6bEWN7zbs9NuOHb67sGvFThwM2IrSaTEI7zUNkebjEGA4CEs69cVCgz7wNB4Af1NnrDcfiSgrF8TbjUGKwzikOYxHeu/xSHVwRbT1SPgb9YZX+55Y3tkGAUYOWGvqhBTrYSjuNxY1o2bi5MwleMdjNS6vCMP14Dh8sj4Zl1aE4qTHSpz1XIW3l67BOfeVOOcRgDOLV+GU+yqcWBiAkwtW4pR7AE57BOKEVzBOLFuPM8HpOBdViN3rsrUqAk0tGGr27H9qgKQ/q9aE6VU+7TwhgSs7EsZ0XI12Nii9/9///V94LQ/QWUZKZpYMVvOfYN6+c1cRLiWIT87QCbep6dfc4J06c76ObtoMgMNdp+JR7Q+aQZPoSe3Y3OrxMvD5NRoKm2rV9NdIm5fBU7/0Msxt+z+1e/v6jU/R065/g+UD37VMR/t/6XT5peDPJ86qofDXN9mtjw/1Gf/rg6G+f7l8Qwvn8i5C2kH44Ucfa3Zk1yl0TyJ0HQT1c6V2khd5SAZ8ePkKyPBFce7Onn9LEUZzw0epnuIZl3dUt+c1FJKB9cq1GxqdmHbT+wWuVaSNKFcNX24faQp6q4bCF9dmqqHwN2YoXD06DpumbUb+zK0onLUVJXO2o3zuDlTM24EtC3Zg26Kd2OlZgz1LdmHf0hrs99mF/ct344DvHhz03YuDfntxyO9xKOL0X+N9KdyHw377H6fx3aPJt2/5buxdvhu7fXajxns3dnjvwY6l+7BtyT5Ue+1DtSbcj62e+7HN8wC2exzEzsWHUON5EDUe+1HjtQ81S/diJ+VdugtbPbZj17KdOOC3DYd8SlA9PQrp/dyxwnAoFnXsB7eOfbDA0AnLTAYj2Hw4wqxcEGM3FskaA+E4pDqMQ7L9WERYDoWfgZ3GSBjSYyDCLIYgwsIZ6XYjUTpgPPaNm4ezc5bjXY8gXFkRgU9CEvFZeNrj48dLAnFsoR/eWhKMt7yCccFjNc55BOHMYjp+vAonF9JR5JU4tTgAxz2DcdQrDCcDMnEqtBi5Pi/nfgwaHOkoguz0mdhR3gcPHj6VlQyAdORMVmLoWDIZprgjxcjZRfnOlAWey3lSTfyzW1+ADFx8wKAdc9euf/JUWsLht7yLgk/Qn1dp4jT+Ncd/jcYwrgxRn3veXZK/Rtr8mnm5qepGhmaxs4Umls97dJXLIX3Gk6bC/7cOh0+cVUPhi5sYNVc+4/1OHf+bf/tTf6XFGOGozxaWPH1HOem9tPDOXXRC6lO6MPEjH7MpLY3/fBFYaWGfdHPOy80NH46bUpzLO6qzyvPNn+eV2vFlPOO6sbqjsGn5RDUU/sYMhd6jo1Cw6BBKvU6ifOkpbF52CpU+Z1HpcwZbfM9i24pz2O5/DjtWnkNNwDnsCziHA6vIn3/KH1x1HgcDL+CQ5A8HXsCR1Rc1z+k95SMYewPOYc+qc9hFcP3Po8b/InasuIDtKy5gm7/wF7HV/xK2rXhH43f4XcIOn/PY4X0GNd4nULPkCGo89qF6ThUOedfgbPB+XAjegTN+xcgdvhzLuwzFvPZ9ML1Db8zu0geLu/XHCrPBWGs5HNG2Y5HSeyJSHMYjyW4s4mxGYY3ZACzrbI2VJn0R6TAK4XYjEWI+EPHWQ1DYfxz2TVyEc/P88Y5HMC77RuBGcAJuhqXjxvpUvBcQicNzfXB8vh8ueq3BBU/yITjnuQZnPIJxevFqnPZYjZOLVuO4x1oc9YrCqYBcnA7dgqi5658avF+UEKXjBUqOjHj17SKhuwy5I6VE18XpYsWO51GaQNLAL991eODwMZ30yMor5mDxyaef6Uz/oujZHODSRzmES0zb+Julgz5twRXrX4viQDvCxPEK6pPPe7fgr5E2+vDEbz0N5x/qE897byc3WCjJ+d86nV9U/fnEWTUUNu1k6EW1WVPCVcf/X1abk/FCLMyQ3layeYuizka6tRjXKZ0sU6nf02K6cKTD9x444hlYtBDE4ZCRkvNfc8OH46YU5/KO6q4aCn9Z/K/Upi/qmWoofHG8oRoKf2OGwmmjApG36h0UB3+I0nVXUBZ2FZs1/goqwil+BZURV1EdfQPV0dexM/o6dkWRvyF58fxJGHkdNZHXsSvyOnY/CXdFXkNN5FWN3xlxFds1/hq2hV/D1rDrqA6/gerw66gKv4qK8GsoD7uOkvBPURJxC2WRX6B03Q0U+r+PAq+z2L7ibexcdhYHfU7i1NK9uLRqP95btx8XgrZg78IUpDq5Y5nBYMxp1xtT2tthWmc7zDV0wNJufbC6x2CEW45AnM1oJNmPRaLdWERYjYB/175Y1NEKi+h+QrM+8DbvB8+u9vDv5oBku2HYMnoODs9YhguLgvCu93q8tzwcV4ITcWVNEq6uTcYF7xDsmDAfx+auwHmPEFxcsh7nvUJx1nMdTnuuxSmPNTjuHoxjnuE4tjQBpwKKcXZ9DbzGL3tq8H5RgvPCpXeEXoFzF97SHOkVD3QNuGR84Bcl01b9+gyLVAfZCEi7/4aOnvRUXeXdhLJCpI0WfGehNiVJW95pcxYhLikDsUnpdcoVfb05t7AUl955H8dOnNYcA6GjvPru0BL5CX+6o+vjq9c1sBJSMp/ZcakNL2+/1Th6/FTdF93eevs9zf1zMq2JrlHxKZoVZfogjXB0pxjdNUd1Cw6NqiuX0q+LiHvmuWgjgkV5xPELutSa6k7lU13oiMa2nXvQd/Cop9pOWz2oLPpgDuWj/GT4dV/iq8kr46INRn3PabU8v7i8Dkcqh47WUNlUhlJ+bcawteGxOH32ggZXOrJz+OgJzJjnoQhDCa5oN8or6EUf5KH7QJXS0zPil5jEtKfori0t7QKg9lkfFV9nCCQeJv4lozkZCMjRvZ0CZlL6pmd25GqDT8+10UZXHm3vqG6lFdWayQ3Rg+hCl7YvWxGklR4cVteeDiCjt2gTgvH2u+9r+oK+/fF5ebCx7cLrIeLEB/sOHtHIBM4fTbkTuqE8uNBreb38Qzwm6lBf2JSGwsbSi/o/yS+SxXScj3inauvOuv5A8k30Exp/tNWN4BAfkhwkONR2ND7UJ9NFfyVZTGMnwSEZS/JZ9AeSMfMW6zfuUzvQuCDkC8k5+konwSVP95iR02UopHSEt8CB8KA+GRmXrFVeaqMLPQ8Ji9HIJJJL2vokyXy6GkSXLKIxhd6TV+oPzyPnOd5iXBZjGdWbxiPqLzxdQ+JN3b4CR311B8FPJLP1Gf8bUjdK21BZQnkETk2pRyjhrUR7uptXtC+FSl+wFXUS/Y94Xx7juVzQxdcCL1p4F/ytxLsiHQ/pXm3h6AMLVCZ/z+P83ldZLx44YtxTBkdd+jvpScLJunJzw4fXXylOfCbuZKU6ZWY9/mDisDGTNTKe5DO1MdGLaKJr4ZTaj9qZxgIuw14ELz+vPiLTgPhsx659mjpSPUnHbohuJcNT+k88SXMhIY+oHD7mKOXhz6hfEY48P311WNdYS++oL5FOS/KQ4HG9/L0PPnpqt6woj67NorkG4UiezzW4EfzXsjFA1PvnDlVD4W/MUOg0YC7i17yHpHUfInX9x0gN+xhp4R8jI/IqUsMvIz3yKjbE3EBG9HVkRl/HpuhryCIfpew3RV3FpsinfVbENWRFXkVW5BVsivz4ib+CjZFXsTHyGjZGXkdmBPlPsCH8OjaGX8WGyOtIj/oUydE3kRD9GRIiP0Vq2A1kBn2IzGVnsdnvArYuO4ljK07i6IJyHFtUgNN+JTi0dAM2jVyGNT3GwquTE+a0t8eUDjaY2tkacwxt4NXNAau7D0Sk1Qgk27siyd4VsbajEdprGJZ364v5BtaY1qEnxrc1xejWxhjbuhvmtO+BVSaOyOg/HptHz8PuKUtxZPYKHJ3rj8NzV2DHlEXYOnEB9s7wQs2khTg4wxtn3YPw1tJwXPKNxlu+0Ti/LAInPdfhyMI1OLhVbnEAACAASURBVOIRjuM+aTgdVIpdPoUYYv/i74zjd1HRhMLNfSkqq3cI/UGzq48GSCUBRMeLuaOPJyilU3omGwKPnzr7VF5+x4qSIVEJJj2jiS53whClLT1/zu/1oQkKfV1OmyOcgkIjn8KZw6J4UVllnbFGCQ4ZcAJDwrXCIBrRR1+0OWqvXXsP1OUnJZEUPl2Of+WLp+fPCXf+jgZTmtxqg0146PpKNk3q5CMzHMc7d7/FpJnz6xRcGReZrkr/Ta36aCb+HK4c/9vf/o7lAWvq6CXgcGMY3dVIdKe7gbQ5mlRr6xMEk+or74aVYZESw5VQgQv/eIguOlD5tFOQHNFfHA3lPCyXKf5ru7NS4MBDTpvGKFX19QW6eN2m75Bn2kbgQgZpbfwnaEATH5FeDhvLg41tF44P7aqmiasuR4sSuniMw1OKPw8Pcp7ShRtNQpTKVHrWFIbCpqAXTXz5Dhq5fmR8pkmbcNrqSHCoX2pzJGNoDJVpwWlL/ZUuzaf+pM2RfNA2mSVYJIO0ORpXaFImZBCVp2SwSNuQUydzlWCJBQa5Ltr+G5jZPEWb0Mi4Z+hAbSnkFpVJkzgleHxHHD8Z0Bg5T+UQ7Q4eOa5U3bpnNAbQeKSEl7ZnTdm+VEZ98lJJd+Bjdl1lpIiuMUVb3Z5HlghYHKfG6hECphzKtA+PTnzqflVOAmpb+ggIedI7tDk+xtMCBXdkqJBxEP/lPrBn/2GtaUUeCsV90aQnffnV14q6gUivS6byEz6y8U/kFyG1Dd/FyI8xNzd8BM7aQuIBbigk/Z0WUbQ56j+Lvf2faRuZl4ReReU2JS83Vh8RdCB5Sps7dDnic30/HCngyiEdg6dxRJsjfVnbXIbGHjEWacv/9Te3FQ1+XJ8lI6M8j+C6L+FMOqSufk14uIyfXicfGqPTyjRS/5tDNRT+xgyF5rajEBl7HTFxnyA++XONT0j5HOQTU24hJuEmouNvIjH1K42PT7mF+JTPn/EJqbeQmPYFElNvgeJ1PuULJJJPvYUk8mlfICn9cyRnfIGUzK+RkvkNUjJvI5l8xh2kpt9GRvo3SM+8jdSNd5G06S7iN9xBXOrXWL/2faSGfoCcoAvYHHASFR412OOxFTsmJyFv2ApkufgieYg7lps4w6OjIxZ2cMCc9raY1tEG0ztbw83QGktNHBDY3QlR1iOQ4jgOiZqvHY/EGgtnLDdzwlxDG4xtYwrnFl3Q7/WO6PdqB4x4vTPc2poj2MIZqf0noWD4bFSMWYgyFzek2I/A2m62SLEbgm2ubtg3ZTEOTPPCcdpV6BWKt1fE4t2ARJxfHoPjnutxwiscx5fG4IRvOk4GFWPnshxYWwx8ZiBramFEK2fCkdCkI2akGIlJua67/rjCQrsJdX2FTcZbHthJgNMzSkeh2A1BuNEuPDm/rv+zFnhpJmtzFi7ROtlSys/ro3Rno6ATD2myJcMi/Lmhk6dXitOXiWUY9NVCXQMzhyOMrFyR4e95nE8U+BZ8mrxxwxV/x/PriiutXpPCqWuCrgRPxkWmjfyflCWuJCrBFM+IpjPnez5Fb24ME+nqC2nHhtJEnoyMXPnWBYfqKRvHOC666MD7D9VJGAK4YqWt7JdtKCSjhz6OlHel+0p5v6wPjtJiRVPwYGPbRfAsycjvvr9XXzU077XxmIClLXxeHiSeool0fU6bEU0JH952tJNAKY2uZ01BL9qN0FCnhOvG3EK9wFB/pJ11vF68v+oFROFYIcEjWcd3i2mDRTJXjB9cPgicNuUWacv6zHPaXSjy1Re+894HdfmPnTzzTD75AwlC5+BwiVZ8YklGM3rfWDlPMPQdl0n/UZJFHE8eb6r2JTj64kiE5rpDQ8d/jr+2+PPKEgGvqfQIAU8pbCjtqf/oMiYIBqbdxlSezI9KskHgxXfike5MY4941xRhfbhw4xgZXyi9tnLpHdez9TVqcnjNBR/CQ18dULQvyUU6YSPXR8CR5WZT8XJT6COEM42N8v3wom5ySHWp78ORnA48rmtRSi4nIXXDU/SUj7jL6fl/pbGA6w88rYhTvYQxl4yvNA+tz/3jH//eBKAaCpv2GLJqKPyNGQoNTB0QFvMpIuJuIibpC8QmfYH45Mc+Ke1rRMXdRDjt6ku5g/iU24hL+RpxaV8peHr+2MemfoU6n/I1YilP6lePfdpXiE8X/mvEp3+j8XFpdxCffhcJaXeRlHobCWm3kZB+B4kZ3yIp7TZSEm8hOvAcNgSeRLH/AVQtrULJ9DSUTYhC3nBfrOruAvcufTGnsz2mtjbHnHZWmNfBDnM62GFGJzvM6WIPd2N7LDftgyDzgYi0GYHE3mOR0HssomxcsMZiCJaa9IWbkT0mdrbCkFbd0PvVjujzehc4v2GMMW+YwK2TDQJ6DkGsoysyB0xGmqMrwrs7Ib33SFS7zsUu2lU4cQEOTffE0bnLccYrGG+viMb7QSl4OyAJZ3yiccwrDEeXROGwdzx2LklA0dxIGJpYPyV0ufBuqvjNz2/VyVWh2MuD7vaavYp40JEn4XQpT9pw3bK9RmTX7K4Q92DRAMgFvjhGoA1OUz1XGpRI2aOdSmMmzYL7Ej/NUbM6pAGNQVWeUPAjHZSWYNCdMwSDdirQ8TLuaLAjhZzX46OPr9YlofdEKyqHtt/TbhQ+oaf3ZCiidvNZGaxRCGgXhnC0vX+Zf5BmByQdqxDlcMVHHjD5OwGHyqEVayqLjLB8UkhpCAY/MiPzEaUhvGnnDtWF6sEnhKIcGReBr7ZwY06ByKoJCSYd6SN6E56y8Uz+WiA3AnFAdCSf2oV2CFH7CeO5SCP3C3k3AaW78clNzZGtURNmaI4IyztE+W4Zqh/HRRcdOG1F+1N+mogTXck4Qs/JkQGOjmLQii/tglW6s0gbbfXFR1t+2SBBK8+02k/9gPoTvyqAcKVJHIfFFy3oPeXPKyrD5FkLQB8xoskcbxeK8/pxOmmI8Zw8qC8deHm8XUSdeL8mfGgyR8fmiB7UL8g4zJ3MYwKOtrCxPEhKd338Q/1KW/nycy5Tn2eMaCy95Du9iLY0btHOc+oryRlZiruHZVyJD0V/IhgUJ5lMfEhelunEh/xqCM4XvH1pJyMdNSZe3rl73zNlyIsafMwUeJBMJhnlsWzlMzJZpBELCdQ+tMDBJ0skH+goNdGKJlskT/niji45JLc3X3gkI4S8mCKfQiA6ynWUTzmIiWBj5by8+EbGIhoXaZciyWcylHBHxxXl+mn731Tt2xjdgXBoyPivrS7ieWNlCcFpCj1C4KMtVKI98VV55VaNDkA75Wp/eFquinYWsoD6n9yHuT7DeU/Xojg/Fkx6iDacn/c56SN8vKOxlMNqqLzl6bXt7uXw5XhzwUeJB6iNSV9IyczSyEfq63y+Q++JljTfEPXicIiHuNxsCl7m8AUPPq9OzOdfBIt4nHiddGtPn5XP6Fa6+FbUXw5l/U0z7m2rqZsPcX4X9OTzIXmOQIsgZEynNCSr5PaQjdWcPwW9aBMH6eM0dtNOR5o3El353ZycHjQ2kk6jtDjQkLFNpo36/1kjo2oo/I0ZCtsa9kRQ4IcIXv0hQtdcQeiajxEW8jHC111DWMgVhK+5isi11xERckPj14dcw/qQqzo9wVnHffAVhAZ/jNDgy1hHfs1lhK75CKGakP5fwbpg8lexbs1jHxL8MdYFf4zwNVcQHfgB4vzOIcljL3IWV6NqcTG2zk5C7hBvJNlOxfperpjb0Q6uLU3g0sIIo1sYY3xLM42RcFZ7W8zsZI8FRn00hkB/s35Y12sIou1dEO84BrH2oxBuNQKrezpjqakT3IztMaGTFYa16Q6nFsbo37IbhrTqjpGtzDGhbS8sNOyD1RbDEWU7GjE2I5FoOxKbXdywa+Ii7Ju8GEene+HYLC8cnbsUJxevxAXfMHwQkooPQtLx1qoknPGLwxHvSOz3jkT+jBWIG7MY7V4wz9HKltj9RAMAN1ZxhVVpZxMJZr4aKXa1NUR4kvAWjpchf3FT3p3RkDIaklYelAgneccXwZOPJJOCKcqRlWsaiJQ+7kKre1zh4wYjbiildlGqP5XDjamywsiPbsnvBK5c8ZEHTP6O2ojecwOMgMEnrrJiJX8khxQb4huRV4R8FVyUxXc3inTaQm4IJCOgUjrOz1QXYZSmtNwIROVTPejeLhkOTaLpaKFwtDuTG0Z5GZRm687dz8Cg+tMOWeHkfsdxkduE40NwtK18UzpuIOF9i8PQJ64vPkqwyEjA7zAlfDndRR46Pi+cTA9+5Fc2voj8ZAAQfYnyC8MCvW8qHtSXDrraRTY2iYUZUQ8KKT8dwxauocp9U/Ag4dFU/MNlqmx84/VWijcFvei4End8B5Yok3aqkdzgTsaVGyyJ18ZOftZYSkZ44j/hKrZsr+v/nC/oPaULCH72Y2U0weMw+CKZLPOJN/ikTNSHdrlzR/D4hJfKEI7qonTHLL/Cg/LLdwiLsuSQH2ck2PKYwekocOB0Ini8z3LZ1Vg5z8cqMtDLRkwqm6fhZcv1lP83VfvSmCIcyf+G6g4CL33Gf5FWW9gUsqQp9Aht+InnMu1pYVa+55P6Dh+LiMa79x2s658CFjeMEN+LsYTLQ8qrdPxY1v3SN+Y+A1+U8zwh6YUyf/DxVKaD3K+UymyMfG5O+Mh1pzYimc7pI+rP9Q1Kxz8cw+HIcrMpeJnLNir7eXViedGDPkajJM/IWM6dPjwh6CTrb7SgRAsq4r0IaS5DtBJOGPtoXCUZKpxSfyMYdM+gcLKxmvMnpeFXAojyKaS5K3dkNFSih7w7UpeOzeGr8WeNgko0UQ2FL9hoIxO9ORB8wYxCRPh9iLiAy0hYdRVJq68iZfU1JAdeRerqa8gIuoH01Z8gLfATpAd9Wo//5HFaSq/Jcx1pq65pfOqqa0gJvIqUVVce+7r4VSQHXEXSyqtICLiKuMBriFt1FcmrriAj4DI2+lxE9uKDKJq7BZUzs7BnZiK2jV6BTKuxWGNgB7c25hrj4MDXOsLp1XYY8Kf2GPonA0xtb4Np7Wwws4MtFhv1g6/JAASYOWGt1RBEOrggysEFay0HI8DUCT7d+sLdyAEzOlljbHsLDG9rjsGtTDGwpSmc2/SES0c7TDZwxHzj/vDtMQyBPYYi2GwgEuxHo9xlLnaOX4RjM31wZo4fjs9aisNunjjq7otzy9fhw7Up+Cg0E+8Ep+KUXwz2ea5F5Vx/rLQfgYEd9euYMt805D+/z0RWirnCT4OAfMk3H1BJQGszRunCh0++aVIhJiN8QH4Rxze04cQHJaqzvNOB5+MTHm544nUiGLruSOT0p3qK+nMFTIn2Ag/aXUgDN925Qe0hnlPI66J0JJjScDrLAyZ/R+2rZDgjGLJyzI+pXXjr7bqxWzaqcVwJd250lnHhaZXipAwSv5LhW0k5oDxc0Sea8okzbzNCWJfRmx8t4nwv14GMPUq40jN5ws93rnBcdNGB9z+5PlQGbz9dcLThKJ7ri49Iz0O+EKCrH5NCyXdacnoQPGpb8kpGe3rPaUFtwo0rTcWD+tKB4yK3y/5DR+v6gyxvOd247KUM+k44m4oHCZem4h8uh2TjG6+zUryx9CK+4kez+GKMXB6vL9Gc48plB73TNdbRDkHheBtzvqD3dAm8jIP4z3eKcFlEHy0SjniLdsiIPHLI+V7mQzIC0jNyugzRtDBC48vgkRO0liOXK9eTL3LJY4WoiywruXGXJnaijMbKeT7eymWKMiiknaZUbyUjHU/H43K9n6d9uYyh9nke3UHgxPudtvFfpFUKm0qWyP3qefQIJfz4M5n2dAclfy/i3HhKY6KSEYnw5YvnXE/gOh+XDwI+1w1In+U7ikWa5w2pjvzKAeKP+nRyfcYNzidKddKGb3PERyycklzRtgBC9SHc+UkWbXJalptNwctcLjdGJ+btpkuGU33JiCgcr6u2thXPuTyi/HQqRbyTQ76zkMtsmqMI/U3OI/7TAptwMn68nrTzUpt+zzcb6Op7sq7ZGN1Y4K+G/7ZVNAe71ctoj//vZRSiTxnNgeDOjnORsOAQEucfQar7cWR4nsRGz9PY6HlK4zd5nsYmzzPY5HEGWV5nke117lm/5N/PsrzOgTyly/I8i00epx97DRyCSfAf+02epzTvNlKaJ+VQnhyPM8jzOI28xUdRuGgX8mfkYtusdOwYtxbF/eYjx3EaQkwGwa1NT4x6wxiDWxjC8bUO6P2HNuj3h3bo/4cOcGljjrFte2J6B2ss7tIbviZO8DVzQmCvIQi2HY6VPQfB09Ae8zpaY1YnW0zqYIVRrXtgeJseGNa2O0Z26InRHS0wpoMVJnZ2xLQu/TCnSz8s6joQy82GYoXJYKw2HYzM/jNRPnIRdrp64+jMQByY5ottExZhv9tynF0ehg9DU3E5nAyFKTjhF4Pq+UHInLwELm27w7BtV61CWR/+qS8NCUx+fFWsAol8NJjyrdyy4kvv+cCsj1IiYIuQD0Q0KIvVWz4gy4O1yPsiQj4o6ZpIUNnyjguBO4ehdPSK400TEVqlI0f1FJMqaht+RyKloaMv2gZJDlPEOR7aJgqczvKAyd/RwKu0c4XKkvlAlFUffwk8RciPpMm4iDSNCXl9ZJ7ifEgGLT45kMuUFQ1xfxbfBUvtKdpSzi/+1+zZL3QjjZFUtC3HRRcdON3l+lAZvL664Ah8tIX64qOUn/OgvFIsp6ePlQjXkAkLweG0IBgvggf1pQPHhbcLf044cmOmTAv6z2WvqI9SOv6sqXiQYDYV/3AeaEi7NgW9OD2oLeiIN6eXHOfHpDiu+rY9weM7G6jfCWOEXB+6GkEuX/zXRjM+GapvbOE7TjgfUhnyPYGkB9AxMFF+Y0NukOG77flORtI3xPUYNL5YOjy+j5noxHlfaeeWLvw438r1pqNq3JFBVozbumDq864p2pe3e33tq013ELhyWPrKD5GXQt53iGbPO57x9ngePYLjpC3OaU9tLhvQRD7ej3n/Fu8ppPFdLFrK/MPzU11oQZfn5cYSbfB5+obE5Xt+la6k4HSgNtOn3TmfNATn5oaPXHfCTxd9+b21JKfFyRAOR27/xvJyU+nEhKPgUWpnbYZxUX/ZgK20g1yk5SHnjfrkEeUjGgo6cjj1xbmhUNZVOQ7yHFXAlenBF9dEGh7yndJyeTydGv+3AVBfWjQHu5W+uDYmnWooZDsnTU37Im1qucZvnF6N7NnbkT9nR50vmLMTBW6PfaHbLhS67X7i99SFRXP3gHwheXo/d/eT/7s0eQvn1kD4Olhzd9Y9o3dF83ejZMEelLkfQNm8fSifuwuVC7ajaFoWMp0DUTbcF5WDFyLTYiTCTQdhcWd7jGphikGv0YdHDNCvhSEGteoK51bd0P8NI/R70wiD3uyKie0t4G5gBy8jR3iZ9IOPxSB49xyABUb2mNHOEpPbWGBCW0uMbWOBUW3MMaZtT4xr3xPTDayxoFtvzDMi3xcLjJ0w18ABC7s4ws98KAItR8LX2AlrLUYgpc8UZA2YhVKXxSgd6Y6CobNRNX4RjiwKxLvB8fhwfRouBiVi/7JwFM5aieW9XdH7tS5o37m7zoGuMUxOefmEhgZEpUuX+X1D8qqVLJwbsqVd4C4PEGJSRQMyX9XlR6JF3hcR8kGJH0dQKosrDVyh4DDknVEyHK6UyIodNyTRO3JUDhlnaSJGg78wLslw6T/HQ5vCyOsgD5j8nbzKx8vTVgf5eX2GET55lXHh5emKDxszWXN/HR3ppOO9tAJPH44g/PmdW7y9CB6fAOiqqyib01YYwDi9ZPgiHw/5bjuqr+B9josuOnD6KpXH8dEFh+OkFNcXH6W8nE7Ev7SKT/fEyJ6ek3wRTqkNqL50jxodPySaf/rZ5xo4lFYY20V+we+cRvSuMTyoLx14mbxd+HPChd7R1y1lWtB/oge9F64+OSJoz9ucly3ey6E2HqR0HFZj+IfzQEMmok1BL14HfejBxzuOK297ahOaNCm1Gz17+PCRaDbN3bRi0YHXp77FCG0048/r4wkaG8Rik1x3woXvqBEIk4wkI11l9Y5njm7KvKPrPx1FE47GKyqP0oudgoQP3RtFOoNwwiDI7yfkBkRe3vPKeW5cE+VSSPeYfXj5CuhDSEpHynnZ2uIvu315eVQHIfMEfpxX5Hcija6woX1HmyzhcJTkusChvvqIdEohz6urb/F+zPs3h8lhyf1G3hHLT0/I73TtvuLl6RM/duI0Z1etXwqXDVH6tDvnE200kXFsbvgQfrzdiFi6dn1TeuJLPscQCwYcjtz+jeVlDptwfF59RIZT3yYNkntC/6U6ibrK7Sr/57xR33gj55X/08YKuvaDDLj0MTTSfegLxqRbEE7CyboGx0Fbm8r00JZO4MTvvZbLE2nUsOFGQqKZaihkBrSXwUTNgeDtDHsi03UTNo7fhLzJ+cifWoiiacUo1vgSlEwvRsmMEpTOKEXpjDJFXzazHKUzpXczy1E2swxlM0sf+1ksPrMU5eL/rDJsnl2OzXM2o2xuJYrnVaJozmYUTS9E5cx8VExMxFbXddgy3BvZduOx1sAWSztaYk4na4xoYQLnP3XG8FYmGG/igImWTnA2sECvV9vD4o9t4dTSCGPbmWNmJyssoN2DRvZw794Xc00cMLWjJSa364kpHXphWidbzOhsh9ldemNRNycsM+mPYPOhiO89DuE2IxFoPhAruzvBt5sj/Lv3Q5iDC6L7jcV6u+GIchyFlEGTENtnDKIdXBDfezQy+k5A4bBZ2DPbB2/5R+HtoAQc8Y1AxYLViBg5F8PbWsLuz8Yv1EhI/Mt3J5CQpsvNSWiSMic8Kerc8V0QJJz5ZENfJYP3HX5BNJUtjCV8YKPy6xtQOczGxPmgVF+ZmgnNE+MGVyg4DL4FXwkveYDjih29I4OXLkfl7jt4RNFgyPHgcDkeXPGRB0xd7zgMbXWQn3OlmucXcX3LE+l5qA+tOB15exEcPoGQ6cDLEXFOW8H3HH/qN+IYucgjh9rK1PZczs/pK9eH0nJ89KmTDF/81xcfkZ6HnE6c/vXFuSwgeKQIy7JIFwzB75xGlL4xPKgvHXiZvF34c124K70TxmhOW6U4b/PG8CDB5rAawz+cB0RfUcJdftYU9OJ1aCg9OK687ZXaR9szan8xKeP14Xwh15v+a6MZfy7v8Jfh1FeedR9nfPHl19pQ1zwXHwKQYdf3n1+tQHSnewoJH3EPpFh0pHvkhBNjJd91KO/qJxj1jYkCHoVKdKYJK9VLlyPjJn1oqb568vf10Zun5e3I+Yw/F/Tg+Xicl0d1ETJPpOGw5Hcija6wMX2HywsOhz+Xy66vPnJ6/p/nVWpzkZb3Y0538Z7C+mBxunIYfNeWPH5x+A2N0weOuNN2t6aAy4+2cvzEeznk1zvok7654SPqw9tNqT+IdCLkfMl5hsPhzykfz/M8vMxhE47Pq4/IcOgDJqJeSiHHW66TUnrxjPN6feONyCOHNM7IHyzh/CzHZbpyHLTJscbQQy5Pxl/93zCDYXOwW72MNlN3FEoG0XkD3ZE3MxNFc7JQ4paDyoUFqFpYiCpNWIAtC59490JscS96xle7F4H8Fs17SlOo+V+9qAhbhaePkLD4No8SbF1cDAp3eJZiu2cptnqVonppKSoW5KFoYiK2TU7EvolR2DdmFcqcZiPKpD+WtuuOyS0NMbaNCUa0MoHrm90xvoMlXI1t0c/AHCavt0PH/3wNxv/5Kmz+2AbDW3XDFAMrTOlkiVmGtpjdzQ4zjG0w1cAKkzv1wuSOVphuYI+ZXRzgZuiIJaYDsKqHM6KtRiHTcSIye49DqsNopPQehbQ+Y7Bx4EQUjJyFMtf5qJq8GFumLEb5hIXIGjYFiX1GIc5+BFIcXVEwdCZ2T1+G88vDcHFVHHZ7r0fm9GWY2dMZln8yhFEbE52Cv7EdQV79lIW1tv/yHU9ciNPxpYZ8gILqwO/O4PdPyIKfH19qbN115ef1qW9Vihsz+eDLYdS3CifXU2kgpCNktIuKjLfaHO1wkWnP8VCCS3TgCoQ8YOp6x2morQ7y8/oMr/xeNhkXXp5SnL5OrORopxl9CY52+tDOQuF4exE8PoHQtetBlM1pK5RrTi9duxoEDG1l8ue66MDpK9eHyuD46IIj8NEW6ouPUn5OJ6I99XGxCKErpC8hi92y/Ei6aD8KaYWc6kXtyhcs6J3gd04jet4YHtSXDrxM3i78OeFC72hFXRcd6B3VUdsl4DLNeZs3hgcJLofVGP7hPCD6ioy30v+moBevA28LpfLoGb8DkOPK257ajnbqPXxUW2/bURqSawSb16c+XLTRjD9vyNiiqzw6Ukp3r/EdvVRH7uozWinRU9yzSGXTR1uoLcQOHnpHeaiPiw9MEK/Tf/qKuXDyKYXGynmBJ7VFTkGJZsc54afNJaRu0FsP+znbl/AXMk/UkfOK/E6k0RXyvtMYWcLh6JIjnH5K9dGFK8+ri9d5P+b9m8OuDxY/0k9GcHH8mB87bip9Vf5oHhkJZT2P405x3u50qkJ+L//nOnh9x3WbGz68Lrzd9OEfzpfEM/os6PA8z8PLMo7Pq4/IcOrbUcjx1tU/OD0pznmpvvFGzkv/+a52LmMJB1qsIZlPupv8gR7O4xwHbXKsofTgczdd7ahUJ/WZbsOhaiiUDGgvmmGaC8FtLQei0iMTWzw3YMeSbOxZno+9ywuwVxPmY69Pnsbv883HPj8t3jcfe33z6rwmrW8+9pP3K3ziC7Df93H84IoiHPArwkH/IhxaWaKJ712ehwN++Tjsk4uqSeuxfdRqnJq4FgeGL0Whw0QEdLbGzNbGGPbnjhjUoguGtzHDmFbdMapND/RrZQyDV1qixX+8gjb//x/R/b/ewPA2JnBp3Q0ubUwxwaDXY+NgZwtMMeyFaUa2mNDREi6tTDGylZnmfkLXnRmY6gAAIABJREFU1j0wvUMvLDaww8puTgg1G4T1Zv0RYzEYKfajkNp7NDL7jkPO4KkocXFD9cTF2DrJC9umeGHb1CUoHOWGjAETkdF/AopHzsauaUtxymstTvhGonxRIHwGjId1S2MY/qkz2r3gY8dcYSIBTpNuXV4IeVKM+P0W/AuBlKYhxy24YYjy8oGIBD+f/HOFrL5+R8cvisurNNvc6YtfdJlufXnEez4oKX2RVKSjkAZfMfHhigaHoU0ZFXD4fThEA20DoUhPq3PrIuI0hkMqkzt5UsXx0AaXKxDygKnrncCHQnmQFmXRc36Piowfh0Fx+c4YrizIafl/fmSZ6EGGwcCQcA1ePB3B48cvxJFASsP7A9FB7Gzl+Xmc32UmVlr5nU76KGPcKMHLlHHRRgfiHfEBEKXyePuRQqYNDq+XUlxffJTych7k/VsprdIzXkdqW6pnXlFZ3eSM5+Hy4kXwoL504DjzdpH7Ax2j5vg3RbypeJBw4fwjy4aG4Mp5oD55yOE2Bb1ketR3hQX/EAnHlbe9MGhxXPWJcznJ+UIprzaaaXuuBIMf4a2vPJGfrh+he/yEkU+ML5SfduKJdPqE/LQAHTnm14yI/klwhCylMujjKbRIIPo6/5hYU8h5bXhTOXTVCL9zmXAQOx+15ePPX3b71qc7cF7h9OY464rLfYePl0r5tI1n+soRTj+ifUNw5nl18Trvx7x/8/rUB0ume3hM0lMGbyqf8y2H3ZB4SubT92mSLlWfXkLw+Q5BXR/LoLRcRhDNdRmumhs+Mi15u1Fd6BoBOQ3/z4+fkiFcnADhcGReaiwvE+ym0IllOLrajeos92VhFOX0UIrzU2fa+otSPvFMXuS98clNkKFdvBehX+BaajKNk3UNfeRYQ+nBvzwtlydwUkPdBkFt9Gkuditt+DXVc3VHoWQQbW9kgUPLM3F4eSZOrMjCmZXZOLMqF+dW5eJCnc/D+cA8nF+dq+wDc3FO43M04fnAXJxneS+syquDdXFVHt5anY+Lgfm4FFSAt4MKcX5lDk75ZOC4RyIueKfi3IJo7BjsjoPOi1DTbxYyLYdjSSdLjGlliL6vd0CfPxvAubUZBr5miL6vdYH5K23R+nevouXv/ohO//knuHYyx1LLQZjeyQLD3jTE6E49ML5jT0zuaIEZXWwwx8QRkw2sMJQ+hPJKOzi80h4Or7SD06sdMex1A0xo2Q2z2vTAnNbdMb9dTyzuZA3PTtbwNrCFn6Ej/I0cEditL9aZD0as3Sik9Z+COAdXRFiPQJy9C3Kcp2DbJA8cXRyEnYuDEDdhAZwNrNDxD23x5n+1f0aQNhVzCzh8IkDHgUjQindyKCsT/O4+vjJDUp7fRyTDkf/zIxI0IMtHfbjiSbDrMzQJ+PKF5bq+HCjyiJAPSvUZV/ggyBUNcQ8T4VyfosZXp4kG9U1kBZ4U0hdg+Rc95eOJvC7alG5dio+udxwP4h0+weJl8a8E1kdPfoF9QwbvsOgEjYJBP+KYG8dPxLlhWlYA+QSC4OgyeMv9QShp8vP6+JX3QVrVF3hyvtdFM131IVhy++kzyRA48JDTpiHtQjB4X6C6NBQHWcElXDhuIk6TN9qtKNyL4MHGtgv1E87jz6N4i/pqC5uKBwm+zD/Pa2jmcqghdW4KetHOebFjjXhDl7GaH5eltBxXPrEgWa/vRIu3E5eTsvzh6SiujWb8IyH1GbF4v62vPLl8+k/3DIqFMKJHfRNvGQY37NFJhBOnz2q6Jx8rKQ8ZWoQrraiuay+SNVxeNIWcl3FU+l9YWiHQ0SxM6NvWTdG+XF42VnfgPMTloVKdlZ41lSzRV45w+lEDNARnnlcXr/M+wfs3r78+sPjXs0mmzFrgVcczZAgSu+E53IbEg0Oj6uBRhMY23hd0wSIjJdGAHIW6PuDEjfeUVsmIQ2U1N3yU6s/bjepe37yG9zWu13A4Mi81BS83hU5MOHJdguuPSrThH++oT67w/HwjCOnWur7iTffGkowmP3W2u0ZP47tsaTcs4c3hiziX7bwt6L0+cozg8oVi+eSbKEeEHKZcnkijhqqhUBcPqIZCyVBIxFrm4oZ3Vm3EB6uz8PGaXFxdk4vra/Nw44mvi6/L0zyn/8JfC8kF+ashOXWe/l8PycONkPwnnuJ5T549ia/Jwydr8/HJ2gJcXZ2Nt5fEo9LZDeUDpuP4BB+cGrMER4bMxxbHyQjv2hdz2nbHkJZGsHutE2z/1An9W3SDzZ86occrbdHhP19Hy9+/ira//yOsX20FT1NHLOvaG/M6WWJUm64Y1toYru27Y3KHnpjVxQYLzfphrqkjJnS2wOCWhnB8tT1sX2kDhz+2Rf/XHhsLx75hhIktumJqi26Y0dIEc1v3gEf7XljawQre7XtheQcr+LSzwMrOtlhnNgDrzZ0RZTUCyX1cUTB8hman4e75/sif5Y251oNg9Eob/Pn3rdCilZGiMNXFtA15xwc7GlD1mQCIVX9KLytCfDCg93Q8qD58aKcfd0oGRn4sidLSoE0Kiy7YdAyEBkLh5MmGrrz0jg8gBEMbbQg3bqTjSgk3/hEMXQYjrjTwgZhW7996+z3QbrUDh49pHWD5xFFWfHldtE2QOS/IA6aud5yOXLGi+nIFnyvm9O7Q0ROK7ScfaZFx4eXJcV4GGaO0Kel8dVRWADkMwpO3p1weV54IDv/CIjf+UR20fQFO5hF+tJR27hBcchRqm6jyyYpcH8KZtx9NzpU+ViTXTek/p40uw6VSXrme2voT5U3bkKP5AA1ddE27keiZbCjUVgduxCO6vQgebIp24Qq7rralPrVn/yHNpd+0Ck8fflCir9KzpuBBgsv5pyH9UcaJyyFZRslp5f9NQS9ePtGcDFNyOfT/3fc/1PQ58cNxla/q4O9kWLTYQ++Jj+kIopgccTmp1F85HI4zL4tgc6dtbOFlUXq5PJqY0ZhAYwzvKxwHitOVDcLpSifno/98Z62AQSEdt+cymvMZTyePWbIc4jB4+brk/Nadu3Huwluaui/29lfkA3nnuTb5y8ukOKe5TG85rbb2leWltvYleNp0B1EWL0OmpUhTX9gUsoS3ry45wulHfNAQfuN5ddGe8xDvV5wO+sDii3RUp/c++KiOdYvKKhX5ipehK04GeqqDcDTmatMjlODI/U6bgUbeGcmv/uFwmxs+HDce5+1GtCMa0rUKPI2Ia4zg7ONpdBcq5af3HI7MS03By5wHCc/n1YnlsVHbJgN5sYwMaqKugh7aQtp1yXlR19eVueGSxj6CqY8MkvlQlhEchi6ZIOvDXC/n9SOdUpwsIvrL5fG0arzhxkJ1R6GCAe1FMlJzIrh5Dwd8sm4Tbq7PxtcRebgdmY/b0QW4G12Iu1H5uBOVpwk18ch83CFPzymdxufiNuXT5KUw/7EPz8ed8ALcDs9/yt+JKNA8vxtZCPK3w/Jw0z8ZB0ctQFbPASi1GY7Dw2bh0LA5KHVwRXiPQXDrbI2BLYxh86oB7J54kz+0Qcfft0Tr37+ON//wGjr//o8Y16k7Yh3HYoWBLea0NsHoVsYY2c4EY9qZYmK7HpjR2QoLTPpgkXl/uJn2hmunHhja2ggD3uiE/m90xrA3jeHa1gzTO1piQWdreHW2gY+BHYJMnBBlMRRxlsOQYDkMyb2GIa7HQKTZjUTxsJkoc3FD2eh5KB+7AOVj52PLNC9UzPFBQP/RsH2tPd78jz/jj797E20MXuzXjjflFgkdRLMDix8l1sbPfEWRBg5+tEIWvAScBl46RiTDo0Hh/MVLdeVThOAt8w96Ji3l5bv2RFr6cpYMl/7TyikdO+VOl6KtBIMPSqI8ohdPq3QJPL8jhAZhvrpFcApLKp6CQWnICMjdnv2H69LwFTZKQ/cpcRwoToM4/9or7djgabgBlwZDcZcOT6NL8dH1jsPgihXhygdzam/x5U1RV5p8EO6k/NKuE76zVKRpyODNLxGn/Er8sW3nHgFaE8oKoKy8USJapZVX8Qk2d7JBUcaFlG+5H9DuJK6okIHY0mFgXdvJu3RJ0ZfxIH7jCpxcH2ofbmQjnJXowttRW5zThtpFxkVbPnou9wXCMyEls66uIi89407sWqZds5zHiXcIpshHYXh04jMfOnkRPNgU7UIweH0oPm3O00dxqH6ysUPbJIDTQcSbggcJlr79X5SrLeQyVd71rC2PeN4U9OI72wSPkWGe6kcyaM7CJU8ZxEQa2ZAgf4WeJk0yL9K4yNuX72ygtGLntVJ/FXWmkNOM48FhCDxlwwTV6dObn4vXmlAuj+68FY4WEeijIrx8itMXoCmfcPxDZnJabf95PQQcPs5RPqqTPF5SWvmCfpmvleSZLjlP5YirGgi+NgMM73skm51dJjxDG6X68raR6S2n53SR21emRUN1B1GWPuO/SKstlGn+POOZvnKE04/ah8twbfiJ5zyvLtrzsYzTXcCh8P+x9x7gcRVX+/jzj62+6r2sykraVV2VVe+9F0ty773gXnDDRe6yccVgGwO26ZgSSiAhoYXQ0giBNBK+hJqPBGxj0sP3fb/3/5xrrjK6urtaSburlXXu81zd1S0zZ855Z+7Me8/MsTYtcW0/GduEF2v602J+4u+pcxb38eIljKr128Rn1H6L63ySbESOK++j9QjF7ey5e/rd42zyKMsg/i/aTS4XYYH6B+J91B8TP/LTveIMEjEdJZZsgWVb9YmVHr+EvVUbtvYpK/WfxI89yrKKejH3WxmIRPyoLT+jbHflD8LiO5PeM9T3lZ+hI72riFQUN2XfX2wrLbUJZBvRA570QVOaxfzIAePvf/+HmB0ThTbmtZyJtxJtb+vf7FFoBjj3LduMjw+exZ8O34VLxy7gyvELuHriHlw9cTeu0u/jF/DF18erx++Wfn9B9x07j8vHzuHK0fPSfvnYteOVoxfwBe1H7saVIxf67vL5oxdA99H1ywfuwEcbD+GFtjm421SJi0UNuFjShjM5DdiRWoHZ0SZUBRqQ4x2LTE8t0jwjEO0ZigA3P3i7aOA3zgOZ3iFYm1WFPRnVWKvNwEJtOiaE61EXHIv6oDi0hSWjIzwVU2IyMd9QgIVJhZgWm4HOyCS0hSagLTgBk0KTMSvSiMXRudgQX4CdCQXYk1iIo2kVOJNdjzuy63Bndi3uKWjCQxUdeLJ5Op6fuhgvzLwB35u5Ek9MXo4HJizAhY4FuKVjLuojExA+zh3e43yg8bHvtGN6CRK5IW/iQMZSRVJ6VCgXaxaJRDlteslSZ4peItSpJ+8FaryVG123lLfaAua0EC7J8PA3nwQttC5OL5PTF78SWkpfvCa+lOR06EhelPRV/idvvtWvDNR5Vk7Lo4E9lV/caJBCadAuej3SPcppZMovnrIMDz78TRBxKXoT0DV6CSvXEBK/ONI9RE7R+k/UaZS9MSx1fCxdE3UmdqwoH+XLXPlFmu4ZaFN2FsT8lL+V2KS0yV5ExBI2lLqm68oOoDiAEGWj+4jIJK9OZeeSrql9tRS9MOS83v7FryS7KwfwdF2NzJbX6ZJlobzIq5fK88UXV+XTvUdleUhHanohooJkUHaglDoV/1fqhnA00E5kiTzAVnpBkdBkH/KYozXhlOVRkpFKfVLdJwwTMU7pqG32wqAt7CJ++ZZlp3aSOuDkmSJ2dun6YMk1sp1SZ4SPwWLQ2vovYkXtt7JNHQg7JCuR43IbZQt9KT3YZb1bOiqJBKW3Oj0rv4eofRDfq3SNyiF6o4ntpFp9FXUn6kwph9q7lt4t5JlCg3+1d6wyP3EqtawDwiB9kCJ9K8syWE9iuSxKoonkUGszlcQGlUFJuKi1Z4Nt50VvcNlG1L7Th5cnn/5Ov49ag/HEs5V9h9t3kHVvzftfvtfScbhtibXtiKg/so2yDbcko/isEuvic+K7TFmv5PusTUucMi/XIWv703Je4pHaF2VAISoLvUsttZlUV+T19eT0qO1UfqClNvWWU3dInvtK8kitD+ts8shlM3cU7SbbQz5Se0azb8jmpFNxU44TxHSUWLIVlm3VJ6aPCMqNPPuo3aJ+g7KsQ8EnfdRXvlPIIYPeUZSPErP0rpA/Jis9pElWes9QP5aeVcpH15V9f/FdOFCbIK7PKeuF9EEfpyiwj9qmzM8cvvi8dd6FTBSaIdDsBSBnU3hxThk+OnEaH99yO/58+k58fvouXDpzDpdpP30XLp+h/RwunZb3u3CJ7lHbT53D5VPncOXUeVw5deHa8bbzuHLbeVy+7Zx0lK7ddu7a/3TPbefx+YmzeG/7XjzdMRV3FZbjVE4pjuVUYYexAgti89AenoGygEQYPcKhdw9BmEsg/Nz9ofHwQcA33FHgG47VKcVYF5uN2UFxmBZuQHvEf4jCuuBE1IUY0BaRgmlxWZibkIPZcZmYFpWCyeFJmBqWjNmR1wKaLI8rwNr4QmxMyMeWhDzsMhSiJ6UEx4zlOJtbiwcrJ+Cxxsl4ZuJsvDRvKV6YtwzPzroBj1KQkyk34GzXfNxY0YxMv2CEjPeC13gfBEXqLZJmw8WasuEeKLKvmJ+40Ds1rvQ1SLxOAxjlC0WtYRbPqXkFiGnKv2kQPZiNXkZK8k5Oy9JRfCnRi3ag8tALk7xe1NKk9V8Gep7KRLpsnDC1Xxo0mFN7karpgdZVUsqg/OIoP0f5yS9y0etM+cJUXpOfUeZDHSuRsFF7mdO0TdHTRpZFPlLnQvTGUcqizFP5v9IDU05XPL7/wUe969iRXsVBvDiAILu/9/u+HjliOvJv0YtUlIe+GCu/ksrPKI9qX2cpLSJ9lYSR8lkaCMiDAWV5ZHmUA2M5DTUbyc8oj6Ju5OcHOirloTSswbKad5Oax7Iyf/pKLA5o1cpnCwzayi5ESlizDdWjxBYYVNb/obSnhCWxTbWmzHSP2EZRGrbQl9ILVykLkbQUBEne1IgEmvqu9EiQ71celW2y2E4q64eyzok6U5Pj9B0XlNn1+99Se0f50Uc2azaqkzSwVcpozf/Kd5C59bGU/RK1pUgov+G282QD6htYsw227tnSvsPtO5CulLqXy6ysWwPZcbhtibIdGU4/wpys1upefJep1StK39q01Ii0oXjdymUS9STbypqjubaE2ioiGAfaqI8qf9STZaGjs8kjyqb2W7QbtVkXH31iwD4H9VuV4xgxHaVuRZ1YqkdiGqR/e/VHSA9Kbz5z9h7qmIjyoPZ/oP4o5Ut9/Jau6X3eFfQRbaCNnEjk9JV6Fd+FanoUsUB6V3rKquVtKT8xPf5tHTko6snZeCtRNlv+Zo9CC4ToM/v34eP7zuPTh+7B54/ch8u0P3o/rjxyPy4/cj8uKfeH78Pniv3Sw/fh0sP34/LD9+PKxb775Yv34/JDtN8n7Nfu+fyh+/HpA/fgs7vP4f3Dh/DMzBk4U1GFnakmbE0txvL4QkwOz0BNoB7ZPlGIcfVDpFsQfFx8ofH0ReA33FETosPekjZsNZZjRrge7REJaI7UoyE0HrUBMSgNjENZcDzqwvRoj0zB1Oh0zIrNxMxoI6ZHpWJaeAqmh6dhrjYTC2NyMUebjemRaZgbZcSy2CysT8jF3vRynCpqxgP1U/BI6zQ80TUbz85ehGdmLsSTUxbgvoaZeHDSEpzsnIu5phIkePrAd5wHvL2C+zSwtgS1nJY4lZe+BFlanFZ+Rj6KX7rVPNjovqKqZsnrbiBSgL7yiNOX5TwsHellJU4dUnsB0PpHO/b0DFmP4ktp/83HpcWdld4Vcr7k6TjQ4Jn08fY7v5Qf6XMkHVF+sueMWtnpeVo7S02fdI48nDqmzjFbXpp2J64dQgLQi1iWW/RcpIGRfJ5ksXRNlJVezmIeyilj8r10H0WjpgEsfdGmKVZEylHnmq5RfnLHVpRRfn6gI+FTntonKlrWMw145Gld1DkWv8KLni9kV5KHphaqEb309d3c+laijLTmnpo3I8lGcpqbbi+nQVNklNM+5HKRR6k+o6D3urn6SGkRGa/86jtQh0uWgY6ibuT8BzqqyUOLXSs98uR0yO5UF8y1RzTd31w9ojRp0CYuTm5PDNrKLus27TDbntEHCIruTDgUbTHY38PBoLX1fyCZxOlHsr0HOqp5uNhCX9SePvPsc/jjf38qtUEffPix5J0qB7wSF/c3RyRQO/Liy6+abZPJc5O8MJR6IVvK7aRa/RDvF3UmR1UXr9Nv+pCk9j6k9o7KSPcMlB9598ltotImcrtprk4q5TH3v0jMWdKp6LH92BNP99OfnP5w2nk5DfKskj+yKMtNRDB54w227tnavsPtO1BZB3r/y/qw5jjUtsTadkTUH9nEXBuuJqv4rKW6JXrjEqFgLi25z0dpmVsXl54VsU3vWHoPqaVpzTnl0hZKXJr7X9mXEfOid665+k3pUfugXBpFft7Z5JHlMndUYoDKtXjFerN9QiKw1PreynTEmTq2xjLlZYs+Mb2/1Pq+ZGPyer/t7Lkh41LWN/XBqL+utsnvCnH8ID9Hx0PHblXtC0uy3X6XNO6QHQmU737xY7e1ji30IU0mHkV5KT8Kdkne6XJ+ynGPKDf/ZqLQHAaYKLRAFJaW1eDym8/iylvfw99/+SL++auX8M9fvoR//Yr2l/HPX/7g651+X9v//s738fd3Xuq3/+Odl/DPd14CHf/xzov/2d9+EX9/+wX87a3npSNdo///+rPn8Zc3n8dfXn4aXz79EN47cQAPT5uMA3nF2KjPxQ3R2ZgSlIwavzhk+oRB6+6D8HE+8HPxgZ8mACHjPFDhr8Wy+BzMjExCnX8EqiPiUBcRj4aweNQFxaHYPwYFATEoC4pDQ2gCOqKSMTU2DTN0GZgRl4HJ0WnoikzBxMhUdEakoTE4GZX+iWgINGByuBELo03YZCjF4bwW3Fs3E4+3zccT7fPwVOd8PNk1H4+1z8Vd5RNxpn469jVMRpvBiEh3b2jGeSA4MnHYjbk5UDv6PL0AV6zdLL2g6IsX7eRhQQOx4XSmqBy0bgoFvyBvLPISobSJAFV+yRpKmUWiUCRTqNNO5BCtAUIEz2DLQGvQ0XOzFy6X0lmycr1qJ8WczPQVniLrUf60UzpEFJm7X3menqf1SuiL6GCeU6Zjz/9JJ/Km/Ko4mHypc0wdxM5pc6UgEITFwTyvvJfw1jV9nmQ/SlN5faD/ichduX6LJA/ZTu3rvaU0aKAi2n2w2JPTpi/n1HkmHMjnRuJIdYnqApVJ1ou1clA9Ipw0d06XbDxUXZjLbzAYtJVdGtqn9NqXPoYMFh/myiKeHy4GxbRG+rc99SUOSsyRWnL541Nze98JcpusNvCU77fXkTyjqT4Np72jQaD8fqM6Se3dcNtNe5VXTtcW7TylIbdFVPfUPPvl/EbqONy+A8lty/f/9dSWDMemVD9kIp76LeYI/eHkYatniTCmAGHUBycSnPrN9A61VfqDTcfR8lCfY8GyNVIfmuq7rfsNgy2/tfcPpj9CaVJ7Ru8iub8qRx+2Nj9r7qP2iD4wyX1SCrRm7buC2g4au9BYxhbjtYHkJQKVdOio/AaSZyxcZ49CCwSaPQDgrAp/4NRBfPHOd/G3d1/AP997Gf/6/Q/wr9+/gq/+8Cq++sNr147vv4qvaP/gNXz1wav49/uv4t/S79fx1Qe0v/H1/vX/H76Gr9T2j17HVx+/ga8+eh3//vBV/OuDV/GvXz2Pf/zoW/jy2/fjlQ0rcLigCBsMJsyKSENTgB4FPtHQewQgws0LwS7e8B2vQYCrN2JcNGgK1WOZvgBLkgrQHKpDRUgM6iMT0RSeIAU1KfPTIt8nAgW+EagMjkNzVDK6Yo2YocvCXF025sdnY1GiCYv1JixMyJamJk+PzcK8+DysTCrCptRi9OTW4lRJK+6rm4LHWmfh0dZZeKxtDi42zcS9DdNwsrgNR0omoLuiA2WRiQig9RN9w0bspW0P7I7WNM0RhaO1PCMtN32NJe8o+mpH60ha6hyIa1HyV77Bf8kbaVs7a/6MwbGNJQrKQR8eqE358KOP+3hNi5glT0HRq82ZB/6i3Px7bOOb7T8y9qcAQORJRRsdZa9ktsfI2GO06J37I4yP0YLVocjprLzVUMpi6Rn2KByAEE3NyMMfv3UOf3zmPC49fx8uv3A/rrz4AL78/sP48uWH8eUPLuLLVy7iy1cfxtXXvt5ffwRX33gUX/7wMXz5w2/iyx8+gb/86An87cePS/tff/I4/iLvP30cf/npE/jrm0/ibz97Cn996yn87a2n8JefP4Uvfv4krvzgPlz51hn89eKt+HX3jThaWIiF0QY0BsYjxzsGBq8waN18EDzODb5uXvBx8UDIOC+kugViSpwJm/KasDarGp2RySj3j5KIwpaIREwISUCNvxZFPmHI1YSgMECLqggD2mIyMD3OhEW6XKwyFGBTejG2ZZViW3YptpsqcFNmOXaZKnG4qAG3ljfhQn0nHmyZjEfapuGxjll4dMIcPNgyE3fVTMRt5e3Ya6rE0dIObCtshclfhwD3IIRoDUwUDoA7S5XWVteYKLTtS1xc04U61DSlRzmVJyO/Qpr+J/W4v/7zwvdf4frgBPXBVvVqJNNhDNq2To+kLYeSt3JdO1pIXelRQlOFlVP0tu06wG0Qt0GMAcZAHwyQZz5534prlZpbU3Mo7RU/c32/r7g/cn3bd6zXXyYKHfzCdGaFL5/QgQ9PHMDHJw/i09OH8eczh/H5mWO4fOY4Lt9+TNov3XEUl+44gktnj+CzO47g8zuP4vM7juHSncdx6c5bcOmu47h07jg+p/38cXzWux/DZ+eP4bMLJ/D53bfgs3tuwaV7T+Kze0/iz/eewJXzR3Dl1F5cObYLv9u+ERfa29ERHIlcTTh07qEIc/VHkIsG/i7u8HLxhL+rBqHjNMjyCsfEmCzM1+ViWkQ66vxikO8VgvLgaGmdwglhiagPiUNpQCRM3iHI8gmpY5BqAAAgAElEQVRDflAMaiNS0Kk1YnZcNlYZirDFWI5duVXYX1iLm4sbcLK8DWeqJuB8wyTc0zwF9zZPwWOT5uGpGUvw1MzleHzGctzVNBNn6qfhQF4ddmWX41TNFKzPrkWGJgrh4Ql9OiJjvaEZyfIzUWj7l7gYBEcmA8m759fv/rZfdE26Pti1M0cSL5y37fFiD50yBkeHnexhe/IUVFvLjwb3FHTos88vyc1S71EZCdMecnGaYxeTbPvRaXuxfyg3FuRNSNNZ2aaj06YjYTfujzBWRgJ3jsjTmXkrW5afPQqtIETD41Lxs5u249MDPfj80CFcOXwYXxw+gi+OHMXVI0dw9chhXD16M748dghXjx7Cl7Qfo53OHcaXx4/gi+M34/Lxg7gi78cO4otjwv/HD+LyiYO4dMshXL7lEK7ccjOunjiMq0f24+rNe/DnnZvx2qL5OFRShsaAMBg9gxHpEoCg8T4IGO+FADdP+Lpp4Pc1UZjrF4PmsGR0BunRHpggeSAW+UagyC8C9WHxaAtLRGN4PCpDY5AXEAmjTxgyfMJREBiHmhA9OiPTsCA+F6uTi7E1qxJ7CurQk1eLE4UNuNAwGQ+0zcJ9bbNwf8dc3Ne5AOfa5uDO1jk42zoX+0vasKugCVuNZbitZgKOVXVhcVIhUjU85diWlXe4ab38yuty/w+333U3d/6saAsG0jmtX2JuEeReZX/9g6YpW5qePFBefJ07YGoYYAyObVzQupxffHFV2dyo/k8BCsxFZlXDFp8b29hi+48d+3//ldf6tRmPPP4U9xNt0E8cS/WI+yNjp80YS7imsjJR6ODG0NkVnpuej0+7D0j753sO4fP9R3DpwBF83nMEl3oO41LPzbhy8BC+OHhQ2Ol/2unaQVw+2IMrBw/gi4MHcLXnAL48QHsPvuzpwdWeHlzpOYBLB6/tl3sO4Mre/bi6bz+u7tmLz3fswMtz52NzqhE13kFIc/VHpIsfgl184D/OC/7jPeHn5g2fcZ4IHe+DwtAE1AUnYkKQHq0B8WgJ1aMsKAZ53qGoCIhGc1gCGiMSUB2uQ1FINDL9wpGiCUGaVzjy/WJQE6rHRG0G5ifkYW1GOXbk1WNvbg32Z5bj1rI2nK6ZjNtqp+CW2qnYXzIBBysnY1dhK/aWdWK9sQKLddnoKWvFfRNmY19pEyZrUxCpTeJOhoPrlaWGmxY9psVvaR9utEdL+YzFaxSlk6L1ytHG5AjH9EWeoiBTNLKxqBcus+M6jYxBx+naGXFN0Rc//uSPvWuLyW0QHYkgZM+gsY0PZ8Qsy+Q8mKRAIG++9Tbe+68/4KUfvKoa3Zzt5Tz2cnZbcH+EseLsGB2sfM7OWw22PObuZ4/CQRA38ypb8f5NB/D+TT34ZOdhfNx9Mz7pPoQ/7jqI/97VI5GIf+rejz/t3I8/79yHP+34z/7pzn34tHsv/tS9F3/eScTfXlymffseXNq+B59t241Pt+3CH7fvwh937Jb2P+/YhyvdPbjSvR+Xuw/gjUUrsSUlC83+kTC6BSD8Gz7wH+8N7/GeUiRhr3Ee8B3vhXD3ABRGGFDqF4NGXx2aA3SoDdSh0DcC2Z5BKPQOQ32IDo3hCagPj0d5aCzyArVI9wlHqiYCGT5aFAToUB2chA5tBhYml2BNVg02Z1VhW2Y5dubUYndhC/ZXTMbeymnYmNuMNRm1WJVWgY2mWiyKy8SNGWU43zkP51qmYVtBFVIi9UyMDAJr5iosnx99L1tal5C+qspHtuHos+Fot5mMPfk42svD8g+uDlGkX9KZfGT9DU5/rC/WF2OAMcAYsA0G5H6IfGS92kavrEfH6pGJQgeTGqNF4ccnzsev1+/Bbzbuw3ube/Bfmw/gD1v244PN+/Dh5r34ePMefLRpNz6R9j34ZNMefCJd24P3N+/C+5u68eHGbnx0Yzc+oX1DNz7ecO3/DzZ2S9ff39yNDzbvxoc37sYH63fi92u349212/Dd2cuwPacMjcGxSPEIQuA4DbxcvODu5gV3dy/pt4+LBkEuPjAGxiDfOwoNgYmYHJ2JtqhUFAdokeMdijxNCKoCotESnojWCD3qwxJQFhyHvMAYZPlHI90nCpm+0cjzi0VlsAGdsSbMSSrBouRirMyowApjFZakVmB5Rj1WZDVhubEOCxKLMTcmG2tSirAxrQh3ts3AuQmzcLphIlqTTUwSOrg+8QvDsS8M1jfrmzHAGGAMMAYYA4wBxgBjgDHAGGAMXN8YGC281XBxyB6FgyRwonTp+N7CTfj5qj14e+0e/GrdPry7bg9+u34Pfr9hL/5r7S68t6Ybf1i/G79fvwfvrd2N367ZhXfXdOPdtTvxmzU78O6aHfjt6h343eqd+N2anfjtqh349WoiA3fidxt24bfrd+Hdtd34zepd+MXKHfjx0k242D4T27JKMDEiAdmaIES5+UBDJKG7N1w9veEiEYUaeI3zhN94DfQ+Ecj0jEBdYCJm6PMxKSEHhX5RElGY7RGIEu9wtIYloisyGW3hBtSGJKA8OB6FQfHI9o+B0S8amT5a5PnGooKmL0dnoSMuB5MSCzDVUIpJ8YWYoS/FjIRSTIvOkQKmzIlIwea0Ypyt68SDXbNxvnUKtpc2IGyQOh4uqPn567txZvuyfRkDjAHGAGOAMcAYYAwwBhgDjAHGAGPA0RhgotDB5M5oUrhen4XXV3bjtVXd+OHqXXhz7W68tWYX3l63B7/4en9z1U78bO1u/HzDfvx8wwG8s24f3l61G++s3o23V+/GWyt34c0VO/Hmyp342epdeGvNHun405XdeJPSXLMbb27Yjx+s2onDle3oCo5BsVcA9K6eCBvvAV8XT3i6eMHLzRsa2l294TnOU9o147yg9QxCinsIKgMTMIkIvoRcFPpGIdMjGBkuASjwCEZ9QCwmhBnQEZGMljADakMTUR4Sj5LQRBSFJiAvMA65vtEo9I1FZaAe1SEpqAlNRWVQEqr8DWgMTkF7cAq6ggyYF5mGblM17mqYjEe7ZuPRjhk4W9+JGF0aexM6uC45urHk/PgFzRhgDDAGGAOMAcYAY4AxwBhgDDAGGAPXOwZGE281HFuwR+EQSZyMlDy8tGIHvr9iO15duVMiDH+8ehd+tGYXfrJ2L95YvQuvrdmDV9ftw8ur9+CHa/bhJ6v24fVl3Xjlhp14eUU3Xli+A88u3YqnFtyIJ+etxzMLNuL5pdvw4rLteHbZNtwzexVWZJWhJiAaRjc/6Fx9EDjOHb6untC4eULj6gWf8V7wH6dBwDc08PqGJzzGXyMQQ9z8kOgehLIAHdoi09EVZ0KxnxYmr1BkugUixzUQ5T6RaApJQFdUKiYQWRhqQF1IImrC9KiJTEZ1ZApqI1LQGJGKlvB0TNBmoTM6BxNjcjA9Lg/z4gtwg6EIm9LL0VPUjLubZ+DRrnn4ZtccXGyZhqSEDCYJh4iv4VRqfpZf0IwBxgBjgDHAGGAMMAYYA4wBxgBjgDHAGLAtBpgodDDBMRoVnpNeiJeWb8f3l2/Hqyt24I2V3dL++po9eH3dAby8dj9eWteDF9f14Lnle/DdxTvx9MJteHT+Ftw5bSV2VU/C8uwqzEjIwpS4VCxMyseWvEZsyWnAsvQytMSmwagJQryrP7SuAQhy9YGPqxe83b2gcfOCxsUTPt/wQMD/54XAb/hI047dXb3g4aaBn6s3dB7BKPSLQ3N4Ktq0RhRoIpCrCUe2ezCyxgegwCsc1cHxmKBNxURtKjojktEapkdLuB6tUSlojzFiYlw2ZibkY4GhGEuTy7AqrRJb8pqwp6QdB0vacbyyA3c2TsUDrbPw8IQ5+GbXfDw5cREyDbwuITfKtm2UWZ+sT8YAY4AxwBhgDDAGGAOMAcYAY4AxwBgYKQyMRt5qKLpij8JhEqK5RBau3CHtNE34lTV78NLq3Xhx/X7cN2stemqmYaOpAXPi89EVnYH60CSUBscjJygGSb5hiPUMQKSbD2LcfaH3DES6JgxZ3hHI1ITD4BEInas/4t2DEekSiODxfvAdp4E3TTl28YCHK+1e8KRpx64+cHPxgqurF9zcNfB21SDOMxg53lrUBCWiLsSAAk0UKkMTURYUh3yvcGR7hqIoIAZNUSmYGGPElBgjJkWmoCsiGV1RKZgcY8QsnQmL9IVYk1qOmzJrsMdUj4N5jTha0IiTxc04X92BBxsm4+HWmXhy4kI8PnExMg057Ek4TFwNpTLzM/zCZAwwBhgDjAHGAGOAMcAYYAwwBhgDjAHGgH0wwEShg4mO0azwjNQ8fH/NDrywZieeu3EPvn3jfpydvRZzUkpQ4B2KAo8wGN2CoHcNQoxrAMJcfBHg6g0fN294uWngSVOI3bwR6OGHUHd/RLr5I9o9ALGeQYj1CEbk+ACEjfNDmGsA/MZp4ENEoasnPNy94OHhDTcKaOLqDbfxnnB18YSLG13XINYzGFmekSjyjkFpUCJy/ONQG5+NWm0aKvzjkeUZjlx/LeoikjExNlMiBadHGzE5MgVTolIxMy4LCxPzsCKpGBvTKrAzsxoHc2pwLL8ep4qbca68FQ/UduFi4xQ83DIdF9tmI1WfzSShg+sOvwTs8xJgvbJeGQOMAcYAY4AxwBhgDDAGGAOMAcYAY0DGwGjmreQyWHNkj0IbkTp6QxYeXbkRz27rwYn5a1ATlwWDRxjiXAIR6+KHaFd/hLsFIMTVDwGuvvB18Ya367UgJBoXDfxcfBDs5o8QFz+Euvgi1JV2fwS7+CJ4vC8i3IIQNN4X/i4+8Hbxhhd5Ebp7w8udiEYNPMd7QTP+2rTj8a4eUqATnSYM2RotcjRaFIQnIVYThrTgeOQFxKPGLxEl/vEwkcdhqAETYzIxX5+PWbGZmBFtxIwYI2brsrAoPherDMXYklaJ7swqHMirwbGiJtxa3ISzZS24u7oT99dPwam6yYiPNzJJaCM8WVN5+R5+YTEGGAOMAcYAY4AxwBhgDDAGGAOMAcYAY8AxGGCi0MGEx/Wg8Mj4dKzvmo3OpFzEewZB6xaE0PG+kodguJs/Qt38EeTmB38iCl19JKKQyEI/N18Ee/gj2JVIQR/EeIVAHxiNGE0E4n0jEe0RgggiGV38EOTqCx+Xr6McE0HoStOQr5GE3hTIxE0jeRR6uHghThOGXL845PnGISs4AUEu/oh0D0ZOYAIqfRNQGZqMXJ9o1IYY0KU1Yr6+AAsS8zBHl4058dlYkJiDZfoCrEkuxaa0SmzPrMbevFocLW7EieImnCptxfmqLqwuqEdEXCqThA6uM/wycMzLgPXMemYMMAYYA4wBxgBjgDHAGGAMMAYYA4yB64G3sgbH7FFoB3InLjxeCiQS4uoveQ+GeQYg0NVHIgnJm9DP1UciCn3cKDjJ10Shuz+CyHtwnI9EEpYl5cAUlYrC2Ax0FtSjJCFbIv6CXHzgR0Shi7fkNUiEoNd4L3i7aCAThW40JdnFCzGaUOQG6GDyi0OafwyCXQMQ4R6MvNAkNEVloTo8FWXBiagOSkRHZBpmx+VgkUQW5mJ+PK1NmIvlSUVYm1qGjemVuCmzGrtya9BT0IDDhQ24taQFDWlFTBDaAUPWVF6+h19UjAHGAGOAMcAYYAwwBhgDjAHGAGOAMcAYcAwGmCh0MPlxvSk8LEqPQM9A+Lr5wM/DR1p/kEhC/69JQvIoJKKQrpOHoL+LN4Ld/BA03gchLr4wBGjRkFaCrtw6LGmYjrUTF2FCfi1ifELhP95besbLRQP3cR7wHO8pBTjxHk+BTbzgQdORXbwQ6RGETP9YGH2iEe8VBj9K2y0Qaf6xaEssRFdyCWabatAQloyOiDTM1uVgfkIuFuvzsCghF0v0+VieXIy16eXYmFGFzZnV2Gaqwd78BmzPqUNyfAaThA6uJ/wCcMwLgPXMemYMMAYYA4wBxgBjgDHAGGAMMAYYA4wBEQPXG28llk38zR6FdiZ6AkK08HH3hq+bt+RFSGsTSiQhEYbuvvB1uzaVONDdH4Guvgjx8EecXyS07oFI9dWiKbkYS2qnYFXLHCxtnoECnREB472lNQ7Jq9CDiMJxHiCS0IeIwvEU5OQaURji5o8kn0ik+EQiwTcSQW4BCPcMQbxXBPICEtEUn4ubOhZgbmY1WkIMmBGbLQUvIYKQ9qUSUViE1WmlElm43liBLdnVqE7OQxhPNWaS1M51R2yo+De/oBkDjAHGAGOAMcAYYAwwBhgDjAHGAGNgJDHARKGDSYDrWeEh0Qb4+4Zemx7sQlGLveGjIAr93XwR4OYLfZgOxal50GnCoRsXgBTPULSnlWFZ3VTMrpyAksRsBH5NFNK0ZYkY/IaHFMiEiEIiDj3cNPAY7yVNe9Z5hyEjJB7poQmSN2GwWwBiae1D1xApqMmC4lbMzqxGe5QREyPTsUCfj2VJhbghqRBLE/KwTJ+PFUlFWJVags6kfMTq0pggc3DdGMmGkPPmFzFjgDHAGGAMMAYYA4wBxgBjgDHAGGAMMAZScD3zVqJ92aPQgaRPcGQifDVBoCjHGleNNPWYyD4iDgPc/aS1CyN8QlCcno+ajBIkayKgdw2GwTMEbellmFzUiPzYNCkSMnkmUjpEFHqN84RmnKfkVUjpurt4wstVIxGPGVEG5MelIysqCVpNOEJcAxDqEoAYtxCka6JQF5OFxpgs1Abr0ak1Yh4Rg2mlkhfhyqQi3JCYjyn6XOjj0pkgdCBWxErKv/mlzBhgDDAGGAOMAcYAY4AxwBhgDDAGGAOMgZHFABOFDiZFxorCqWITYejnEyKRhRJpOF4jkYREFhIBGOkTipKUXLRkVaIwMhU69yAYvCNQlpCNfJ1RCnpC5CKtUSgRhV+ThTT9mIhCCmSicfeRoinrQ+OQFhaPeO8IRHuGIsY7ApEURdk1CInuYcjyjUGubyzyfbSoDU7AjMRcrM2uwiZTDaalFMGgMzJB6OC6wI3/yDb+rH/WP2OAMcAYYAwwBhgDjAHGAGOAMcAYYAwoMTBWeCv2KBxBEoimJAcERsGP1ip09YbXOA/4ufmApiFH+YahtagOdRmlSPaLRpSLPxL9omDUJsHfxUfyJhSJQm8XL/i4aqBx8YLHeE94umrgNV6DMK9gaL1CEO0WhGj3EOh8opAUEo9Iz1DEeYZB7xkOg2cojF7hKPSJQoc2FdWp+dDFM0GobBT4f35RMAYYA4wBxgBjgDHAGGAMMAYYA4wBxgBjYGxigIlCBxNoY0Xh5hoU8jIMDIiA1zc8pUjIkmchrS8Yk4rc+AzE+IYj2NUXwe7+8Ja9CYkMJO9BF69rUY9dvOBFJCEFNHHxguc4T/i5eEtRlKNcAxHrFgyddwSSQhKg9Q5HnE8kDH4xSPbTIiE0HlptEsIcbHdz+uDzY7PhZbuz3RkDjAHGAGOAMcAYYAwwBhgDjAHGAGPAGTEwVngr9ih0QmIsRGtAUEgs/LxDEeQZiMSwBGQnZEAbECGRiJIn4ddTjHuJQvImHO8pBTWh6ceeEoGokQKohLr5Ido9CEneWiT5xSBWE47wAC3CwxIQpk3iqcVOiAFnbBRZJn5ZMwYYA4wBxgBjgDHAGGAMMAYYA4wBxsBYxQAThQ4mT8aKwodUoWKSEBGTgui4VAQERcHPLwwaTSA83X3h5XZturG3RBReW6PQx9NXWqPQRxMoRVsOC46BNlKPqOgUhMckMzHoYGwPyeYsI+OUMcAYYAwwBhgDjAHGAGOAMcAYYAwwBhgDToOBscJbsUchVzqnqXRMqPGXKcYAY4AxwBhgDDAGGAOMAcYAY4AxwBhgDDAGnBEDTBQ6mEAbKwp3RrCzTNwIMwYYA4wBxgBjgDHAGGAMMAYYA4wBxgBjgDHAGDCPgbHCW7FHoYMJUa505ivdaNJNhC4Ncak5SM4qgrGgAqbSWuRVNKCwqhly48HHFtZFDeuA6wFjgDHAGGAMMAYYA4wBxgBjgDFw/WKAxsA0FqYxMY2Nk7KKpLFyhC79upu9KON4NHEXQ5GViUImCq+7yjuUimDNM5GJGTBkFiGrpIYJMCbAGAOMAcYAY4AxwBhgDDAGGAOMAcYAY4AxYAED2SU10hiaxtLWjLmd/R4mCh1MoI0VhTs78Fm+/h6P5DmYUVjV7wVAjV5KTgkS0vMRk5SNyAQjwnSp10UDyDjojwPWCeuEMcAYYAwwBhgDjAHGAGOAMcAYYAz0xQCNgWksTGNiGhvTGJnGyjLHIx8zCislT8PRrD+5LKO5DNbIzh6FDiZErTEK39O34RkpfRBBqPQeNOZXQJeay4Qg1xsmhBkDjAHGAGOAMcAYYAwwBhgDjAHGAGPADAaIQNSl5cKYX9mHNCQSkcbaIzXOH06+TBSaMfZwlGrp2bGicEs64GvOQRCSWzStrSBjktZbMGQVIfw6XGOBMeccmGM7sB0YA4wBxgBjgDHAGGAMMAYYA4yB6xUDtF4hrV1IY2t5nE1j7tE2JVmW/Xq1k1wu9ih0MCEqK56PzvkSSDQW9AYkKaxulghCtpVz2ortwnZhDDAGGAOMAcYAY4AxwBhgDDAGGAOjCwNEGNJYm0g3CoRCY/DRYkMmCh1MoI0VhY+WCjAW5UzNLfvP1438CmmdhbGoBy7z6HrRsr3YXowBxgBjgDHAGGAMMAYYA4wBxsBowgCtaUjLesk8EI3FR4P8sryjQdbhyMgehQ4mRIdjLH7WPo1/hC4NmUXVvY3UaPqiwZiwDyZYr6xXxgBjgDHAGGAMMAYYA4wBxgBjgDFgXwzQ2Fsm32hMHq5Lc2rCUJb1escFE4VMFDp1RbR3BYyIT4eptFZqnHLLG6RITfbOk9O378uG9cv6ZQwwBhgDjAHGAGOAMcAYYAwwBhgDowMDFC2ZxuJEwtHYnMbozmo7JgodTKCNFYU7K+DHolzkSSiThHQk9+exqAcu8+h4gbKd2E6MAcYAY4AxwBhgDDAGGAOMAcbA9YgBGouLY3Nn9SwcK7wVexQ6mBC9Hiv1aC2TPN2YGiSOaMwv3NGKY5abscsYYAwwBhgDjAHGAGOAMcAYYAyMdgxQZGSZLKSxujOWh4lCBxNoY0Xhzgj2sSiTHLiEXJzZk5BfqmOxDnCZGfeMAcYAY4AxwBhgDDAGGAOMAcaAM2GAxubyNGRnDHAyVngr9ih0MCHqTJVwrMoiLphK6yGMVT1wublTwBhgDDAGGAOMAcYAY4AxwBhgDDAGGAPOhAEao8uEnLMFGpXlciZ92UMWJgqZKBxTRFlkYgYKq5qlhsfZGh17VHBOk1/6jAHGAGOAMcAYYAwwBhgDjAHGAGOAMTCaMJCYcS0aMo3dnWkGIBOFDibQxorCR1PlvB5lNRZUSCShMb9iTBGk16MtuUzc2WEMMAYYA4wBxgBjgDHAGGAMMAYYA9cnBnrH7gXOM3YfK7wVexQ6mBDlRmzkGrG41ByJJCysdq6vEoyJkcME6551zxhgDDAGGAOMAcYAY4AxwBhgDDAGnA8D5ElIY3ci52gs7ww2YqLQwQTaWFG4M4B7rMqQVVIjNTKGrCKnaGTGqh243M73EmabsE0YA4wBxgBjgDHAGGAMMAYYA4wBZ8NAUlaRNIbPLnaOKMhjhbdij0IHE6LOVvHGijyyN2FeRQOThIx5xgBjgDHAGGAMMAYYA4wBxgBjgDHAGGAMODsG4lKRV9HoNF6FTBQ6GDBjReFjhZhztnJmFFaxN6GD67SzYYDl4S+kjAHGAGOAMcAYYAwwBhgDjAHGAGNgdGFA9irMKKwccWJ3rPBW7FHI5MmIVzZ7N9QU6Viu0OG69Ou+vPbWJ6c/ul6sbC+2F2OAMcAYYAwwBhgDjAHGAGOAMTBaMRChS+8dz490BGSZVxiturRWbiYKmSi87okzQ+a1dQ040jG/HK1tGPk+xgpjgDHAGGAMMAYYA4wBxgBjgDHAGHAODMgRkGlsP5I2YaLQwQTaWFH4SIJ6rOYtBzHRpeaOaKMyVvXP5XaOlyvbge3AGGAMMAYYA4wBxgBjgDHAGGAMjEYM6NJyJa/CkQ5qMlZ4K/YodDAhOhor5WiWOUKX1uumHKZLHVGikBq3/KpmlDZ0wlRWi9ScYiSkmRBjMCLaYERiRj7SCspRWNOKirbJKKxrA5Ob/CIfzfWPZWf8MgYYA4wBxgBjgDHAGGAMMAYYA8PFQLgutXdcH65LG7FxPROFDibQxorCh1tB+PnBNbJytOPskpoRa0zyK5tQVNuCuBQTgrR6ROpSkJyZj5TMPOj06dAnZyHDVIRYvRGRCamI0mcgMikT2lQTDPnVKG2eioLqthGTnzE3OMyxvlhfjAHGAGOAMcAYYAwwBhgDjAHGAGPAthiQZwrSGH+kdDtWeCv2KHQwITpSgB6r+SZnXVufMCWnxOGNiamsAfmVrQjQ6hEUlYAQrR4GYz5aO2ZiypR5KCqoQKohA0W5JUhKSENsbBIMKSYkpOVCa8hCVHI2wg05CE8qQGRyIUqapyG3vMnh5Rir2OFy2/bFzvpkfTIGRjcG9MZ8bNt1AIeO3Srt9JvOsV1Ht13Zfmw/xgBjgDHAGBgtGEgxlUpehUlZxSPW/2Ci0MEE2lhR+GiphNeLnPKipwnpjhvMRCVmoqi+A6EJGQjQJktehOExSUjPLsGChWtwsOcWLJ2/HPnpOTDG6VFizEJ8cDh0YdHIyypAdk4JdMk50KUXIcZYCq2xFFGpRdCmFkOXXYWq9hmISswYscbxesEGl4M7RYwBxgBjwDoMrNqwFVe//AuUG52ja6xH6/TIemI9MQYYA4wBxgBjYOgYoDE98UY0xh8pPY4V3oo9Ch1MiI4UoMdqvqbSWqkxiUnKdkhjQlGY8ipb4K9NRkB0MoJjUkHrKcTpM9HRORO7dh5E95ZdmD95BiozMpESGABTRBiK4mJhCAxCXkoainKLERefjtDoFESnFCExpxrxpmrEGMugTS9BbFY5KtpnwzCCX1LGKhWgZjIAACAASURBVJ643EN/sbPuWHeMgdGJge27e5T8YL//6R627+i0L9uN7cYYYAwwBhgDowUDMUlZ0tiexvgjJTMThQ4m0MaKwkcK0GM137yKBqkxiUww2r0xySyqRmZpDfyjkyWiMFhnRJjOiEhdKhKTs9HVOQ3L5i3F5uVrMKe5BcUxUWhKiUdXVhI6MgzICQtAZmQYcpNToIuOh3+gFqGxaYjLKEdCTg0ScqsRn1OLuOxK6ExVKG2eCcpzrNqWy82dGsYAY4AxYFsM5JTUYuX6LdLUYjp2TJ3TjxQ0d4LunbNohfQsHSktto9t7cP6ZH0yBhgDjAHGwFjGAI3piTfKr2gcsT7GWOGt2KPQwYToWK7YI1H2wqpmqTGxd8Rj8iTMKK5BgDYJgTGpCIrLQGhCNsLi0hEVl4Kk5CyUFZZh8fRZWNjZiZnV5VjRXIXdM1pxZNEkHF8yDZu66jAhJxXZsZGI9PODr8YfGv9IRCbnI95UBX1+PZKKm5Bc2oLE/DrE59aipHkmexZyHbbZizI+NRcr1m2WiAIe5Dt/R3TKrIXStM9ZC26wGQZGop3mPEcea7TW4EOPPG6OAxzyeUqT1zEceftyHWMbMAYYA4wBxsD1gAE58jGN8UeqPEwUOnjwPVYUPlKAHqv5OgJXtCZhfnmDFLQkICYJwQlZCNJlISwhGxG6dETrUqFPTEV2SjqaS4qxYnIn7ty5EQ/u2YBHd6/Gtw+sx8/vPYo3zh/GhR2r0Z6fhmC38fDz8ISXdwDCEjKRmFMFQ0E9UkvbkVHVibTyDiTmN0KXU4fyCXOcas1CClf/3n/9Af/4xz+lNa1oDau//e3vqGyYMGIN+vWG/6SsInzxxVX8/e//kHRMx9+//8GwcLB01Qb87//+bx9C4PQdF5zKZjXNXRKRSd5K0+ctlQjNlq7pTiWjI7BGdeyXv363j60uXb6MRAeuxTqccsp2JI+1JSvXY/GK9TAVj1xk+uGU5Xp4loi8X/zqN33wZMt/KG0mCy0PUGnNJWNhNXSpuTDmV0kfAKmeDxdfsSnX0kvJKQPtjlyvebiy2/L5tNwKLNmwEwvX3ITOOcsQFpc6bN3aUj5Oy3L9YP2wfhgDjIFeDMSlSk5ARdVMFPbqxE68HXsU2kmx9jYcp29dg+kIorC4rh0B2kQEaA2g6cbBiSYEx2chPDEbEXGpiNWlIC46AYmRUZjd1oQnztyCp04ewO3r5+PezQvw/JGN+MV9h/H+0+fwi2/eids234AigxaBri7QeGoQFJOMhKwKGPJqkVTYjNSyCUit6ERqBZGFDYjPrUNN5xybdnrJU+kP73+I937/h979/Q8+wvMvvjxgPjS4+dOfP+szzvx//+//oX3y7AGfZVxbh+vS2lb8z//0JfWIjNWl5AxZx//1h/f72Iz+IfJppAPnEJ7O3/sg/vLXv/aTTz7x76++wtPf+R5ikx2zFulI43T+0lVy0fsc9x48OmT7O6JMt565UyK4+wgt/EN4u+32u5y6DI7Qk6PzuPjoE4IV7POT8nBUuWKSTSiqaUfX7GWYuXQ92qYvkgii6YvXoLp9GhKMBcOWhUi9Dd2HsXLLPqzYsg/R+qxBpxkRb5RIq30nz+Pm2+/vtx86cx8WrN6K+CF8AKhonoSdh8/0S5Py2X/r3ZixeB1IT46yiTX5EHk3ed4KrNq6X9LrrGU3WkXoGQuqsXpbj/TMmu0HJcJVmV9+VWuvLvaePIcIG5Cwyjz4f+v6L6wn1hNjgDEwXAw4YnxvScaRzt+SbLa8xkQhE4VO1VG0JbgpLXtXZFNpPcJ0aZI3YWBsmuRNGJKYg9BEE6L0JkTFpSImNglhQeEwRGlxcOM6/PjJR/DtU4dx/85VuLhjGV46vhVv33MQv3v8DN598i68eu8t2LN8FmJ93ODl5o6AiHgkZJbBkFdzbfpxSRtSyruQXjMZyWVtSMitR2pJK/IqbPdl5bkXvq86WiSPs8IB1oQgYufTP/25z/NEFLZOnHFdY83W2LWUHk0L/up//qePjokoHCpRRjYjj0TlNlzy0VIZrLk2b8kqyWtSKZe5///v//4Pu/bdfN3jbNnqG1VVQEScNXp19D3kQUgkoLXbl3/5C2bOX+aUZYmMT8djTzyN7z7/Ep597kW8+PKr2HfomFPKao2dqS1x1Gbv5QwKa9qwae+xXkJIjXyTz23tuRWl9Z1Dttv8VVv75FPTPjjPZnpf95y6u08asmzKIxGGLVMWWCVrbHIOtu6/xep0Gyfa9iOjNZhTuycxowg7bj7dR+7uo2cHJPQ6Zi7p8wzprrJ5Sj9d5VU09d5H6YbHDd9bU60cfI4JEMYAY4AxYH8M2Ht8P5ANRzr/geSz1XUmCpko7NehshW4nCEde1fkgsrmayQhTTmOz0BIYjZC9bkI1+dIRKFWlwZtVAICNf6Y0tSMZ++/F6d3bsXKtjpsndSAe7csxSu37sYv7z+BD751Hh9+9wH8+MHTeORYNyYUGhHk5QmfYC3iM0pgyK9FYl499EUtSC7rREoFEYUTkVjUKnkWVnXNs4ktyYPMkvfW7XfdbTEfJgrt/4K0NVFIdfXU2fP9+AIiQkaqHh+/9fZ+8lh74qlnnh0xuR2hL6qjf/3b3/qowxoS3xGyKfNYt2lHvyntfQQ38w99XNi1/7DT2bGsrq1feX71m986nZxKO5j735qIxmZMNOjT9oqMnGwqxY7DfUkmIoyIYKPzN+45iu2HTkn/K0m4jXuPgdYYNqcftfPkPbj/5IVe4onS3LjnmFXeb5Rey9QFfZ6VZSLykuQ1R/QtWrvNYh76zCL03NaffNx97A6s23lI0oGcl3gkT0u1cjrqXH3HTFV9WCL0iBC9cfdR1eeYKLR/H8RR2OB82JaMAcaAGgbsPb5Xy1M8N9L5i7LY8zcThUwUjmgH0Z7gprTtWZHzK5sRqDUgMNqAsIR0hOlNCDPkIsyQjwhDHqISTdAlZiImWo+IwDDsXLcBz9x9D5a2taDWEIeG+Aisqi3E3RsW4bkj2/Dg1mXomdOGEytn464da7CsvQbhvj7QBEQgLr1I8ii8RhS2Irm0E0llE6Ev7YC+dAIS8huQkFePotrhrwNIa9VZ2j7543+DyEBztmOi0P4vdXsQhWRP8lR7+JtP4r4HH8G2XQfM2tic7W11fsuOvZYgaNU1mq5sK3mcMR1aj5DKePbcPbj/oUeRV1bndOUlL2LlupdWGe/rm+jZ6qahe33Zw25qde+tt3/hdLq3tuw3H79tMCYZ1r2Ul7VyWXufqaS+HwG4eP0OZBRW9yPVaGornV+8bkcfgokIxdL6DqtlK2uc2Od5It0oDSLqBpJb7dkbNu3uN71Ym5iJSfNW9Mtn2iJ1Ui8iwYg9J871uZ9Ix8yivpGniWCbPL9/uqUNXQPKPlDZBnudZF6xZW8fmUUC0xxRWFLfgZ7T95p9jolC+/dBBmtrvp9twhhgDNgSA/Yc31sj50jnb42MtriHiUImCh3eObQFcK1Nw54VubC2DUFEEsanIzI5B1GphYhKK0JkajGiUgolojA5NRf6hFSk6Aw4sqMbj50+jVmVFaiOj0F7SgImpelwYEYbnjuyEzs6q9GRHIkbavNwcOk07F44FRlx0RJRqDMWIzm/DkmFjUguaUdKWReSyrqQWNp5jSgsbIIutxY1nXOHbc/vv/KaxcEgTe+sbZ1kNp/hEIUZ+RXIKqySdn3G8NeRshYnyvtIDiJiMgsqzZZT+Yyl/yktKpetykRrFNpy6rEl2Qe6Rusikp6ofBQ1eaD7B7qu5i0nA5IC5Bw4fKIXIyvWbjY7pZVIJmvJM5KdAsTQcSD5zF23BWYof8IK7ebyGe55sayWCP/h5kPPv/vb92TT9TlSG0JrEVIAk+LqZmnqLk03VttorVRr5HRUuVKyS/rVvR//9K1B2YtklXdrymYLW5hLw1ZE4cef/LFfgB2lPW1NFNJ0VZEwIu9Aa4N1JGWXYsuB/0zRJaIvu7R+QDsS2bh2xyFVkqpztuXp8mRr5XqETZMsv7OJCBXLaI6QnDBjcR+Z1nffbHF6LZVfnPosrdsXbxyw/OZwNNjzRBIqdUHTxkkfMlmoRhTSFGz5unykZ7bsO9F7nolCJiQGi0e+nzHDGBhdGLDn+N4aLIx0/tbIaIt7mChkotBhHUNbAHawadirIuvSchGTYkJwTBIiErMQmZyPqLRSRBnLoM2oQLSxFNrkXKRkFCI7sxATWzpw667t+M1zT+CpQztxcPZknFw8H9uaq3B26TS8c89xXOxeha1TanH8hik4t3EBLmxdjryEWPiFxiAprwppxU1ILmqWIh6nVU5EcnknEovbkUBTj4tboMutgbGiHSTbYPUk3x9tyMK//vUv5fiu3/8PXHzMbB40GBrMGoVEinzr29+VIiMrM6KIyXecv7cfUfCd770ACr4hBlt56Qev9ruPSAhae0+8j4Ky0PRBucx0JJkPHbsVdI2mPIob/U9pmPOwowi89JycB/2mc0SevfGjn/TzqPro40+wYJm6V4gsE+mE1kATbUEk2U9/9nO0TZoFIivUgpnIaxRSeV59/Ud9dET6ofQv3PcQrlz5oreIZCt6buqcxX3K8cGHH4OmjcoyiUeSgQhl5fRXSpQiMD/z7HMg4kx8xtrfx06e6ZVN/EFEhFqwFirrz37+jnhr7+9vfft7ZmUgr0UioZQb2ZtsuWLdZrPPUlmGgxlZF5TGydN39gv+QzIREUxE2/rN/W2gZl8iq8wFnlmwbLWUlhq2CY/msC3LOZQjYUSZH5WL6rS5CMevvPZDpTmkNMytbzqcch08cgsI43K9pUjtVO+27twHwhrJTnWMAuWQV+POvQfxwvdfgZqMhHnCGk3Vp2nvcj0U9UYfV6j+Kj0sKR+ywY1bu1XxpmxfeuUVAk0pz1EbRNGkxfzN/V61YWs/nQ/2BJG8clRjZTRuMS3Ky5wcgz1PdUAM1kHBLOjcYNIh0m/u8k29BJM1ZBkRkTJxR8eWKfN6nycPPktBMqpap/TeSyQXBVmxRt6csoY+z81ctqHPc1RukXQbSA45T1qfUCbb6GgqbeiTrnyfPY4UjVkkKmcsXS95gJrKGntlUiMKJ89f2XudykwRosmONPVbLou1RGF4fDoo6Muc5RuxaN12aW+fsdjpgrzYQ/+c5ugiRdhebC/GQF8M2Gt8b62eRzp/a+Uc7n1MFDJR6LCO4XDBOpTn7VWR86uaEByjR3BcCiL0OQhPLkB4Sgki0ysQbapBTFYlYtOLkWoqQ7apFJPaJqJn3XL89KFTePbgZjx3cBu+d3A3bp0zCd/etQYfPHEWbz90Eq/dcxRvXzyJX148iXu2rkB5+rWGMa24EellbUgpbUNaZSfSqycirWoiksomILG4DUnFrYjPr0NCbg1KGoc+hWjtpu3iuE4aLNO0RhosixtFNTZHStCgxVqikPJTEl5iPvJvGog2Tpjai9WLj6lH6VQOtn/w6htyEr1HZYAOmmotEnK9N6r8IGJJSVZ17zvU704iDZQ6U9507p4HessjYpsiTlt6loiFM3fe3e8eMZgJ2UAZPILWnbQUsEStHMrgGJTua2/8SFkU1f9JzkNHT6qWUSyv+JvSJ9JEuVHZLHnZ0XM0JV65KW1NeZFXJ5FC1mzv/PLXqqTPcDFDclDkYiJ/rdnIbiL5pGZftbLSfUQgWrMRti3pWLSTNb/f+PFP+2VLnoSWphKb+1Bx+MSpPjiyRbmUntOEVyLylBudp4jtL7/yuvKS6v/y/aKOqA21ZlPDm1q9tCatgdaSJfmI3LO2PlvKc+7ilb32Uau/8rOUl0woivoZyu/OOct6iSEilCiCsJgORfSlab5VbVNRUteBaMO1iOg09ZZIKvJoo/uJZFq9vac3rYHIO9GjjTwLCYvyeoXk7aec6ivLRPnQGoQymSXJPAhi84ZNe3qfJYJSjFisJCCtnUYtyk5yDVR2uSy2OEpE4el7cfD0vSiobu213UBBR2YsXivpgaaXy6TsYIlC8iSlfESiUrYLHcmOA3l62kIHnEbfgT/rg/XBGGAMWIsBe43vR0v+1so53PuYKGSisLeDNlwwOePz9mpIiusnICjWgNC4dClwSbghH+HJxQhPK0VkZgWiaU8vRoqpEsnpRcg3lWLdnNm4f88mnF42HRfWLsSJhTNxz7ol+NGp/Xj/0dvxm4dP4XdPnceH37kHv/rmWfQsn4diUy50mSVIr2hHelUnUis7JIIwo3YqshpmwFg7FSnlE5FS0QF9UTMS8+pQO9HyVCZLdlIO7sn7hbzXlIM/tcGwnC4NPqwhCik67WA2kqWl61pkScqDyErl9vmly70EZl3rJFXvneVrNvVinjyblFN4lWkq///Fr37T+zyVmTyQhrKp6ZC8jqwhTtXyUxKFShuoPUPnyMOLSCi1ciiJwqe/8z1zyaiepzJOm7ukj75knKgdzdnDmvUGlSQ3CaTUMU0vJj0NZiOvPlFWczJaSlOJGZLj3//+t6VH+l0Tp7eq1THR/iQvRef9439/2i8dSycojVRTSZ/yimW39re5+imWwVxaahHXRRzaqlxq+ajphjBEHo2DvV8u3/MvvqyWrNlz1K6JpLBavTT7sHBB1Jksi3gkwk7ZrguPW/2TvLvldK2Zxkx5DpcsFKetEqmTntfXe7lVJVgI3UcRcuVgHxQYRJZbnMJsyatQSfZVt02T0pi3cksviTd35X/eL3L6dCSiUiSmmicP7j2dK0TtpbLQlGQ5fdHLTo00le9TO1LZU3LKpJ2CtKjdY49zpEtag5GIWzH9gYjCnPJGKCNMD5YoFElBS79l+4ry8W8mMhgDjAHGwMhjwF7je2ttO9L5WyvncO9jopCJwj6dtOECytmet1dFzi6vR1BMMkJ1mYhIzEGkIQ8RyYUITylCeFoJtJnl0BpLYciphiGjHClpRZjW0omts6djeWUulpVlYG5BGnpmtePx7tX4xYUjeOHwFjy0dQlePrUb3zq2A0undCG/qBJpZS0w1kxEes0kiRhMJ5KwcRZymudKx4ya6TBWT0ZqeQf0+Q2oaJ89JJuqkRfkZUQ2feiRx/sNHB974mnVfNRIDHmwLeODyEc1rzm6jzzhvrj6Zb/86MTv3vt9b57keUf3KzeaQkz5kHeOcqPpuLIMdDQ3iCdPLyId1TbKk/KW0xnqQJ7SpqmMcjp0JEJpqJtIFKnZwFy65E1JXpJq5RDJBpqurUZiyjYzR8ApSTKxvMrfFExFuRGhZg15RR6uatG6xTIovcjEvGj6qLlNxhTJawvM3PvgI6pZESn54suv9pkaLt8oeuOp2Ve0P8n5zSefkR/td7RU1p+//cs+mFTayJr/1QhZwsm8JasGTJvKRt7D8t7QPqWX/LdluQZD/A3Vo1ANz2QM0gW1L+bqjLi0g1q97GdQlRP7Dh2zqGtbeBKKU47JU9TajfK2Bkfm7smvau0l5pZs2Nknra7Z//E0tEQCLVxzU5/nZt9wo5QmkXBpuX2JR1mOtLyK3nxFrz6RxDt46h5EJvb1bqTnKU1KW/ZYS8wo7JO/nIe5o0iOUhry9FoiyURvQ2W5zKVnq/NEWBZUtaiWeSh5DEQUqqU5VKKQvBkbumaDbEFkqYwBGTeWSGM1OfjcyJMHbAO2AWNgbGDAXuN7a/Ez0vlbK+dw72OikInCQXVWhws4Rz9vr4qcmFmMAG0ywuIzEZmYA60hH9EphdCmFiEqvQTR2RXQZlUiPqcW+pw6JGVVo7luIuY0taPDGI9GXSAqo7zRpg/FpsYiPLJ5CZ7pXo2bp9bhrtUzcXLDIsyaNhOm8hZk1k1BRv00GOunIatpNjIbZ8PUskDas5vmIbthDrLqZyCjegoMBc3IqZ08JJvSGlzKjaa4ks3U1hsjQk/0fJFtq0Zi0MBYXGdMbeqwcnrxhi07VT0CRbJBbbBPJCPdQ3mKGxFiRGDIcpJnEnnTiRs9Q55p8j0UcOCzzy+Jt0i/RfLJ3ECeykPBNmg6JxFNaiQbrYVG+qL8zBFxRBD1HL5FCn4wc/4yswSmSBSp2UAuBBG0Fx99Apt37MHRk6dx+o4Lkgxq5RDLqeYBSiSgiAFKS7mRXMrp2rJ+lUc1GcRyKe8X/6cy09psyk0ugzn9kgcXkVGUFq1p+et3f6tMopegthVm3nzr7T55EO5oOrNYHrVp87I3rJp9RT2R16MaEU+Y7Jg6R8qnqKpZ1eNQWVdFmaz9TcF2lHindIlwszYNtftsWS61toOMQnLSNGNaw5IC51AEcMIvefsuXrFeWs9Ruc4g4Y4+HtC6gLMW3CCVkWykNtWf1vAT64PatGRqq8Rp4OQdLROn8pEwS7/VPFMHisJMkZttsYlTjgf7kYNkULOxNedEQoeIJfkZ0TOQyB5at9BYUA1jYTU27D7SS/LRNSWhJpKPMgknpysfZyxZ15vG8i17evMlW4sRh9UiCIvpE8moG2TgJyUZJudB5ykIiExukZeeLK89j0qCktYLtIVHoqOIQlrHUU1ecd1GS6SxPXXLaY8NooPtzHZmDAwdA/Ya31trk5HO31o5h3sfE4VMFDqkUzlcoA71eXtV5LDE7GtEYYIJkYm5iE7KR0xKIaLTihBlLEZUVjkisyoRY6pFfG4j9DmNKCqbgMayeswsMaErTSuRhBuaS3Fu7Xx8Z9+NeOKmZTg9vw0PbFmEs9vXoaGpC7l1U5DVOAOZjbOQ0TgL2S3zkU0kYetimFoWwdS8AKbG+TCRh2H9LCkicnppx5BsqvTAEz2YiCC5fPlKn7ElDahF0k62kRqJIZIPamlRXmqRlCkyqnITPRnNrWmmfIb+39NzpJ9eaJ04WgNM3tXKQ4SacpPJJyqzGrlFJI3SC27/zceVyUgeRTJpcOeF+/pdJ71RMANZt3QkzzkxGIn8kEgUqdmA7iNyVyQgxHTVyiGWk57bsaenV1dELIskIaVF+SqnhMtTm8W8zP1Wk4G8Wildc8+I59XIH7kMakFSlOQxpUX6pfPiRv/LdrIFZpSkCtlZGTiG9E3BH+SdgqvI64Kq2Ve0PxFcyo3IrcKKxj56pPqjFpDme8+/1Oc+UcfW/CYSSDml31rPUEvp27JcalghHU2ascBi2dWmnqtNqVYjps3VBTXiWCaFLelD+RzZnOq4jFVzz1ozRViJH+X/g51yrHx+qBGQRWKMyCl5rUEqqxj5lyIgi+0GPbe++3AvoaYkCkWCSo0oVHr0yUSdrOMZi/9DIhJBKZ+Xj2L6O24+bTEisfyMeCT5xYAdM5deC1ajPK+US0zDlr+VwUiIqCxvmtSv3IPNU9STWjATtfSUOlCzn5iucuq2mCZhpvvo7b04UUtLvJ9/D32gz7pj3TEGGANDxYC9xvfWyjPS+Vsr53DvY6KQicJhd+yGC0J7Pm+PihyVmAn/6DQEaFMRlmBCVC9RmI/otEKJKIzMKEVUdjVicuqhy29BfG4r0gpbUVnWiJnlBZibn4RZ2fHYPakeD9+0Es/sXofv7luHZ/evwdM967Bt7iRUVbchr34GshtnwtQ8B1lNc5DTugA5rQthaqF9EXJaFktEYXbDbOQ2zEF6WSdSitsHbVO1qcAUHEIcaKmtT6dGKKiRGCJRqOZtRAP0RcvX9ZIiRI6sXL9F8uhRDjCVUyPVyCXlM+TFYy3OaJBNEXtpoE8eOxQlWLnJ5BOlqZa/GnGgRjCI5I7atFhznkFqhImYljkbUJRYc3pQK4dYTnPPEaFFnpekq67p8/qRmKJc5tKQz6vJMJipy2rkj1wGNf1ShFo5b/FI3mSPPv6t3n0gUmOwmKFo2GobeZgSEU5eraL3qygb/Vazr6hntenRP/zJm6plVZsGLeJObe1HNdlFEkyNKCT5BiKwlOVU/m/LcqlhRfwIocxb/l+tbKK+5PvUsCxHRJfJXzqSFyIFP1Jusje3nJ7yqOaVTe2opWAxchrWEoXkeUweqHQUt6FOORbTGKhOybIqjyIppCSSxCm4+RUt/fAuRg9WEoUi8aVGDokegWrTi8lrUfbqoymtutS8PvmLRBV5s4XHWffxQy6/WG7RI1J5vrJlaDMK5HysPZI3nrzeo1zuwpq2PmW2Ni3xPlFPSvuK94m/++mg+ZqHuHiPtelSWqKHphoWxHT5NxMdjAHGAGPA8Riwx/h+MHYc6fwHI+tw7mWikInCYXfshgNAez9rj4osEoWh8dmITMhBtOGaR2FMejGiM0pBRGFEZiX0xe2IzWlCYn470ksnwJRfgRsmNGBNbR7WlWdhTUkG9k+sxb3r5+K1Uzvx4omNOH/jLCxuLEZDTRvyqyYht3EGTA0zJK/BvNZ5yG2ZD1PTfGQ3zENW/Vxk1M5GZu1M5NbPQUbFRKSVdg7apjS1VbnJg2aZLFRbb0skB2RbqpEYIlGoNtBW5m3pf7VBudJDS3xezZNKlpWOJC8NyokYtbR2m5imTD7R82qEwMnTd/azgVq5RXJHjbg4cdvZfulQngOlpWYDNe85UQ9q5RDLKd9Lnp9Euql5ook6kn+LZZTTMHdUk2EwBJMaDuQyqOlXGU3XnFzK88PFzK79h2X1WDxS/SJyTEn+qNlX1PNgyqqmc5FYV7uuJrRoJ7WPAdQGDHfqsS3LpUyL5FPzKFbaXq3uqbVJ1upNTZd0TsatMn/6n4hste2m7v2q7YUyDWuJQnFqsUgWiufV6pyabMpztiAKiRiUyyYSPETUxafn916T7xHJLSVRKK4hqEYOiSSk8llKn/LfdvC2XrJQGaxEJKqUnpCyfJaO5sgwsdxE2CnztZTmcK91zbmht7zkrSlHIR5OuqKe7EUUDkTUisFp1LAwnPLxs44nFFjnrHPGwPWHAXuM7weDk5HOfzCyDudeJgqZKOzXmR4OoJztWXtV5LBEU69HYe/U49QiRKeXQJtRihhTNbSmaujyGhGTqdYXtwAAIABJREFU3QB9fivSS1uQkVOIXUtm4dCsNuxrr8IdCyfj4oaFeOnIZvzg1FZ8++aVeHzvUuyZ144pja2orpuIgrrJKG2djYKmmcipn46ClrnIbZyDzJoZyKqbCVPDXGTXzUBW9XSklExATu3UQduUgigMZaPBtXKKnBqJYW+iUG2an1ye13/4Y7P6oCjKRMYMdhMH8WqEgHhdrhNqBMNA5I5aOpTeQGmp2UCN1JVlo6M15aDphoPdxDKK+an9VpNBJKDUnpHPqU1pJ1llHSqJIXPT3eX0zB1tgRlK+5XXfmi1Kqn+iB5mavYV9awsq6gHZbnU6o6oczWbqAku4kttLUEqgz2IQtm+gy2XUkdiG6VMS/xfre45kig0FxmdvBJFOS39Jk9GazYiAcUIxUQWDnfKsZwvyWBJRnPXRMJMJOxEwmwoRKHoMagkh0RvQ9l7jsgmeSdCi37L1+i45cAtfTzys0vqeq/T1NfBBjOhOr/z8JneNGQZqdyWplSb06OtzmsTM1XX+htq+o4gCgciIMUo0rKeh1oefu76IyjYpmxTxsDIY8Be43trbTvS+Vsr53DvY6KQicIhddaHCzxHPW+viqw3lSEoNl2KeKxNLkB0SjFi08sQk1EObWaFRBRGm6qhz2+CIa8Jhtx6pOSVo6KyDCc2LsXNcyZgS3UBjk1uwMPr5uHp7iV4fNdCPH9iDX5w2414smc1jt64BotmzkdZzQSYSpuQX92JwvopKG2ZhaKmWcinoCZEENZMh4mmKNdMR2pJO4qbZw3KpmoDX3kwZ82RCA/RnmokhjgIN5cfrWk20E7pKPOjvG87e86sqOY86Wi9N2u94pSJi+SEGpEiXpd1o1bugcgdcx5vA01jVrOBmJcsk3gcqBynzp5XqsGq/wfKV5RBzRONMtm260AfjInPyL/VomATXmQvMSUxZG26cvp0tBVm5DRpbUy19SbVFEtlkUn5geyrVlZzWFKbWvzRx5/0khwkozWbuI6jmnyUhjVkFslDywvQ9H3a6ffGm3ZJ9rdluZRpiW2UbB+1o1o9tpYopDwGauPoOt0nRtqW5SD8qUX2Hsw6npQWkX80fdiaTUkWysThYKIcK/MRpy7LZbP2KBKFSsJn8fodvURaYU3/JThEEmruyk192hSRHFJOW66bMKM3XZEMtPRbGQgj2pCNnlN396ZT0jA4z38x4jLlWySUT5RduTajtXp1lvtEGynta05GEROkGzVybzDpivpUS8ucHHx+5MkDtgHbgDEwNjBgr/G9tfgZ6fytlXO49zFRyERhn87ycAHlbM/bqyLnVLYgND4DkUm5iE4tQUx6OWIyKxFL6xKaakAkIf025NXDkF2N5KxytLR1YO9N6/HosR3YM70Jy4szsKogGQdaC3DXwiY83T0fb5zaiJ+c2YgfndmCF88exG27d6K8tAZhEYmIiElFXFIeEoylMJiqkV7ShswKCngyHflNs5BdOxkpJW2ombxoUDZVCxiiHNhZ+p+IIDFAhhpJIA7C1cig3733+0HJLOJMjTRTyvvq6z/ql74aQUJBSGjNtubO6aB0qSwDEWgDXZdlVSMYRBJNSVxQGZ597sV+clN6FFCDdCpuYlpqNhCvyzKJR0vloPQoSIJyI09UIq/IKy2zoFLSl/K+gfIVZTDnFUjElXif2u83fvxTpXhS1Gw5qIza+nZ3339RNV1aS4/KRGsvUiRkfUaBdJ+tMKOUn+rEvkPHpGnGf/7s837lkE/IhNRA9h3MeoxHbjktJ997FNfYJLsS8U3BYCztFPRHLhfJpxbxl8hEsa2Q75eP9BzZWrnJdrJluZT1TWyjZHnUjmr1WLaLeL9aFPkHLj7WqyPxXmt+k25oSrhyo/plaT1Lc2lv392jTMrs/0qykNIc6pRjyoTyNifXQOdFz0HlFN72GYt7iTiJMBPWARSfIzJJjFosBirZe/IcIuKNvfIpSSh6dv+td5vd6bq8T1+8tjcdMQ+6ToFJKO2ByitfFyMuEwkpTq0Wg7jQtYzCaqvTpQAkTZPmSntyTpnVz8ly2fo4GEJPzltpIzVybzDpMlE4NogGGT98ZHszBkYfBuw1vrcWCyOdv7VyDvc+JgqZKBzxjuFwQWzpeXtV5JKGLoTGpyNSn4PotBJEp1dAm1GFqMwqaLNrEJdXj4TcOvz/7L13uF3FdT7815cvsQ3qqPeGdNW7hBqqSEIV1LuEeu9IICEhAaI3AwZsigE3bAwu2Djgiu3YuOGCu3F3EpckjuPEcZL1e94t1tE6c2eXU/be9577nuc5z+yz98xaa9a8M3vmPVP6jpgq/YZMlmnTF8pTb39IPv+hJ+SDd14jx66cIpsuGST7Jg2Se5ddKs/sWyx/f3KDfP6OvfLNBw/La49eI//wjlNy676rZHCfi6X5W1rLm9/UWi5s3lGate4mF7TpJS06D5B2fUZLr+EzZOCkBTL40kVBOGtpcqIwbED/5z//Z7AkF8sJ7ReDUt/n0LGTBRxB5m/+8Z+KotlBOAa1IAzsB/sIjpo4oyDDlqkeLALiBsvu9ORXjZNkwAr9OhtL0/kOA8DSOn2u4Xue/qA1Nbi2MwajCDaVgdBHMFgS7ZnnPlpPD06K9ZEAr37rO/XiWlm+MrDPrV16HZUP2ABb7Adl5pI+OEXXjRenV/Vr6PMD9IYdPIJ0YTNKLYHjO7QDJzTDV6obIX67ZJXmoVqYgR74Tr9Wvz7Dknn3o/mJK1/fCdp2abDqgxwfoWeJQo1baugjVZEf1NcwWb6991B3D1x9IkhTzXxVkyi0ezpq3jCTFbbbjw9vGh+ENNo4fCfPXFAPl89++HkrKriGfPdUdJWXJHzokXfWkxl2w5KFSfc49MmCziS2RcXRE4ZBig0fP7Mgr9fA0XL2gScKRB3IwoGjL5Whl0wPlgIrgYcQB5L0qBsZkHU7j54ppFm+aW9BHmzoN2yCQA/SuPp8Nlqy0iUdF63dVtADeSCvfDLce0G+zGxES3Iirrs02n3uytPfrr8uX7o+kT2aPo2wFEJP9ZMobHyDfC07hiw7YoAYKAcDaY3vk9qSt/6kdlYaj0QhicLcO4aVgjgqfVoVecxUzCgcIO16D5XOAy6RzoMulY6Dp0rHIZhNeJn0GjNbLh4zU+pGTpORY6bLwb1Xy9de/Ji88sw75KnTe+T69XNl/4LJcmT2KLl3+SR5fP1U+fjVK+TzN++Qr9yxXb5y93Z58fbtsmXWaOncvJm0b36RtGnWVlo2byfNWnSUv23WQf6mWWf5m1Y95O/aXSxt+oyW3iOny6BJ82TinMWJyxSD0r/+9X+KxnNh5BT87CNRkNgSCz4SAwPauVeuLNjlI/dwzyUB77i3/mynT3325YIcH7n1q1//RnwnNLtEyfMvvFiUb/xwZ/DhlGDXP4iXBlHoWzoLXSBdMbNN/R+2T6CSWRrPJWvtc1+d8flS8+mbtQmicODI8zNQUO44Wdf9xOl1bfHpUpkgykAcaxrofOHFT+njohCYW75uSyFumH9f+vTnCnEg9663PlgkBz9A8ACb1cCML3+Yhdmt37AiOw5fe309O/TEb18ds36et3h1PZIKwr70yteKCKjnPvKxejrgt537ry6yRf1dShg2OxQKsVQWpL/KQ5n6Tv5FXDsLsZr5qiZRiJnIl162oJAf5AukufuHCPLz9Ac/VBQPcX37Vdrl9qduuLVeOeGGb3my+jRpWApZiDb081/8kteWJDerQRIiXyMnzy4QblsOXlfkzyvWFJNxlhz0XSsJiGen7nxYMPPP+s4e2IGlsHEHdvQePK6IrLTLmF1CD6Rm/5hZfDiA5fgt5w9JgZ3DJ1xWZCPs3bjnWMEniLNw9dZ6cWy+cG0PaIEfQIq6cbL+TaKQpEHWmKM+Yo4YaHwYSGt8nxQLeetPamel8UgUkijMvWNYKYij0qdVkXsMGCm9ho6T9r2HSqf+46Xr4KnSfdgs6TZsjvQaNV96jpgtvYZOk7phU2TsuJly43Vn5dWXXpDXP/dR+cLTD8kH7j4l77rpqLzjwHp5555l8tSuhfLJszvlo9dvkY+d2SbPnt4mx9fMlLF9Okj7Fi2lbYu20qLZRdLswrZywYXt5YIWneSCVl2kebtecmG7PnJhx37Sts9wGT7timCWRJRP7DPfDB2dtWTj2WvfzCxLLvpIDJcoxNJZ3wczGbHM8B2PPSVYjux+IEdnBvoG4niO2Ue+mW2QpSc5Iz8+Ygxxvv+DH8mHn39BvvaNb7rqC7+VQAuTY5+r7+JmFPr8pgqRL8xyc2fr6XOElijyybLP1SYb+vyh+YA8d0kxdIIgAXELf4XteRan19qg176ZezavIEFBCMMvYR9LXqtclK3vA9sxgy9sv0DdW8/nI8grBTO+2ZmQATISM7W27DogmMXqK2tdupqkfL/57dd8WQ32uPvOd78v//zb33mfKymqPqskDPOXKgamfLjS5wjtIS6wpVr5Kpco9G2dADuBxd/+7vfy69/8Y7BtAWz1zUZGXNTlB9/xuADnv//9H2x2g2vbni5bu9n7ZwUiIq2d8a3XOL39/R/8cKJ3eyWzA+sZHnOj3JOOXQwC/1h2DEIMBBdOLLZx5i7bWESaIR6+V67dIX2GFBN5+gyHkYDIs3Kg5+QdDxZkLbtqT9FzG1ev3dltLpFpl7Wq/VMu9x9AhtmSZ+87v68h4u+59qx3ybI7OxBxQR62N8uv1UaQmbuP3VjIF+ImnYWoMtIKSRQ2vgF7WligXGKBGCAGwjCQ1vg+TJ97P2/9rj1p/SZRSKIwtuObFviykJtmRcby4w69h0mnvmOk15DpUjdmkfQZsVC6D5knHS+eJp16T5TuvcfK4EHjZc/W/fL8U0/Jdz/9gvz4y5+WH3zuBfn6s0/Klx6/W77y2G3y8kOn5MX7j8t7zuyV23eula3zL5N+XTvLRa0vklatOkjzFh3lgmYd5C0XdJQLm3WS5i06S/MWnaR1m27Sul0vadWxb3AK84wrNyQuTwyCfvmrX9cb2p25+Y5IGZjVg9lk7uf02duDdD4SA4NoO6MQZf+Vr33DFRH72y7x8+05hz3zFFe+vRdx0q3aEXZ6aKwRKc0ohN1hyzWT2GQJOV8Z2OfqIxv6SB0lChHvsy9/MYkZ9eLE6bU26DXsjyJq6ylxbvzil7+qN0MPssOw6yQv+gn7dYl1tTDjw26RUs8P1Dldhp6kfEFo4WCMUj6op1t3HyzUIS2PSkLfrMWkNvn+tKhWvsolClEGvpmCmif4UE93Djt8ROOGhY8+8e5CGfj2ZQxLZ+/r7NO4sitlr0Irv5zrSvYmdPNx+dLzZCBIPnemX7d+I2TK5Utl5sJVgn34etSNKvgUJ/VedsUawTJjfCfPWewl39yTil1C0rVJf9vDTzBrsOvFQwu6QSTuOX62iKQDUXfd7Q/Kkg07ZeYVa2Thqi1y5Myd9eKAHMUMQ9XjhsgnZNkviNS12w/LnCXrZenGPV65WIZtbXTlZvmbRCGJgSzxRl3EGzHQODGQ5vg+CSby1p/ExmrEIVFIojC001kNgOUtI82KPGbK5dKh91Dp2Gu49KybJH2GzpIeA2ZK537TpW2PCdK26xhp12motGnTW/r3GSpLZs+T63bvlI8/+ai89tJH5Nsfebf8/KWn5Tefflpe++CD8uG7jsu2uZPkkt5dpXubNtKudQdp1bqjNG/VUS5s0VHe0qyDXNCsszRr0UVateoqLVt0ltatu0iri3pIi4t6SouO/WTc9OLlb1H+95EmICP08IewtFhSiFlH7kdJPJAY7nM7eFa5iIdZX0k/mHmkhM3GbXvrzSZzdcBO32wle0JokpN8McvR/VgCLY5g0/z6ZiKBhMLBGRoH4QMPP+aqq/f7la9+PZi5ZB9YWb4ysM+tPr2OywdmaYbNuFM7fMRUnF7V7wuxTLPUD5ZxIv8+ebgHIsxnp08PZkwuXrmxSFY1MAP7fvijn/hUeu8B29i/T/MUVr7u8mXUccwuS/IBiY7lzqqjmuHd9z2UxISiOFHlWI18+YhCJfji8n7z7fcU2Wp/uO0Qtg3ATMOkHywPt/pdO5PK8ZGsVq5eY6ZzVh/oUr2VhiDcLJl27Oy9kSRaOfo27T9/ivKJWx/wzs7zyXWXGIP8s/Fg+9ZDJ4sIPUvu+a6PnX1rovyNnjK3aOmzT5a9h+XW9mAUa2ce1y5R6BLAPptcLPgOM4FfNN9xS8jtrE+fLJ8NvNc4yQaWG8uNGGicGEhzfJ8EE3nrT2JjNeKQKCRRWNSBrQaoGpKMtCvyuOlXSNvOA6Vtx0HSvtso6dB9rHTpM1k69BwfXLcFUXhRX2ndqqt0uqiLDOrVR67esE4+/+5H5XvPPyU/e+k98vonnpSvv/d+uW3XOhnRpZ10btFcLmrVTtq37SYtWnQK9iTEbMI3N+sgFzbvIi1bdZc2bbpLi+adpGXLTtIMB5y06iojJlxeUln6TuVUsi+uDH1LQ3UPQJAY7mwwEJBTZy/y2geCKoqAAtmHk1mtTb7lh5/8zPm9CzWub4YeBvJ27zosVfYt/wNBiKXZICXdz21331+wZ9ueQ+5jsc/Vlv7DxtdbToq8ueQO4kOmzyYQV3rginvghl0yijJwD6nQ8lF73DBJPkC+ws/wofvBbE7seYnQfuL0una4v0HeuHmx8vUay5GT7q0HwhlLpn35gDzcB0HjKxvYVylmNI9YihmFfbXDJe9LKV/ExdJp3yxgzesXv/RK0d6Pal81Q9T/1773fS2u0BBEPrYmiNNdab7cNszONo7TjefYAgG4RJ20H/j58itW1LP/sSffE7qEGOkha+e++ntDunZaXVHXvvYwLF9oU9L+aLsVZkM590Fw2aW5mD0Xtoy3VPnA17U3n98bcN6K5IeEgbjafuT6AjG1bteReniAPRNmLpRrzp7XoUSWDU/f9XbB7EnITJqHrv2Gy7YYIvLGex8LZlWWIjep/kriDRozteC3ozfdk4icRR52X3NTId34y+r3NQaOmlwgUOPk2n0pfbIqyR/TNk5SguXGciMGGhYG0h7fx5V33vrj7KvWcxKFJAoTdz6rBbos5aRdkUdMnCXtug6QNzXrKM2adZdWF/WXTt1HSc+LJ0mvfhOlU/eR0rHrUGnXob906tJf+nTrK8smTZYP3Ha9vPbcI/Lacw/K15++Tz561/Wyec506dOuvXTq2F3e3BLyOknbi3pK8+adgtOOL2zeSZq37CYtW/eQ1q27SfNAZzt5ywUXSev2vWT4hPOnP2bp42rpAiF04613CTbuP3nDLcEMKpz+WS35cXKwrHTNVTtk4bK1MmuBf8+oOBnVfo6ZU5t27A+WMi5avi4zX8TlA7MgYdecRStk1YZthSWxcekqeY7ywXJyHDiDA0wQ4iASLNN0Z/0l1dOzbqTsOnBUzt52T4C5m267O9gj0D1UJ0xetTCD2aaHrzkV2ADsow6s3rg9cmZkmE1h90F8gIgCiY1Zlahruw8ey6TsrE043Rfl+NKnPhucZA0iDHtcYtZhOfW9oeTL5jHqGgckKd5Q1nmUgWtfn0GjBX8SpfWBbOhw9VbjN5YDnzUnAoNkwzJeLC3uNWhMgWDr0HOQYDlyvxETZfqCFbJk/c7Cs2rYUYkMEJ7jps2XWYvXydzlV8mcJetk4qwr5eKhl1TkM11+jYNNps5bLpcv2yhT5y+XuhGTKpJbSV6ZtmENtlkeLA9igBhojBhIe3wf55O89cfZV63nJApJFNZ0hzGLijxu6lz5m79tKW96Uxtp3qyztGrTV7p2Hym9+0+UXv0mSPc+46Rzj5HSttMA6dWjTq6cMFGeuO6gfO+Z++UHH3pAvvH0vfLuG47KFRPGS8fWnaRF2x7SslM/aX1RL2nZoktAFDYLSMKu0rJNT2nVpoe0bNlFmjdrLxe8pbW86c2tZdyU0mYTVqsBoRx2MIgBYoAYaPwYAJGXxsxCyEyLJFTcgRBzD+ews/J812fufaTevoYqj2HjxzPLkGVIDBADxEDtYiCL8X0UfvLWH2VbNZ+RKCRRSKKwQgxg9tGgYZfI3/5NM3nz37aSN7+pvVzYrLu07TgkIAp79Z8kPS6eIF37jJWuXQfIvLFj5ZGjO+Q7775dvvf0HfKFR2+SO/dtlnH9B0i7tjiYpE6ate8nrdr0lubNO5/7tuhybiZh294BUYhZhm95c2t5y5tbytAREyTpDKhqNh6UVbsvYJYty5YYaJoYwD6C6zbvCk7gRogZ1kk/iGvTVnNPwiR47Dd8gqzZfqhwIrKPINR7B07emmhZaxK9jNM06wrLneVODBADxEA+GMibqMtbf1a4I1FYIUmUVUFRT3kNUVYVue/QS6Rfv8Hypr+5UN70/7eSv3tTR/m7C3tIm45DpXOvcdL94onSEzMMew2TmaNGytsOb5ZXHrpO/uH+Y/LsjXtl89xp0rtTN7mofT9p2a5Oml/0xozCll2lBUjCVt2DGYatLgJR2F2aNWsnb35TS+lXN0Kgm/goDx/0G/1GDBADxEA0BpKcjFzNE42rUR69B48THDg2Zd6ywnf8zIUyaOzURIeCVMMGyojGFf1D/xADxAAxQAyUg4GsxvdhtuWtP8yuat8nUUiisKZJpiwr8pBxU6Wubri0adVZOnbqL81a9pX/7y095II2A6Vjr0ukR9+J0rfPKLlkyCC5fc86+cxdV8tnbj8k77tup0wfNkDatukorTvUyUUdBkubtnUBIdiqdTdp3aqbtGrdQ1q16SnNWnaX5i07y4XN2km/gSMFOqvdKFAeX9rEADFADBADFgPYS/Hf/vjHepMLcQ/PbFxeEzvEADFADBADxAAxkBYGshzf+/KQt36fTWncI1FIorCmO/hZV2RsPj5m3PSAKOzUbai06ThQ/q5FX2nWdrB07TFO+vcbKyPqBsi1Vy2Vp45vlyeObJLbtqyQfh3bS4tWHaRVhwEBUXhR2/7SsnU3aXNRD7nool7SunVPad6im1yAg01adJThoydzJiHrbk3X3TReeJTJTisxUD4GsNcgZg7itG58cZ32/oMsr/LLi76j74gBYoAYIAZqEQNZj+9dH+at37Unrd8kCkk21DTZkEdF7tR7iIybMl+69BghHbuPlBZt6+RNzXpLs9b9pVOnwdK/18WyccFcuXnLKjm2dJ4snzhGOrZsLS0v6ibN29VJq3YDpU2w9LiHtG3XU1q36i4tWnYLvjjgZNylc7gnIettTdfbtF54lMsOMzFADBADxAAxQAwQA8QAMdB4MZDH+N7iJW/91pY0r0kUknCoacIhz4o8YuIsGT99qXTpM07adh4qF7bqKxc07y7tW3WRKSNHy5YrFsjC8eOkf/sO0uqCNtKyTW+5EDMJ2w2UVm0vDmYTtm51bo/CFi26yehLZsnw8TNrurzSbOwou/F2CFh2LDtigBggBogBYoAYIAaIAWKAGMhzfA/85a0/qzpAopBEYU0TTw2hIo+dOk8mz1wqfQZfKu06D5YOrXvKxV36yITho+Tirj2l5QUtpWWLTtK6bV9p0WGAtMCpx237BIeXdOlSJ2MmzJLRk2bVdDll1eBRDzsXxAAxQAwQA8QAMUAMEAPEADFADDRODOQ9vs9bf1a4JVFIorCmCaiGVJF7DBgp46bNlynTrpTxY6fJ2JHjpXv3i6VLl77SpctA6dV3rPQfNk0Gj58jIyfPk9GTZkuPupE1XT5ZNXTU0zg7Aiw3lhsxQAwQA8QAMUAMEAPEADFADCgG8h7f561f/ZB2SKKQRGFNE1GNoSJjT0N8067slM8XLDFADBADxAAxQAwQA8QAMUAMEAPEQGPFQN7j+7z1Z1VuJApJFNY0QdVUKnJWDQb1sFNBDBADxAAxQAwQA8QAMUAMEAPEADGQBwbyHt/nrT8rn5MoJFFIopAYqGkMZNWYUg87S8QAMUAMEAPEADFADBADxAAxQAykh4G8ibq89WeFLRKFJIlqmiRqKhU5qwaDetJ76dG39C0xQAwQA8QAMUAMEAPEADFADBAD4RjIe3yft/6ssEGikEQhiUJioKYxkFVjSj3hL3T6hr4hBogBYoAYIAaIAWKAGCAGiIFKMZA3UZe3/kr9lzQ9iUKSRDVNEjWVipy0wjMeX87EADFADBADxAAxQAwQA8QAMUAMEAONEQN5j+/z1p9VmZEoJFFIopAYqGkMZNWYUg87W8QAMUAMEAPEADFADBADxAAxQAykh4G8ibq89WeFLRKFJIlqmiRqKhU5qwaDetJ76dG39C0xQAwQA8QAMUAMEAPEADFADBAD4RjIe3yft/6ssEGikEQhiUJioKYxkFVjSj3hL3T6hr4hBogBYoAYIAaIAWKAGCAGiIFKMZA3UZe3/kr9lzQ9iUKSRDVNEjWVipy0wjMeX87EADFADBADxAAxQAwQA8QAMUAMEAONEQN5j+/z1p9VmZEoJFFIopAYqGkMZNWYUg87W8QAMUAMEAPEADFADBADxAAxQAykh4G8ibq89WeFLRKFJIlqmiRqKhU5qwaDetJ76dG39C0xQAwQA8QAMUAMEAPEADFADBAD4RjIe3yft/6ssEGikEQhiUJioKYxkFVjSj3hL3T6hr4hBogBYoAYIAaIAWKAGCAGiIFKMZA3UZe3/kr9lzQ9iUKSRDVNEjWVipy0wjMeX87EADFADBADxAAxQAwQA8QAMUAMEAONEQN5j+/z1p9VmZEoJFFIorCKGGjfvU469RkidaMmy5hp82Xi7MUycc6S6O/sxUFcpEFayMiqAaAedhCIAWKAGCAGiAFigBggBogBYoAYIAYaAwbyJury1p9VGZEorCJJlFWhUU/yRjzLitzuDZJw8LjpMm/lFlm57Yis2XlM1uyK+e48FsRFGqQFWQhZLOfk5Uxf0VfEADFADBADxAAxQAwQA8QAMUAM1DYGshzf+7CUt36fTWncI1FIeXVnAAAgAElEQVRIorCmCaksKzJmAvYYMEpmLdkgG/ddJ1sOn5GtR24I/eK5/SIN0kIGZxXW9gsujcacMtPHTJc+Q2u6vSSG0scQfUwfEwPEADFADBADxAAxUD4Gshzf+8opb/0+m9K4R6KQRGFND3yzrMjtewyQvkMvkcUbdsumg6dCCUIlDzcfOiObDlwvmw+dDghDpEFayICsNCp8WjJ7DRwt/UdMDL6wv0OvQY3K/rT8QrnldwKy9h0wu3r7Qdm0/7gsWb+zqA72GTJOzt73uNz64FNy/Z0PS69BY8rC98VDx8tVe68JdEyfv7IsGVn7hfoaD4ZZViwrYoAYIAaIAWKAGKh1DGQ5vvf5Mm/9PpvSuEeikERhTQ9Ws6zIShReuWFPLFG45dBpWbPjqMxeslGWbTogG/dfF6RB2moRhVeu3SG7j90oe4/fLHUjJiUu54mzrpS9x88G6WYuXBWarmu/4bJm+yE5+8ATAYECEsV+D5y8VUZNnhOaPq5B6zdsQmDDrqM3BAROUvIUhM+2Q6cE6XYePSOcBcYOUxzW8Lxb/5EFLJ+59xHpYMj6JRt2FWF72vwVZeF69JS5BTlbDl5XlowkeWkMcbSdQT1dsXlf4u0W0C7sufZsUL9B7Gq7MHz8TDl48rbgPto8/HGRxA9oL7Yfvr6QbtaVaxOli5ON9nHTvuMFuTMi2tIwWdiCAsQ12nH4Cfmqln1hOnmf7SUxQAwQA8QAMUAMNGQMZDm+9/khb/0+m9K4R6KQRGFVBkVpgLMaMrOsyOeIwvGyZGM0UYjlxmt3XSMzFq2RupGXypylV8nGfScCohBp+w4dXxj8lusDDDCP3nRPgZQohdhYuXl/Id2mfdd68TF78bpCHEsO+q63HzldRLokzZMlVU7e8VBiGQHhc/+52V+3vO1JwWywpDoZr+l2jLr0HVaYNQi8te9+flbvFWu3F+G9lPpkMTVq8uyCHMwstM+qcY16P3XeckH9nDxncWLyrRq6S5Vh2xm0G7A7iYywdqH34LEFohfy0P4piRgl17Vj/GWLEtkRJXPM1LlFtsCesLY0So6Lu3LlROngs6bb5rHsWfbEADFADBADjREDWY7vff7JW7/PpjTukSgkUVjxoCgNYFZLZpYVOQlRCJLwqgOnZP6qbTJo7DSpG3WpXLlhd3APS4+rSRQePn1ngZS4dM7SxOVsZ0/5yIwpc5cW5GLgii8IuUOn75B9J26WG+59tN5zzAAq9YAWS6q4xE0UPizhA7tAIETF5zN2koABixsXbz0HjpYTtz4gN7718YCA6tZvRFmYspj21a1KsRg1K7JS2dVOb9sZtCE3P/BEorpqfeiWE2bbaZuEcOYVayLLqd/wCUHbpWnwp0Yl+UQbt27XkSIbVHap5T1g5OQi28qVU0l+mJZtIzFADBADxAAxQAw0NAxkOb735T1v/T6b0rhHopBEYUUDozRAWU2ZWVbkREThodOyfMtBGT5ptvQZcolctni9bNx7orBHYUMnCjv2Giw33vtYYSAMIm7uso1Fs69QflgGeOzsWwvxMMgtdU+2KEIgCiOW8CFRyM5NFFbsM4sbl4Cy8Sq5tpgulThKotfm4cRtD9Srl0lkZBXHJQrRRhw+c2fsLEDrQ7ecQNQdOXP+DxJsi9D1Yv8BNIhr/0xB3B51I8t+H2L/yVN3PlzU5im5h7CU8oZtbvupskqRk1VZUg/bWWKAGCAGiAFigBjICgNZju99ecpbv8+mNO6RKCRRWPbAKA1AVltmlhXZJQo3Hz4tG/eflPV7jsumgzi05PpgyfHE2Uuk34iJMv6yxbJ21zHBfoU44KQxzCgcMWlW0UA4apke9v6yswsxq7CU8o0iBKLkWLKERCE7LVFYsc8sblwCysar5NpiOg3CB0S+HrqCGZBJlt5Wkp9K0vqIQpBhC1dvjWwnrA995YSZeEqqRRF07szoy2JmH0blddCYqUU6oXfdziPB3qpqSynlvWDl5oI8/DGDPVfLkRNlM5+xbSQGiAFigBggBoiBxoiBLMf3Pv/krd9nUxr3SBSSKIwclKUBuixlZlmRXaIQB5QsWrtLJl2+TJZu2i+rdlwtly/fFJCEIybPlsUb9p4jCQ+faTREoR1c+wbpbtkuWrutMMDFARF23zc3rvs7jhBw4+tvS/jEEYWdew8JZjpiEI9DA3DAxLpdV8uEmQsjl0qDGBg/c6FcMn2BQIbqdsPOfYbIhMuuCL69B4fvlTh47FRZir0t9x8PviAZsGdbx97JTo/GDM6VW/bL1kMnz8nYd22w7DJpetdu9zdmOI2dNk/W7TgSHNAAO+GnpDZiqe6MBSsD8kTzuGrbQRl96ZxQP6vO8TMWyrDxMwIfd+g5SLA/IPwDOcjvvBVXCQ6OcG32/R4+4bJzeYCf910ri9ftkIGjJgdpA9y8sbeli23YAlthy8jJsyNtxt6Aiqf1u6+Wy5euFyxdhj0W01HEUan+wmw2YHHKvGWF5aog6cdNnx/YDAyqDa5fgMsr1mwLsK8+BVmX9pL9MKIQdRZkn2un/rY+dMtJ49h9ByFvyLjpRfJwwJGdGZ10P0OV74Z230ToQzuJODaPUeVt5aE87AFRmIk93xCHSeVYmbzmQJAYIAaIAWKAGCAGagUDWY7vfT7LW7/PpjTukSgkUVg0gEoDZHnKzLIit+8xUPoMfeMwkwOnZP3e4zJ7yQbpO2yCYCA5Y9FaGTZhpvQbPjEgDDfsPxkQhJhNaGcUQgZkVeI3EBt2WV219ii8fOnGAvGHQbo9GdZnb/ueA6XvkHHBF/un+eKE3UtCCPjSJiUKsX8ZBvU6U8cNQbQMnzirns3wLZZ1avwpl4fv/2gJBJBarr0gRMKWGEI+7Fu4anO9dCoHhNLB628v2KI2aYj0k2YvDk2vcqJCkKKn73p7pI6wk1gxqxRkmdrjC6+/82EZesk5ItDaYffbA9bgS0ugWFnIZ5gNkAliKMpP+6+7RXoNHF0gj1wCytrinoisNg8YNbmQ3tqm18uu2hPUf/3tI3zK9dfKzfsifQyd7gEswDEIV7XHF8JmxNM8VjO0JBqWHOtMSNiB+hXWtiRpF9zZzMHsSnM4zdodhwv5BnaiiMkkedZ6DrstIWvz6CtvVzZ8feDkbQXb4BfcK1WOK5e/OTgkBogBYoAYIAaIgVrBQJbje5/P8tbvsymNeyQKSRSmMghMA6zlyMyiImMghy9mO/Uddv7UYywpXr3jahl/2ZXSa/A46V43SnoOGC1T56+QtbuvCfYlVJLQEoWQAVkqt2230gfqSJsGUWgH6RjQY0ZWOeWSJI3V5RI3UenjiEL4ZsPuY4XBuI8gsfdwgqzVV4pvbR5coqDfsOKDFKxO93r5pr1FNsCei4dNkLNvzIBz47u/45Zz2vzZa5CMrqyw3yu3Hiiy0fVTWDrcB1mDgyWsbluOUWntMx8hDjLVLoG38e31mbvfUcirizdri2/vP3dJvpVrr0GK6m8XD5X4q1SiEETa0RvuLtiiNvnCPcfPprKE2ZJfq7YeCGboWv2YcWrxoNe2TrnlpHEQYoallTdnybl6PGhs8TJhX92ycpJcg2QGoe8u9bZ5dMvbJxezbtVmWydKleOTzXscIBIDxAAxQAwQA8RALWAgi/F9lJ/y1h9lWzWfkSgkUegdjFUTZHnKSqsiY8YfCAjM/hsweooMGDU1OMV4zNT5smLrwWBJMU44xr6DK7cfEexLiBOOR02ZKyu3HQ7uW5IQ1yAWkRYycCIyZOLbd+j4QFcpswxd0sFHoISVS9Sg1F0Wh0HtsbP3ypgpl9cbJIfJT3rfEgKl7Ldm92nDYNtdQmkH47Afp61if7JeA8cEMx+XbNhZGKzjuTvjqBTf2jy4RMHm/ScKeqADszVxmAKWMo+YeFlwuq4lDWw+QEhYYgvxMEuqbsSkIA9Yrmhn30E+ljcn9T3i+YhMkIG4j1miWFLrEpVjp80v6MBMS7UfIWbtYfky/Nx/xERxyS3MpIJv1UZLzqkc5AMzB+ELyFi/62iRDhBHINlVBuTtuebGojgg+sZNmx+kh59xWrfK19AloKwt7jP3gB/IgM7BY6cFOibOulJO3/1IPR0uHirxF4gq5AXkGHwEG4IZsRMuC2bFgsi0h3pY7CHugZO3BgcQoVyxxBr1TX2BcN6KTQWfqm8rDX3tDJb+W72jJs+pp9fWKbcsXJtwirHKQ33AEnX7B0owO7TXeby46Sv97ctjmEzMerWzKhet2VbIeylywuTzPgeHxAAxQAwQA8QAMVALGEhrfJ/UN3nrT2pnpfFIFJIoLAxGKgVTQ0yfVkXuOXCMjJm2QOav3i5Xbtgb7De4ZOM+Wb71kGw8cFK2HD53QAnIws2HTgfk4LxVW2Xxxn2y6cD19WYTBkQhDj85cDKQAVmLN+C7Vxas3hbogs6kPi6FzHJlxg1Kr1i7vTD41kE4QhAUWN6J/bRAWLlyS/1tCQHIXrF5n2D2T9QXSyXtckqkcwk2S9rglFIM0F3bMOvIEm07jp4uxCnFtzYPlhiySyNho48QARloZ8Jhnzm10+4VifTYU1GfaejOpLN50DhRoSWToGPM1Hn1dCAf9qRXS/ZZIhD3fbosaRuQfD0GFOJZcg74gh5Ldqk8uxzeLW/3YAsQeO6sL8gBAWqx7BJQ1hb3GYhLm9Y3e9M3g8/iIbDBLB8ux1+QYckm38xHxAHZDz+pzagzuG+/AcF67dlCHOAQebBxKr32tTMgXS3mb77/nfX26bR1yi0L1yYsA3bJbM03QhDXbppq/vblMUz+xj3nZzmj7OzS61LkhMnn/WKM0x/0BzFADBADxAAx0DgxkNb4Pike8taf1M5K45EodAZIlTqU6RtWg5NWRQZpsmLrIdly6NxBJCAE9evOFDxHAp4jDJVA9MXReyoHYZD20JlAl4+oCcNbKWSWKyPJoHThqi0FEsEOvO31jW99PJg1lvSgCdcOSwhYuaVcu8SRlYlnepCFqxu/LQGEWYc96kYFpEIpvrX6LDEE0kUJS9gRNtsPswtBdmDGGPTCLlf/ul1HQskOu/zS9YUvz3rPEmPwt53dpHE01P3ZEM8eCgGiA3v7wX4fOYf0lthy7XNt8JGhkAHZ6kvYYGc14oAYxYuPdNI8wKd2r0iXgLK22GdId+TMnQUdYQQf9AT7HJql4hYPeF6pvyAjzE7NJ0JL9Lt799l4rr2V7nVpZeM6rJ3BYTFaZggxy9CmtXXKloWNY68tkWzllkqcW5lJr8Py6KbHbFC1DfUAhxPZOEnl2DS8blh9EZYHy4MYIAaIAWKAGKgOBtIa3yctn7z1J7Wz0ngkCkkUFg1IKgVUQ0ufVkWetWSDbNh7Qra+QRBiluBVB07KVQdOyeaAPDxH8in5lywEmXgmkAFZhZmHh88EuqAzqX9dMqlaS4+t/l6DxgRLP+0MIB3s2hADXyy/tGmTXFtCwMor5doln+yAGwcFhBFYsA8klp6MCjk6668U39o8WGIIMq677W0FcgB6sPQ0yh71WUAGvUE4wS6QiPrMDSHP5qHPkPCTl21aa7cu2bTP3Wss99V9Nd1nUb8tseWWlX0GG7As2ycrrDxw35J4cXvRubMb7Qnd1hZLTrlk2ujJl3ttVLvt0lqLB30eF1o7XH8hrX1u7VS59Xx1+ZJIe+2y7VLaENUXFdq66PoCJ3jbeo6TpFWWxaYvjxpPQ+TZksCQew5P54h/jach/tjA4TpxXyyh1zRhYVQeNQ3q6Mk7Hizk1/UF4iWRo/IYVmcQQj/Sj8QAMUAMEAPEQMPEQFrj+6Tlnbf+pHZWGo9EIYnC2MFOpSDLM31aFXnuiq2ycf85Mm/V9iMy44q1Mv6yxTJ1/krBb+xNuPnw6ZK+SIO0kAFZMxetk1U7rg4IQ+iCzqS+rEcIzAk/mdeVWc6gFHubzVq8TjBLBwSGHeTr9fjLFiW2HzZZQgAD+3HT58v4GQsjv5hBB8JHbXDJFJu3qJl40B/mw7D7rh/dPLgEwIKVm+v5CfZiD7VFa7fJsPEzvMShJYPgW5xIfOjU7XLo+jvqfd2TfpPOCrO+D1vC6suv717PAaNk+oIVgiWuIMr2Hr85OEgDcjHrVPHhlpXNZ5QNYeXh3rdLt3122v03XQLK2mKf2fuw355469Nh9yF08aDxy/UX0lt7rJ0q2/UJbN534uZ6uAGWsKcknmv5xNUX1ZE0tHXR9QXIM0ukW2LPYtOXR59+bCVg86IHm/jiYosDzXNU6DvF3JUXlUeNi60aVA/y6Vten0SOymPYMAc1LBeWCzFADBADxAAxUB0MpDW+T1o+eetPamel8UgUkigsibypFHBZp0+rIs9buUU27r9O1u85LjOvXB/sg9et33DpO2yCzFq8XhZv2C1LNu4t6Ys0SAsZ2F8OxMVli9fL+r3HA13QmdR/LiGQlCCC/EoHpdCNZaIgsHQAjBCDenvQRFxeLCFQrcNMbN5w0mqUDa4PdUZV2H2fLJsHlwyBHJBn1kfuNciNK9ZsKyIMLRnkxo/7rXnw2WrvWbuD5cTdz+8daONFXSfJn7UXebX7Sdp8RhFCYeXh3scBJlH2RukLe2bvWzIrTI/1azl4iPIXdFp7fD5zfWLlxV1v2ndtpP/C8hx239ZF1xdIg/0lLbmn+1/aE6Z9efTps0vcsY1AFKG7cnPxbMYwv7hLon164/KI2cB2D8Wp85Z7fYw/DtSOahO2Prt5rzoDGfqRfiQGiAFigBggBqqPgbTG90nLKm/9Se2sNB6JQhKF3oFJpcBqKOnTqshKFK7ZeUwmzlkinfsODcicTr0HB2QHTiq+eNiEkr5IA6IEMjCjBjJxWjJ0gJQslSgEwaODy6gZNG5ZxQ1u3fhhv0FKYHCvNmDQn3TpK2RaUiUpIYB0lixxySebt7gBt0uqKMkWdt/nB5sHHxmCNDhFGAd/uCfNqt8QBsuk3yDrbP7wDLPyjt9yv2DWXdQXPsT+bz473XvW7qjZfG46+xunMNs86DWWQkMmThs+euN5jLplZfMZVf5h5eHejyPLLZnk6guzxd4HAWWJTusLvbYkl4uHSv0FHdYeNw947voEPj924z2RuEFZQRb2JdV8VCO0ddH1hcp39xececVqwexAxZIvj5rWhtYvLs5sPFxjVvLOozfItkOnQr87j54Jtgpw07q/4/K4/fD1hbyAaMYs4uETZwlwol/kd485WAYzjhEPJ83jzyRXJ39Xf0BCn9KnxAAxQAwQA8RAw8FAWuP7pGWct/6kdlYaj0QhicKaHmikVZGVKASBd+X63cHgru+QS4KBW9+hlwhIv77DSvwizdA3ZAy5JJC5eMOegCQslShEw7Bm+6HCIDRsIO42ICASLLnnzrrD4RrYlw1fN63vt13OGTdAd9NbsiopIQAZUaRA3MDd2gBf2D3uyiEKsVRaSY0kZdC5zxAZfemcgDiEvzQtQiV77b54IKcw+9TaXY1re0AJfG9PYE0iP5gp9cATBftBNoEAgU9teuwDePa+c8uPXXzYcowqf5f8suVUVH4x+/ENGhNOQIXZYsvCtd/mU6/tMlOLh2r4CzqsnT6C18X0hJmlbQeg+ahGmKQuwl7bHoFMu3zphsJMwyhcWButX5KUk01byXVUHt2ysHU96XWS5c+V2M+0DWdQxLJgWRADxAAxQAwQA+cwkNb4Pql/89af1M5K45EoJFFYNHCvFFANLX1aFRlEIQ4c2XzodHDQyPIth2Txhr0CYq86370CmRv3XhfogK5SZhSiHOyJrzhwBCftxpWPuxTuUkOudOw1uHAwBgaycQc3QFcwQDcHb+Q9o9ASNWfufSRyKTRm+ilZhxBLIZEnd4AfNVPNLmO0xFBcOQS+6zNUrr35vgLZpks/3XJQYiyJzKRxBoyaXNCLvLunsFo5WE6O2U0gF3EABJ5ZohGnDfv2XUO8KKLNkjtRhBDKA7OslFxRf+A+9tnT+3Gn3FpSx9UXZos98AZ6lMy1/tFr106Lh2r4C3pcO12CFzbYA0qsDWpnVqH1d5QdWCZsl+dqeSJ0yynMduuXhkQU2lnfNl9Jr5Msfw7zCe9zwEkMEAPEADFADBADjREDaY3vk/oib/1J7aw0HolCEoWx5FGlIMszfVoVWYlCnGa85Y2Tj7ccOi1V/b4hFzrKIQrHTJ1XIEkw8Fy97VBkWYNE2H7kdCENBtSDx04tpMFze8DAgZO3Fu2d5ytne2AHZr/1qPOfNOpLm8aMQkv+wSdRxM7mAycKvgDZ1bH3OaLV9VMYyYHl4/ZEaBsPS1TX7Twiq7YdlMXrdtSbaaf+sHuT2fT29FzMHHMJIU2PGYprtx8OllAiPWaE6rOo0D2JFWWNfPvS2OWhIHRgiy27YGZbD/8eh0s27C742CVwLLkTRQjBLh9RCFtnXbm2SL7Fs81LQFi+MbMRuHD1Rdlil49GEfKWDIQOW57V8BfyY+0M24vPnu4Mn4eR9/DrwtVbA+zsuPqM9B8x0Vv+1o+lXCclCiHTHgID3+nXLacw/dYvLs7C0lTjflweZy9eJ+t3Xy3rdoV/0UborFvkG0v30ZYDP0qKV8NWyuBgkRggBogBYoAYIAYaAwbSGt8nzXve+pPaWWk8EoUkCqs6+KsUkNVOn1ZFtkQhiLy0v+UQhRjoHzv71sKgGoNMkF8+sqhrv+Gy9/jZori+GVjuPmrYO8t3MAB0z1txVZE87IUGAippGVvyJCkhANlRpADssrPM4JOZC1cV2YQ4GJwrGYFw0ZptRXEsgQfiAYe32HyBoHP9aYkhlzSaNn9FUXrIwrJtkAJqB05jVR3Yo0zvI0Q5uAfFYAYpTkPWeHEzKFW2hpcvXV9ICxkgkbFUWJ8jHDV5jmA5qOrYtP948Ny1D4SITYdrFx8ugWPLMar8UV5hRGEg440ZrbBR94GztoC0vf7Ohwt5QDxXX5QtFqdIe+zsvfWWg4+ZOrcwO1V9ZfFQDX8hT3aGJvT4/O7OggS5efHQ8UXlA5/aGckoG51Rq76D3xBn8fqdMnf5VfWwofHCwjgSzU1nCVn1oVtObhr9bcvPxZnGSSMsNY9hNtj2Jm5v1TAZvM/BHzFADBADxAAxQAzUAgbSGt8n9U3e+pPaWWk8EoUkCosGiJUCqqGlT6siNwaiEGVhN/7XwTUGyiAMMZsOA3w7i1DjgFDxzf5zSQaNv+/ELcHsIxAT63YcqbdUEDqHTZhZEtYsAZOUEECe40gB9zRV5AGEqs7qOX33I0WkkW+WWL/hE4riQAb2UluyYadgth/yq77R0BJDWD5sZxsiDg4smbNkvUyZuzQoH02H0HdQhltu0InZg5gFBpLXtSHsRNWwOgtS184ghR04OGX19oPBac3Hbzm/LNq1EWldPyJ/IGCx76X7DOlhrz0MxJZjVPlHEYXI2xVrt9crCyy/BflrZ2bCBv26+qJsgX6XfEZeNu45FpSF3WNP5SO0eKiGv5BXr5zTdwaHc4CM1LK2My3Vpu1Hrg/shV3uUl9d9q7pEdqZpJhxm2RrA5u+VBLNV2fccrLy7bUtPxdnNl61r0vNY5j+askJk8/7HDgSA8QAMUAMEAPEQGPBQFrj+6T5z1t/UjsrjUeikERhYfBYKZgaYvq0KnJjIQpRJjjp1s76UmIgLASBFbXMsG7EpKKlcGFy7P0Zzqy9JFhxicKw5bWurIAUiNkXESeKJvHJqTsf9s6YhM6VW/YXiCWbV3sdtR8cDs9wyTyb1l7PXLS6Xj0FQYXTV228sGsf0eP6zfcbxDBmgobJ1fvIx9hp84tsdGdNalwb7j1+s+g+bZBhl8Ha2XEghMLKH34oOrRkztIiO/Ac5LXV67vGUnAlyFx9ri3uzEqQZHF+Qv5A5KpuSxTC95X6S8vPEniqC6G7THXhqs0FW2w89zpY2u7Z39Tuv1nOXnnlkF9oy6x9bjmpD9zQlp+LMzduNX+Xk0ef/mrJ8cnmPQ4MiQFigBggBogBYqAxYSCt8X1SH+StP6mdlcYjUUiisGhQXSmgGlr6tCoyiMKNB06mvuRYlzRDF3SW618shcWMOTvIdq8xgMZSQpcE8enEMtcl63fGEl1YLogltD4Zcffsckws50xiF2TaWY/nZkb6T2jGcutN+457fQJfYHCOGVpRdoLA8xGOp+96u0ycdaUMHH1pQb5vySBs2LD7mNePsAH+6zsk2n9T5y+vNztRy/bQ6Ttk+ITLIvMQlT88A9G2cNUWbz6hBzbiEByfHMzetMuC1S71L2TrbLxzZXV+D0s7g+zErQ+Elj9k7L7mpoKfxzmEpdo1Zd6yAhGodiDUskJZ61JvV18SW2AHluFa2XoNH/QbMVFAsus9kJdqm4aV+EtlIMTMXnfGqksUIh4OqXG3J1D7QBBOX7DCuzcl8mrL1Sfb2uO7tvuXLt+0t54vfGlwb+XmfQUfJm0X0CaoP6LahDCd5d63pC1m0+Ytp1z9TMcBJDFADBADxAAxQAw0FAykNb5Pmr+89Se1s9J4JApJFJY9eKkUfFmkT6siz12+WTbuvy47onD/dQKdlfqsU5/BAiIFs4mwRxyWHiPE7L1Slw7CFhAGIBtmLT63jBny5i7bKDhIBTP7KrU3i/TwyZBx06X/yEkyaPSUYLl2HEFo7YIPkA4n/mKpt2/PRhvfd43ZciCSIANf2FJqeWA5tKYfOGZKQJj6dJV7D/m0NkJHUht7DhgliA/SE7NVIatcOypNN3DU5KCckJdeg8ZU3Y72PQcGhwBh3z/gArPZSrW5Wv4Cod+t34hYLIDoVewAwz3qom1GuSvxFnZoSql5ZnwOQIgBYoAYIAaIAWKAGCAG4jCQ1vg+Tq8+z1u/2pF2SKKQRGHJg9i0QVlN+WlV5AmzF8vqHUeDE4911l9aIU5Vhi7orKZvKIsvYmKAGCgHA3YpL5aOl0Ksl6OPaYhTYoAYIAaIAWKAGCAGiA+mzcsAACAASURBVAFgIK3xfVJ85a0/qZ2VxiNRSKKwpsmntCoylhBOXbBKlm05KGt2HpU1u46l8915NNABXdBZaYVner5giQFioFIMYI9PXaJcyrLhSvUyPbFLDBADxAAxQAwQA8RA08ZAWuP7pLjKW39SOyuNR6KQRGFNk09pVeROvYZI36HjZeSkOTJh1mKZOHuJTJxT5e/sJYFs6IAu6Ky0wjN9036xsvxZ/tXAAPZAVKKw0j0wq2EPZRDXxAAxQAwQA8QAMUAMNA0MpDW+T4qfvPUntbPSeCQKSRTWNPnUVCpypQ0B0zeNFyvLmeVcDQys3n4wIApxMEjH3oNq+h1SDX9RBusdMUAMEAPEADFADBAD1cFA3uP7vPVnhSMShSQKa3qQ11QqclYNBvVU5wVHP9KPjRkDvQePDU71HjRmak2/PxpzGdF2tjHEADFADBADxAAxUIsYyHt8n7f+rMqURCGJwpoe6DWVipxVg0E97HAQA8QAMUAMEAPEADFADBADxAAxQAzkgYG8x/d568/K5yQKSRSSKCQGahoDWTWm1MPOEjFADBADxAAxQAwQA8QAMUAMEAPpYSBvoi5v/Vlhi0QhSaKaJomaSkXOqsGgnvReevQtfUsMEAPEADFADBADxAAxQAwQA8RAOAbyHt/nrT8rbJAoJFFIopAYqGkMZNWYUk/4C52+oW+IAWKAGCAGiAFigBggBogBYqBSDORN1OWtv1L/JU1PopAkUU2TRE2lIiet8IzHlzMxQAwQA8QAMUAMEAPEADFADBADxEBjxEDe4/u89WdVZiQKSRSSKCQGahoDWTWm1MPOFjFADBADxAAxQAwQA8QAMUAMEAPpYSBvoi5v/Vlhi0QhSaKaJomaSkXOqsGgnvReevQtfUsMEAPEADFADBADxAAxQAwQA8RAOAbyHt/nrT8rbJAoJFFIopAYqGkMZNWYUk/4C52+oW+IAWKAGCAGiAFigBggBogBYqBSDORN1OWtv1L/JU1PopAkUU2TRE2lIiet8IzHlzMxQAwQA8QAMUAMEAPEADFADBADxEBjxEDe4/u89WdVZiQKSRSSKCQGahoDWTWm1MPOFjFADBADxAAxQAwQA8QAMUAMEAPpYSBvoi5v/Vlhi0QhSaKaJomaSkXOqsGgnvReevQtfUsMEAPEADFADBADxAAxQAwQA8RAOAbyHt/nrT8rbJAoJFFIopAYqGkMZNWYUk/4C52+oW+IAWKAGCAGiAFigBggBogBYqBSDORN1OWtv1L/JU1PopAkUU2TRE2lIiet8IzHlzMxQAwQA8QAMUAMEAPEADHQeDAwY9oouX7/DPnQA4vktQ+tkt+9vF7+8tVNwfd3n1sv33lulTx3/6IgzvSpo2p6bEfcNh7cplVWeY/v89afll9duSQKSRTW9MukqVRkt2LzN1+ixAAxQAwQA8QAMUAMEAPEQOPFwNEd0+TVD64okIJKDsaFrz6zQq7ePq2mx3jEdePFdaVll/f4Pm/9lfovaXoShSQKa/ol0lQqctIKz3hN96XKsmfZEwPEADFADBADxAAx0PAxsG3NZPnRx1aXTBC6BOKPnl8t29ZMqumxHvHc8PFc7TLKe3yft/5q+zNMHolCEoU1/fJoKhU5rILzftN7ebLMWebEADFADBADxAAxQAw0Pgx06FEnT942v2KC0CUMn7h1vrTvUVfTYz7ivfHhvdwyy3t8n7f+cv1WajoShSQKa/ql0VQqcqkVn/GbzsuUZc2yJgaIAWKAGCAGiAFioGFjYMjwofKFdy2tOkmopOEX3rVMBg8bWtPjPmK8YWO8WuWT9/g+b/3V8mOcHBKFJApr+oXRVCpyXEXn86bx4mQ5s5yJAWKAGCAGiAFigBhoXBgYPHyofPOZ0vciVBIwaYj9DgcPG1LTYz9iv3Fhv5zyynt8n7f+cnxWThoShSQKa/pl0VQqcjmVn2lq/0XKMj5XxkPHTpH2PQbUdFvHsm5c9ZmYbFzlxfrVMMuL9aj8cunRf4QMGXMp34sNYBzYrnt/+fxTy1KbSeiSiNDFNq38ukPf5e+7vMf3eevPCoMkChvACyKrwm6KeppKRW6KZZs0z3e99UF59Zvflm+8+m25/Z4HijpH67fslm9957vy9Ve/JR/52CdIJtVYe9ip92D55a9+Lfj83//9n5y68bai8k+KIcbLv1PY2Mrgqfe8P2hz0O6s2rCtgLs0MRnV1jU2/9Hehl/nlqy6Knh3AuMPPfLOAsazKLs061EW9ldTx+DRk2XF+q2yeuP24DtrQTwJhLZCPz95/WcC0lBtYr8o+7r3+M3zMiMJlTR87Oa5hTLXsmeYfdnT5+X5PO/xfd76s8INicIaGxhnBZzGoifNivziJz8jP/rJ6/LDH/8kIKK69RtW8kt3+tzF8uPXfxrIeP2nP5e3P/ZkyTIaS1nkZeenP/d57Q8HpKC14+QNtxSe/dd//VdRZ9nG43V5L/K8/XbsuhsK5YsLkMJ520T9jRNLpZQbZq/+7ve/L2DvwXc8XsBdmpiMautKsZ9xax+j1Shj+/7Mum1Nsx5VwzdZyLjljnvlH//pnwvtjL3477/+Vf7+pU9L3fDxhbZHbUL7ZNPhT7T5S9YU4tlyreV+0cVDx8l3vvv9oP/9wx/9RIZfMq3gA/jqznvfJj/92S8EffMn3v100bO4tOrrJOHGFRNDScJvPb1AHj46TA4t7SwbZrQqfK9b26NemhNrexSeIy7SIC1kKDnohhuWTyzKVxJ7GYfvh4aAgTTH90nyl7f+JDZWIw6JQhKFNf2SSKsiuwNBdNCuPXVTyb58/oUXbd8umIFSjYpNGedf5Ogs6wczB61v7GDjT3/6DymH7LXyeH3e72n7Akum3vmu9wlmbqEcffoOX3u9Fn0QZj2Y9dnEe9lhJC9f4/3wm3/8pwL23vq2txfwmSYmo9q6vHzRGPSi/UA78uS7n/YSK40hD3nYaN+f7rs1bXuS1KNqlWuSd03a+bXyL5k6R377u/N/RBQaGs+Fbya92z65RKEt11ruF02YPlf++tf/Cbzm+gD+tn+8YNasLYO4tDZu3PV3nltVj8j718+vk3v2Diwi/ixRePfeAfXS3LSlb2h8EIaQ6RKF3352ZVG+4mzl89rvvzSWMk5rfJ80/3nrT2pnpfFIFJIorOmXRFoV2e1ooaeB5RulVMgufYfKX/7yl6KuXdad7VLsbaxxowbPTaVD3FjLLspuO+sBswJ8cTv2HBjMGMDsCtS1vYev9cbzpeU9dojLxYD7frBEYZqYjGrrys1LradDWf3rv/0xlCyo9fxXkj/7/sy67xJXj6pZrkneNZX4sZS0WHL9x3//96J+I378x3/8WX7281/IP//2d/WegQQ7cPWJoncfyg6zBfFuRNlBrtphy7WWicIR46cH+YfD4KO5VxaTZlHtaVxa9WVcuHvjpfXIOxB6mDEIYnDHvHbygZvHy48/sqRePJf0c38jDdJCBmRBpo8s3LWB+1TGlROfN7z+YFrj+6Rlnbf+pHZWGo9EIYnCQuegUjA1xPRpVWR3IKgdDbt8I84f2C/P/WTd2Y6zsRaeR3X2mkqHuBbK0c2DLTvWm4bXiXPLqyn9dt8PlihM0w9RbV2aehuzbFtWPrKgMectbdsbchtczXJtSPl85rmPFnUbsYR447Y9Rf147Fn4iRc/VRQPhF/vgaOL4oXhw+aXROE5N7p9jGoRhS97DjDRmYFYSuwj9lxCMO43ZOiy5LNbL65HOL785NJEuAjDC++z/5UHBtIa3yfNS976k9pZaTwShSQKa/oFkVZFtp1Q2xtD5yxJpUR6PWTBpnc7I0lkMU70Szpq8NxUOsS1iJF9R44Xqs6Xv/L1RPWuFv3APEXX/zz8474fSBQ2vDJSXNiy+t///V/BvsH6jGF0udn3Z0Pru1SzXBvKu8bmCS8/7IMatV3Kez/wbOEdCRJ8x94jibBty5VE4TkXuviuBlE4duzweqQdSD8QhdUiCZVEVLIQsvWeDceMHZ4IG2wTo9tE+ic7/6Q1vk9ahnnrT2pnpfFIFJIorOmXQ1oV2e2waW8MyxuxyXFcxcSpcr6P7YzgX+Kbb79Hzt52j2zZdSBSJv5BvvWu+4K41525uazTe9GJxAEt2IsF3y+98jV529sfD92zCTpvvPUuue3u+2Xxyo2BfcvWbhbsu6gyPvTRj8vU2YuKbEc6nJAI+YiHPGOzf7v0Jcx/kI9/1JFGdbzw4qcE/gxLkwVRCDwgD7DrU599Wf7hla8Ge16NmjgjsEt9hbJ0bd2251BQzjfddrcgXlg+sE8SfI3vvMWrQ+OV4yO1z5Yl8Kdlib39dh88Vk9npbpwaibyO2Pu4qJyjcIEllCduuHWYKN2rUMg3XEP/gUmbR2Ef/W+HVShzM7cfEfwTJckY8YFylGxiSXN7//gh2Xs5Fn18u4rJ5TLRz/+9/Lt174X4BPpP/z8C/WWNPnSJrmHvalw4JHahzrw8he+JMevP5u4zsMfqOcoU61D73n6g4kJEvgI9dfWQdiAE6Xh07h8qN9RR/Q0coSPPfme0LYGMn0YTaO9ASaBF9RHW3+RZxDSL33qs4HdwInFk8038hi2RyHihWHSlYHDCj73+X8olBPaltNnbw/1s6+tA2aw954tr6j2Nis/u3nF+wu4VkzA18h/GKYURyircuqvtqfArW4BAjLlkXe+K2hDIDfuvWvzEHftsxftCuqels1Ln/5cvdlhms7iAO9AxWaU3krbC+i+5/6HC/a98tWvB/YqmWoJJeQhypb9R07IZ1/+YrAVhLY7jz7x7sg6HyUPz3z1qJrlWuq7xtqLZawoJ80r3gWovzv3XR3pJyvDvUYf6d//9Cd97QV9ATeO/d1/2PjC0loksn9YoB3HuxI4d/sktlwtUWj7pG4aqxfXwDb6E7Z+unHKeV/62qckfRVXN37HkX2+9lTlxKXVeFHhoa1TvaSdJfCyuj64ZUrZuIzKI59lR5w1NV+nNb5P6se89Se1s9J4JApJFNb0yyGtiowOtB0IFnpuInL3fQ/F+vSLX3olSKIbKWt629n+5rdf09vBP8dRRNo7HnuqEPd//ud/Sup8o8P3+9//oZDevcDg6bmPfKxenuy+PRjUffzvP+kmLfzG4AuNFUiOsM9f/vu/ZfXG7fX0IB063T//xS/Dkgb3f/HLXwkGRm6jGNXZC+sQuzKifmOwgn1+wj4gSw8eva7w2O6nBxzp/liIcN+D76hnv+q2/rYy9HklPrKyMVDHgND9WNuqpQu4eff7nnFVFX4DE0oCIJ+uvwoRzQXwqlsA2Pj2PmRNnDFPUFfwwWAIPtDfRlxwibTuqYfqd4TYLwskR9QHBBPssemSXvcZPMZbJlYf9qjykbmqY9yUObF16Itf/koo+QU5jzz+rmAvJ6vXXv/5z/8ph685FZpHDLwRJ+wT5WeL0TTbm8987gsF8zDQtW1r4cEbF5iBdvWJ0/Xyi3K27wc7QI/CpJbVXW99sLDJvqsTv1EvMMjX+Bratu7zX/xSQL760uMesG7rlsrIys+qD7O1sFda2Ae49r0XKq2/Np9hut12dsPW3cG7MIpo1Xy5obUXbT5OVA37fO0b3wzKFgRI2LsFdeX+hx6thwHorUZ7gbwCZ2EfkJr2vWb7LjbveCf/+jf/GCYmaE+Ad5smyXVYPSqnXH36rPww4913CuTgXYC6F/WBP/DnmE9v1D38AaakNuQDh1Hx8WzanCtk0fJ1snDZ2qL3j/WTi/OwfpHtk6J9g4/C9L/3/ednM6KtscueK3lfWruT9FXC7MP9OLLPtqcuvuPSRunVZ0/dHn4acVYEoep56rb5oWWp9jIk6deQMJDW+D5pHvPWn9TOSuORKCRRWNMvh7QqMjpIOhBEJ0iJP3TesGdMVAdq+CXTCp1/dDTt5tO2M2KXu/g6pFr5ocuSaBhE67O4cOnqqyIH/raz+8nPvFwk13YmbTzfNey3J8j54uAefGlng8F+nC4XNlhy5YDw6dF/RJGdUZ09mwf7z3mc3/T50RNnXBO8vy0ZaMvY4ggJLaGgOjS0tloZeF6pj6xsbwbMoCQLXdYGi334y/rSxtNrN77WU9wHwan+tB19TRsX+soHeLV1OErG6z/9eaKZs2ojQgyqNA9RsvEMeVy+bkshjyoHM+/cPyXCZIUtZ8OMpqSfW+58az0bogg3Vy5mO7ptaBKMqhz4odz2xrYXvkMDVIcNXaIjql7bZy4mUV4gf5J+MLtQyxihtT2JDOjHO8DKyMrP0HnfQ48kMTPA9TUnbyyys9L6awmHMCMsgYI/1Oyn1BPUS7UXM26jiDrYgvJzl5NWo70A+Z3kAxJXP+47CeVbSruDP9QsDuOuw+pRqeUapgfyS3nXQA7eBX/4w7+oSyJDlN3W3QdLzjP6l/oBPmYtWFaSDM2vredu2dlntl9k+6RRy/Rt2cBWvDtUb6XvS2ub+sENkxCosMfWSV9bbNtT10dxaTW/UeEr71seOqMQB5F86+lwIhHP7AEnpcZXglDDL793eaGMomzmM5KFDQUDaY3vk+Yvb/1J7aw0HolCEoU1/XJIqyLbjhDILcwq0049OhxRyzLsrLpf/fo3wVJF7ejYzoi7zARLlHwVHjMVlASA7p37ky9tsf8QIy32tLn0sgXBMr/D114fzGRU29yOlK/Dhll9GLjgH2wss/F90MHEAHHOohXBkkm3M47lSDafX/naN4rEfPXrrwo6rLBz14Gj8qOfvF70/MPPf6IofVRnz+bBdoit/rBrLOvRMlcDvv+DHwX5R+cdpJKP4LRlbHEEGT4iSvVbW60MPK/UR1a25gXljaXHWP6H2XSXzT+34XUauv7tj3+UG265Mxj0HDp2st4MFCzlVT9gpgtmQn3wQ+c3dQcBh0EXBriY0aZLQq1/Xfzajr7NM/IKQnHVhm31/AqM2JkRsMnWIchBHcDMOdQBLAl28f2BZz9SyIvmKSrETE77wZ8CWDKN+gMb7Qw4xMMybORbZaId+c//LJ7FB3+h7gCnmDXnzih2/xRwyaugrXj/s4ENG7ftrUfKoU1E/VQbQF66H8ywxDJf5OPhR58otGEa713v/UAhPeT4MJpGe2PbC7UFbRbabdiK/GImi/24+bW4Qzxbr+0zF5NuWaF9wZJc/LmEmVnAgm1T3DbLZzuIC61bKHP7pxJss3UrSz9j2SHyr58AUx94Vq5YsT74uocxwMd1w8cXMFFp/R04cmLQVmAWLvyID2zAUlvcQ1uiW2rAL89++Hk1NQiRxv1TSvHuC332gmjDEnfg6vGn3uud0QybPvaJlwKfAHvf/d4PiuxwCctK2wvfe+3Hr/80WDKLmZ04hM03A9R9J7lYhtGYsbx2086gbcRSfpSpfpBPl/T0+VHvhdWjUstV5fnCUt41SI+ysB99r6EtxDJ2t+ySblVjbYMP7Qd+Q1t6+RUrCnXDxg+7tu2pW3b2mW1j3D4pMOuTj7qtZQv7bH+40veltU39AB2+vorPNnvP1knIsH8kIp5tT10fxaW1esKuf/XJdaFEIYhAnFR8aGlnefjoMHnmlvHBF9e4h2eWSCw1vhKEGsKWMDt5n+RgQ8RAWuP7pHnNW39SOyuNR6KQRGFNvxzSqshuJxWDOMzk00/YrD78228H5Xfc+0Cwj42mczsj6Pzo57e/+713NpIlHkFKKEkS1zjgn11dxoJOkjtjA+m79B1aiAM7QCqoXLfDhr149JmG7iwi6HP3VnI7n1YO/GWJlrBZB1iqpR+bHnZEdfZsHmyHWO2PCkEo2Q/2snPjw8coN/uxZWxxhDiWUHBlWVutjGr4yMqGHZjB5hJisCcNXSBXgQGbX/jle9//YcFtvrKxsxvC6pv1rzsQsB19KIIOF5uwyd0Q3g4mXLIDy/FsPnANG37y+s8KeSl1cGiJQJCArnz8tm0A8mEJDJfkA+ngyoCNIIz0g0Ge+sKtn2GzWEDUwsf6sYS9HUAjDvYrc20YOnaK/Mu//KsmD8gI1B+N52LUreeIV2l7Axm2vYAxaH9gm9qhoavLHmRlcQcZtl7bZy4mQSboB2Xg2xsT5IV+kN7uAevaDh9Bn9qsoR2sg/SxdT0rP1sbkFcf0QGyzmLKksfVqL/wh1seuv+e+kpDd6YaZt667ZbG9YWuvcCV9TvSYAaeEiwoY+Qdy3tdefizTD9ufa+0vXDfa753LpY2u7Oo7TsJ9tp2B/nAH05uPtBv0j4I8vODH/64Xhw3jf52y822y4jjPg8rV5UXFSZ517irM/D+8uED+4Xaj8V0lA36LGpGP4hn/JGHva2BN03jC209d8vOPnPfvR/52CcK5qOf4Gtf8Ke2fmw9qcb70toGHWF9FV+e3Xu2TgKjLoZse+r6KC6tq8v3+z9fuSqUKASB99DVwwJCEKSg+8UzJfk0LDW+pkP45y8Xzyz32ct7JAwbEgbSGt8nzWPe+pPaWWk8EoUkCiM7E5UCLO/0aVVkXycU/5Trxw60rQ9shxNxMBDGYRz6cTsjtvOJjozuvaYyYYedIWIH5xonLIRunRkA2WH/5mPzaMw8wowy2ym0HTbkBf/ku7rczbTDloREdcigH7Mm8XXl62+7VMolS6Nk2zy4HWKV7QtBmNklQCCCfPFwD3sR2cGfLWOLI2DAEgquPGurlYF4lfrIyoatlnxw7chKl8U+bLIz1GCTtdn1h9ps/esOBGxHH773DWQhB2S51hPEs8s9LZHv4k5tQGhn/UJGkn1MNT1IP6THQNc38EQ8dzsDHfDY/EOvO9tQdbg2WgxYP0MGZnzadPbaLvfV5WYY2OqMZ6SPmlFp21DEDftjAval1d7Y9gKY8S3l1jxbsssSNq7fbb22z1xMggTEPXyiCGUQLGiTJ888P2sTNlnb4SM7A09tRmjrFvTZ94ot77T8bPHqlrO1E9c4AEM/to5Vo/5CflR5WFsQD3vP4Y+ff/rn38qmHftD64FNp9euvb56BB32fe7OFlRZUe+7StoL970W9scE7HDbNNsGW5+i7ML+yIEczKjUj1sfNL++0OrwpYt77pMZds/WCZtPG9/Wvai6izT2TzCLaSsv6hrvAqSL+2AvRN9eppAdlSf7zO0X2bbDt/zY+h322ZUw1XhfWtvseyrKX2HPbJ30YciWqVvucWnDdNr7cUQhCDwf+ffkqdH1SEIl/UqNr+lIFJIEtNhsDNdpje+T5j1v/UntrDQeiUIShSV1disFXNbp06rItjOkHQzcs+SRb1mGnVmjA+mozojVg06XO8i2nXXYYQd8cb7GoMDuwYWZQli2FEZGuPJshy2MKLP2q59cOfiNk5r143bIfPHde3bg5HZso/xr8+Cmc3XY3y75ce2pmyLrkS13mz/rH+TfEgpWH66trVaGGy/sd5SPrGwMVGFXmJwk95PqsrMNXLmWTPBh29oc5g/rXxd/tqOPAYdLRKo9VoYtI/f+vQ+8PdJnWL6nn6hyVr2lhDYvNp+4b0k6S3L65INkwCynnnUjC3mx9QftW1z7gPR2ppQtJ/hZZyr69MOnlijBAUkaz8pJs72x+Q3Toza5s/u0/XWxYcvbPrNlBZnunwqoH1gurPriQmt7WJ2ADIsL14Ys/Gx1xLW7dm9AxNXZshbz5dRf9WVUeWicaoTWXhBJYSSuLcOwNsW+9+P857Pd2mLLv1rvNRdfum2Fz5Zg1cIbh6bAFq1Dvrj2Xly5xT23suKuLV599Qq6bN/Ptls+2e4fxr6Zw7509h50vu3tjwektb5XwkK0qfiDz6aPypN95uLL+hX63K1iUNaoj/iASNQ/Hd10YdhWG8Pel9a2SvsqYfVAbbB10S33uLQqIyqMWnqsBB5C7D/4gZvHB99fv7gylCTUNKXGR7pfvsSlx1FlxWcNj0hNa3yftKzz1p/UzkrjkSgkUVjUeagUUA0tfVoV2XZ6bEfb7g/k/lNsO/dIozNVojoj8KddVugSK/ZZ1GyhsHJx911C5w62YTkHlpigQxtGDNgOW9iMgTA/ufZYWW6HTONiUP7Ue94v2OQdm8z/7Oe/CGZ3oCMLm/Xjdmyj/Gv1uulUry8stZNol3PZ/Fn/wH5LKLh6ra1Who1Xro+s7LCytHpwnbauOB9bm8P8Yf1r6ynst/LdumrzamXYMnLvQz4wiVkc7hcDGovRpD62duD0Suzlh+XNWCaMfQax/A+2233rbD5tHnG/nOV3tv6UY7ctpyg/a17trBNbrlZOmB22TKwfVLaGVpbVgec2v74/e1QGQte/YTM5bb2OshHPLFGqbRrKFwNnnBCOWZfWBnttbXfzZeOhTdc/iVw/Wd+k5WerA3kEyeLWGf1tl6ODeFAfW99H4cr629Zf9Yd97vpC41QjTGqvLUOLG2uDlRX23sqivbD9HYs3ax98jpPOsR+zlqkbKs4RJp1tHVducc+tP+OuLV5tPjWd1ZUkD3F/gqncpCFmV584fTaYfWvri/Ur+o52W5qoPNlnPnxF9TttX8f+0eL6CHWtnPeltS2sfUrqN4tTX923ddEt97i0SWyIOsxESb+sQh5m0vCIsCQYaspx0hrfJ/Vp3vqT2llpPBKFJApDBx2VgqshpE+rIttOj+1gYDmv3XPHLi+ypJz9JzSqMwIfuh0S/ccdNthBJf5dLtXnkAHiIeqD/H30439fjzC0HTa3E6V2hPlJn2sYJWvImEvrHVgSZa/bsY3yr9XrplPbfKEtE/x7rv+a++LiHg6G0Y/1lfUPnocNDCHD2mpl4FmlPoqS7eYpK13Wx7aOqT1JbLb+dWVY+VFlb2XYMnLva/kmCX3762m+3BB64uqo1WnzafOYBKeubvy29eflL3yp5DbGlpM7WI3TZ3Fu5dj7VoYtE+sHGwfXUbJsfuNmvQQHP/zlL4H7rT5rBx7aem2f2TRqI+rXT3/2C1uk9a5BvGB/W02jobU9q9q7EwAAIABJREFUzEeIG2VDlG9UT1R6jYMwTJa9Xy9zETfgL33/WWyXU3/VzqR50fjlhknttWVocWP1RslCfrJqL2w5WrxZ+yKK0/soLM82/7iOK7e45668qN9h+dQ0VhcyhcOD9JkvtP7xtQG+NKXcw8xkkGjux279EpUn+8xXt6z9UbMG7dYRro9c26J+2/eltc1irhT/aFybD1852Lro6opLqzqiwidvnx87OzArovCp2+ZHYjYqH3xGkjEPDKQ1vk+al7z1J7Wz0ngkCkkU1vTLIa2KbDs9bgfjxU9+ptDnwV40qKSYwfHvf/pT4T5OLdXKG9UZ0Th26aouP7YzFEECRC3pUzlhIfadwSbomJkR9sGsj6T/SKueKD9pHIRhnT8788XaBZ9jsAx7QZbaPeTcjm2Uf61eN521z722nUQ7y8WNp7+tHtvhtP5B/qIGSWEyquGjMNlqv4ZZ6rI+dusY7Elis/WvK8PKjyp7K8OWkXsf8rF/GTAZ9YUu3wEB6mM3dE+51HqArQJwqiZm59iDBWw+bR6T4NTVjd+2/pQzg8OWE/xi25A4fbauWDn2vpVhy8T6wcbBdZQsm1870HVl4Lc7M0hnu1k7LGaQxj6LshGHS2EPRPvHk5a9hrp9hdpmbQ/zUZwNUb5RPUnzECbL3kdeMLvxX/713yLrDbCDOHjvwQ6L7XLqb6l50fjlhknttWUY9j6IkpVle2G3mLB4s/ahfDEjNkn5ohyPnjhT6BtF+ToOg3HPo2S7zyxebT41ntWF/MbNirT+iWoDVH65oXsAT1LCzeY3rG7ZPqnOvLZbJ6BPapfXuz5Cvst5X1rbfGVRiq/iysHWRVdXXNokdhzaOrXBEIUHt9Q/sCtJHhiHJGFeGEhrfJ80P3nrT2pnpfFIFJIoTNQpqxRoeaVPqyLbTo/b0bMnu2Fwjo3nsSxEP+h46T5L8EtUZ0T9Zvfww6wc6LfLP9Bp07iVhpjRcvz6swFxiLzZjz2hL0mHLcpP1s4wWXfe+zarXnBCLkhNmxbXew9fW4jndmyj/Gv1uulcHfa33cvJLX8bT6/tSYG2w2n9gwyEDQwh5+xt9xTyaGVUw0fWD1a22q9hlrriOuJJbLb+dcvJyo8qeyvDlhHu232pbr3rvnq4VL+VG9qBF3SDGDx8zamg/luZIN90+bHNp4tTnY1l08Zd2z8+orARJseWU5SfNb09ECXpwFbT2rKyftDnGlqb3DzZ9gIzszSNLwSGdA9I6FP/WjssZiDDPouy0erDkvHb73lA7OAccpEeWwBoXGu7my+NE2dDlG9URtI8hMmy90EA4g8IlZ00rLT+qp6kedH45YZJ7bVlGPY+CJNV7fZCie+wPD/z3EcBw+Bj8WbbHe0Dhcko935cucU9L0WvxavNp8qALvsuiJuJbP1j2w2VFxWiPwmyHCdPR8XTZzgFWT/W9qg82Wdhbbbtk+qhN3bZsfunkuujct+X1jabH81vKaGtR7622NZFV1dc2iR2jB07vCSiEHsPfuvpBbFpEAdxS5mNOGbMsER4SpIvxiF5mAUG0hrfJ7U9b/1J7aw0HolCEoU1/XJIqyJHdULxzG7EjBmA9pQ7nRGolTeqM6Jx7Mmr6NBg/6Ef/eR17f9J3GEaKqfUcOjYKfKHP/xLQU/WA3dLGvzil7+qR5Bofuw/527HNsq/ttPpplPZvtDOJIJzLIHqxndPkrQdTrfzHDUTwfrCyrD3y/WR9YOV7eYlS11xHfEkNkfVUys/quytDJS1Dt7deh7lN9ePSX9bXEfNGrazi+2Ax90KIe5UdGyVAJ2YKaTkzXs/8Gyh/ruzRNx8oF1CenwXr9wYvFu27TlUSA/bcDiFm05/23YOiXSmCp5XWt6qI06WbS/iZkBa4hyEiG5BEIYZ6LbPbFlZ+6Kut+4+WCAn4SO75YS1PQqPUTZk4WeLCfhNCdaofLvPKq2/Ks/1RTm2qKyoMKm9tgy1rXHlhsmqtL3Aew0zlfUT9V6zfkN8i7dgSb6RE5YPN1+l/Lb6ffXIfV5JucbVCeiyfT5dSRKWH/snL1ZD2MOfwtLgviVmMRsPeqPi45nFky2jqDzZZ2HvRttW470wbsqcwlY4KI8DV58oss31kbUlLg/2ubWtXBkqz9YjH4bCfIf0cWlVR1z48pPLEhN6n35ohmyY0UoOLe0sZ7deLM/cMr7oi3t4hjiIm5Qo/NyTS4vKKs5mPicR2BAwkNb4Pmne8taf1M5K45EoJFFY0y+ItCqy2wl1/3m3/7ZqpxshOlQ6mNTKG9UZ0TgILUmDvcJ0BlEpHU0rDzZ/6ZWvCWR97BMvhXY6w2bDJemwxflJ7QmTZX3j/kOtaV0izu3YWhlux9LqddOp/LDQkr9IG9bZv+m2uy0EigZU8I+V49qnuoOTId/YC80dlNn8lesj64cwG2BLlrriOuLW5jBCJwp/Vn5U2VsZ8L0d9NoBHwYaYYNRyPjw8y8Eh/BgVuzqjdsTtbtuHpW8U1xoaGf9uQMeLF/VTxTZiJlp+oGMRcvPnYJoZ0jjedSJnnawjAOHYJ8dUCJ91CDa9acdbFpfhGHUlpXrB/UVwihZFuOw1xJxVgbKwv6JYg+TsnZAhsWMfebaCKIHdRjtsk1j9eIay831Y+NZ28N8hPRRNkT5Ru2ISq9xEIbJcjERZSuIZTwHnj7x4qcK76lq1F/XF/Bp1HJznAa+acd+ufyKFYnqr/VFUnttGdqyTSLL+jtqpmZUe/Hd7/1AoRUse8efDVa3Xrt9HLcM7exX2GJXUagMhFjB8MUvvRKUL2S4p/PauPY6DoP2eVy5Wrm+a9evvu0T3LYr7A8RYN9uQ2P3q/bptvfsHxNoO+JOsXeJXxwEp/Jsntyys8+i3o22T/qpz75c6JMija+8XR+V8760trl2a96ShrZOum0xZNi66OqKS5vUht0bL01M6IH4O7TkHBEIMjDsizhJSULE27Wh+ETspLYzHgnDPDGQ1vg+aZ7y1p/UzkrjkSgkUVjoOFQKpoaYPq2KbDuhvg4GBpG2M6g9b98S4ajOiPUpOp6+zyc/83JZZWhnH0Cu3eha9YIksDMM0BnUZ0k6bHF+ipNlD4DBzBPMRNE0CEHOYQBpP27HNsq/Ng9uOqvHd+0OlLD0CDMwbdybb7+n6LRb2Ol2OC0RCyzdcse9RTJ8hxtYGdXwkfWDlW3zgussdcV1xK3/4TfMtHLtjcKflR9V9lYGys8O3t2BGOrKklXFS+OR3h2Yhw0iXftx6rj94NRvN877P/hhGyXAm/3jwhKAiIi8zlqwrEgO4mMwrx/EsQM9O3sZcXx7LLp2WILN4gbpMWB1SU/Etx+cvA7faX6TYNSWla9dTiLLthewB3Luf+jRgh2Q4auTdjawtQMyLGbsM9dG7BOrH7R3vhOOsQUB0umn1P1uYX+UDVn52cUECGjYpWWEcPm6LUXvnx/88MeF59Wov+oLu2wU72jXDsTD8m/7LvTVAWu7e53UXos/ixsrL0xWNdoLW/7AGLY6wXJXq//UDbcWYRDx3PeGawtOwHX/TMPyWZyGrJ9S/vSMwjBsxfMk5WrzFXad5F3jzqLEnzK7Dx4r8hv6B5bkR77tgXdh+vW+u7Qc7cB9Dz1SpEPjgoRzT0C2K09sObtlZ59FvRvD+qRhM9er8b60trl2a96ThrYeuW0xZNi66OqKS5vUBsT79rMrExN7WFK8Y167UJIQz0pZdvytZ1d68VOK/YxLwjAPDKQ1vk+al7z1J7Wz0ngkCkkU1vRLIq2KHNdJRcW0S/bQIURHZOf+q+v5O6ozYis4Zs79/vd/0D51EEJmUtLBysK1PbFThaJj/e73PRMMjO1MJDzHwNUSEEk6bEn8BFvCZGE/QuTRfjAjCZv4Y+aN+wzx3I5tlH+tXjed6y/3N/KGWUT2A3te/dZ3AtvcZxrP7XBiMOx+kBazZ7792ve8ebQyquEj6wcr281zlrriOuLL1m4u8g18jxltmLGHAQlsj8KflR9V9lYGyskdvNt9mbQcgVEQCV/7xjeLloniuV2+7/rX/e3OvEJ61FHMAkYdsIf4qG74wdZTyLT7VCEe4qB+v/DipwTL1d3PPfc/XNRO4Q8DDHztB/slom6hHroHbrgziDArybUVpMsrX/16kN4O6KED9u3Ye6TIhiQYtWXl84P6N0qWbS9sfmEj8gqbXV+4pzlbOyDDYsY+c220S3JVN7CEP3GAM7dNgZ/t7CZre1Q9jrIhyjfqv6j0GgdhlCwfJnBAFdo9zHB38wpf2RlI1aq/sNPOfoPfcbjKD3/0k8Dnmh+3nke1GZrGhknttWVocZNEVjXaC5QtZrnZD3z/1a+/GsyKdstF4/nwBuzaD+Rg9iDaRpC++G0/9s8Fm1/fdRIMJilXn2z3XpJ3DdI88vi7bHaCa7yT0G6g3Xfza4lvV2fYb5dghxK0pV/4hy8HW6DAt742HeUGn6ncqLppn0XhHH1StH32gzzaeqr6NHTrEdKW8r60tvkwp3qShLZOwm73vWnroqsrLm0S/Rpnw/KJiYlCzADEHoS+mYW4l2QPQzvbcP3yCQVMqD0MSfw1BgykNb5Pmve89Se1s9J4JApJFNb0SyKtiowOlw5uwzpGdsNqdIbQoXJn0aACR3VG3ArudrLCZLrpwn5jYOp2Xm2nz14/8s53FWElSYctiZ9gW5QsDBrjPliqp4cKoGNrZ0PZ2VxuZ8/OFHDThfnM3sdg1y4/9NkJ/9qZQq4NkPfZl7/oS1p0zy7rdGVU6qMo/9v84jorXbb++OoYsGV9os6ycaPwZ+VHlb2VAR2+wftzH/mYqo8MQeyELeVz/ay/3Zm/PgWv//TnhQGbzb/KQB5AWib5gDzUdDZ098YLk4VBq29pJmYl2VmLYelhP/JsdeM6CUZtWfn8oDKjZNn2GIN7lxR07QZhqsS0yrd2IL7FjH3ms/F9zzznqvD+xh837izaqLZObUMIGzBjEx/XhijfqIy4PGi8OFmYpfcf//Fnb/7cm+77p5r110fQQr8l9R94+LEik6IIFM2/DZPaa/FncWNlgaQIe99Vo71AG4U98KI+wA1IP/247yTYCyIJhGuSj/W1zWvYdRIMJinXMPn2PnTFvWs0vjuzOizvIMcsya/p40LYghnZpXzQT3TfO1F1s5R+kdsndQlJX34qeV9G2e3TFXXP1km3HUQ6WxddfMeljdLre/bYLXNLIguVMPzAzeMF31IJQqR/9OZzJ8j77OE9koUNHQNpje+T5jtv/UntrDQeiUIShfUGZJWCqiGlT6sio7Om/7q7M+1s/kEQYZYEZtxgoGGf6bWdeRi3jBgze+wnarNxlR8XYhNqzBZAR8n94B72LFq4bG09220n3O59Y/XBTzoDAX7CwNA+1+ujJ84UVPtk3XLnW+vNSEIC+Pa+B98RdLh1WRg6xbYD/s53va8gGzOxVCfCjdv2FIgAN52NF3WNPKLcfB8MxrEfnT2V2e1wqmwMhH2kBPKIE083bttbUIEZCppOw0p8lKQsVQ/CLHRhmZaWKfzi7u0JO7CUDTMpLHZxrTMDUDY6wHPrqZ1R687Msnm1MlAAN9xyZz3fI/7+IyfqzfjVAgOZ9PCjTxTN6LA64q4xa1iJHZWJEHnFYAYDcm2PwnwFHVi2itlSvg/kHzx6nTdvah+W3GJA7/uoLbbuaToN4UssS7PlZWVhlqO7zFHTJsEo5Ffa3tjB4Y233hWcsq4yra24/uKXv1LU1qitsMMSs6gv9lkYJjUOZlNqebo61c91w8cXZGq6qLZO4yC0fnLxkpWf1R5gF+2nDxO4hxnaeO9pfA2rXX9BQLh/+ljyCu2RXcrpEpdqV1iY1N7nX3ixUORh+yWCmNY9in3vrWq0F8AIloP7PmgrVqzfGiyN1+e+97b6AjNi3VnHmg5LcUtZfqsyYV9cPULcuHJVeXFh3LvGpke/wtdeI89BnyVkubCVEXeN902YDvUtdIW9d2w9d/sTpfSL7EFa0BtGbrv5Kfd9ae2Owpyrz/fbLoVGO3jpZQuK2hk7e9Ptm8el9emLu/f5p5IfbGJnBZZz/TIPMCkq67iy4fOGR5ymNb5PWtZ5609qZ6XxSBSSKKzpxrLWKjJmkOgHxIePPCm3UcAsPHT+sa8Ovmuu2iHYQ6hceWmkA2EJu2Cnb9ZSGjqTyhw4cmKwtBy+27zzgKADrWmT/guOwQ82y4cMlLW7l5zKiwqz9FGWuqLyjGcYyMPnILPi4qb5/LL5Swt1CGXoDj4q0Y1ThYEtHDQCAhp4KUceiBet57sOHC3CahJ5wDrILJVRqi2wG4PRLbsOBHUZWzKg/JLoTjuOJQrtoBd/qGjdhL3uDJ007AKWVSfK6YoV68su8zTsq6ZMPShEMYV23jcDv5o6fbJACAGLIAJ89QvPGtp70ZcP3KtGe4FyQV3H3qvAon2vhekNu49tNrR80Y5lWefjyjXMZt992J3kXQP/I7+ot2gz9CR4n8xy72HfQvxZipmM+ILcwhJo3/6m5epIM12a78s07U5D9uBhQ+TVD64oeWZhqUThN55ZKYOGDWkQ79s0/EiZDY/US6NM8h7f560/DZ/6ZJIoJFFY0y+LWqvIds8fbA7uq9S81/BekkmJQpZdwys7lknTKpMwopA4aFo4YHmzvIkBYiBrDAweNlS+8K70ZhZi1iJJQuI6a1ynoS/v8X3e+tPwqU8miUIShTVNNtVCRcY/4ZhZgr3D7Kec5Tq+RoD30u80kChM38fEMX1cDQyQKCSOqoEjyiCOiAFioBwMtO9RJ0/eOr/qMwufuHWetOteV9NjvnL8zTSNs57mPb7PW39WuCVRSKKwpl8ajb0i25PVLEmIwwt8y6Kyajiop7QXK4nC0vxFfNFfeWGARCGxlxf2qJfYIwaIAcXAtjWT5EfPr66YMPzh82tk65pJNT3WU58xbDr1J+/xfd76s8I6iUIShTX98mjsFdmerKZEoe+UzawaDOop7yVsT6L8zne/X9N1jhgpDyP0W8Pwmz2hHIcwsFwaRrmwHFgOxAAx0BQxcPX2afLqM6XvXYi9CK/ePpXvMI7zaxIDeY/v89afVVtIopANSE02IFqBGntFxqbZOPURp9KBYLr3gbdzJmEjrLNYPo6DG/BtaIewaF1hyEEYMdBfcGiJ1lXfycL0EesJMUAMEAPEQNYYmD51lFy/f4Y8d/8iee25VfK7z60vzDbE9XeeWxU8O7V/hiBu1vZRH+tElhjIe3yft/6sfE2isBGSDlmBoxb0NJWKXAtlxTywk0EMEAPEADFADBADxAAxQAwQA8QAMRCGgbzH93nrD/NLte+TKCRRWNP/OjWVilzthoHy+HImBogBYoAYIAaIAWKAGCAGiAFigBhoSBjIe3yft/6syoJEIYlCEoXEQE1jIKvGlHrYiSIGiAFigBggBogBYoAYIAaIAWIgPQzkTdTlrT8rbJEoJElU0yRRU6nIWTUY1JPeS4++pW+JAWKAGCAGiAFigBggBogBYoAYCMdA3uP7vPVnhQ0ShSQKSRQSAzWNgawaU+oJf6HTN/QNMUAMEAPEADFADBADxAAxQAxUioG8ibq89Vfqv6TpSRSSJKppkqipVOSkFZ7x+HImBogBYoAYIAaIAWKAGCAGiAFigBhojBjIe3yft/6syoxEIYlCEoXEQE1jIKvGlHrY2SIGiAFigBggBogBYoAYIAaIAWIgPQzkTdTlrT8rbJEoJElU0yRRU6nIWTUY1JPeS4++pW+JAWKAGCAGiAFigBggBogBYoAYCMdA3uP7vPVnhQ0ShSQKSRQSAzWNgawaU+oJf6HTN/QNMUAMEAPEADFADBADxAAxQAxUioG8ibq89Vfqv6TpSRSSJKppkqipVOSkFZ7x+HImBogBYoAYIAaIAWKAGCAGiAFigBhojBjIe3yft/6syoxEIYlCEoXEQE1jIKvGlHrY2SIGiAFigBggBogBYoAYIAaIAWIgPQzkTdTlrT8rbJEoJElU0yRRU6nIWTUY1JPeS4++pW+JAWKAGCAGiAFigBggBogBYoAYCMdA3uP7vPVnhQ0ShSQKSRQSAzWNgawaU+oJf6HTN/QNMUAMEAPEADFADBADxAAxQAxUioG8ibq89Vfqv6TpSRSSJKppkqipVOSkFZ7x+HImBogBYoAYIAaIAWKAGCAGiAFigBhojBjIe3yft/6syoxEIYlCEoXEQE1jIKvGlHrY2SIGiAFigBggBogBYoAYIAaIAWIgPQzkTdTlrT8rbJEoJElU0yRRU6nIWTUY1JPeS4++pW+JAWKAGCAGiAFigBggBogBYoAYCMdA3uP7vPVnhQ0ShSQKSRQSAzWNgawaU+oJf6HTN/QNMUAMEAPEADFADBADxAAxQAxUioG8ibq89Vfqv6TpSRSSJKppkqipVOSkFZ7x+HImBogBYoAYIAaIAWKAGCAGiAFigBhojBjIe3yft/6syoxEIYlCEoXEQE1jIKwxbd97qLTtXtck8x7mE95nh5EYIAaIAWKAGCAGiAFigBggBhoqBvIm6vLWn1W5kCgkSVTTREnWFblD35HSafClb3wnC37HVebOQ6bIkC33yeCNd0q/RYdJXkXUyWr4ql33ATLi0Htl8n0/kEn3fk+6X7IotoziyrDaz6uRz2rb1JDkdZ+wRAZvvDuoN52HTW9w5deQfEVb2NEnBogBYoAYIAaIAWKAGKgVDGQ9vnf9lrd+1560fpMojCAl0nI65WbXUGdSkbvXSd+5e2TcDZ8JyCcQUPY77vSnpPeMjaEEIIgqjT/+1lcERBYx4sdINXzVdcy8gr/hd5C0Dc3f1chnQ8tTNe2pW36yUIY9p65pcOVXzbxSlr8toF/oF2KAGCAGiAFigBggBpoeBjIZ30dwRHnrzwrzJAojQJBVIVBPeg1c2hW568hZMvHObxZICyX8fCEIw479x9UjNSxxNe6Gz0m7HgPrxWkKGOk0aJL0mb1d+szeJp0GjPf6oBq+sjLyIAqhX/PZrteQ1PJZy5jpt/iaQp3rOWW114e1nH/mLb13Bn1L3xIDxAAxQAwQA8QAMdBwMZD2+D6u7PPWH2dftZ6TKCRRWNOD7DQrcseBE2XS3d8uEBZKDo458byM2P+UjD31Yr1nE+/6lgR74xncWeKqKROFA1acKvir1/T1XlxWxVfd64JZhBPu+LpMuO0VAdlbrQY1Vk73Ohl76qUgn1j23HHAJV7dVcmnwVisXY0sLonChtt5qzWsMT/EGjFADBADxAAxQAwQAw0HA2mO75OUc976k9hYjTgkChvZALkahd6UZKRWkbvXyYgDTxWILZCEgzbeIR36jCgifkAEDd32YFE8d6krSaFzL54k5E+j91X3Ohl19TPnicI6EoXltEdJsFKOXKZpOJ1AlgXLghggBogBYoAYIAaIAWLAxUBq4/uEvFDe+l1/pPWbRGFCQKRVAJSbbuOXVkXGrMCJd75aIAAHrDpTRBC65Tp8z2OFuJjF1q7noEL8Rk9+VakO4SAXnZXZY9Kygn+sLxu9ryxReM9r0qHfmNrMZ5UwYcveXpMoTLfdtL7mNX1NDBADxAAxQAwQA8QAMdBQMJDW+D5p/vLWn9TOSuORKEx5QFtpATF9ZY1yWhUZ++npsmMsIf1/7Z15cxzHeYc/RkRQPABeIAACxEGCAAGCBEnx0kFSokWdoWPqJE3akSnJuiXSkkwplHXZkRP5yFF2ObeTuBw7qSRVqRyVSlKVpFL+NpP6DdSj3sHM7Oxipufo54+t2WOmj/d9unf6N293pwk+xn+a3mpEsPiU0yTxS+sUDi0/HOx69K1wd1ft8Dp8z1dWRSya9OPH9aP7w/N1ndkddvT8a8HGmeOJwtSGySPB4IH7g6GlB1LrMrBzNvxdO85umL4jMZ1fGxwNNi/cF+icjTPHks+x29xn58sG01/9/chGow9dD3cjVjqbZu+KNoIpylYqv9IeXDiXvibk4GgwtHR/MPrQG5EPZMPB/fdG5YnbPe2zhGXZVpuUSCgWC0sf/SrYeuyxsAyhTa3de4uq56a9p1bqqZ2dB0fDumpNv/EL3wzrNHL+5cTNczbtORmMPfjGZ7txvx9MXPxWsO3YY0Hamorxem+avTPYed/zkd10/fY7LwViKH5u0mfZa/udl6PrVd6tRy5EAjtC4dr6xSSb8x02hQEYgAEYgAEYgAEYqDsDZY3v89a76vzzlnOt5yEU2qIF73MN4tcKncvry2rIG6aORqJWXPhLq5+mId++azFYPzLXYWdbFJp96a8DfU7bIEXikjb7SMtDYtDYIzeishlx0j7ufe5PgoGdnWXY/fTn06MlhiWlb68hmLaWoi2Iqg7ddnAe2LEnElztMtrv7Z2gC7GVvU7gR8nrBG45+FCqD1S2A7/1n6HAl2SnpO/sXYztutnv7Snphdfzw18FW++4uKpOtm1Vbvljz7U/SuVHrMs2SXXUd6rn/rf/JfV61VcCZBYXEgSVj20b817fS7wdPv2b0e9sZsINbRqPfA8bMAADMAADMAADMNAuBsoa3+flpOr885ZzrechFCIOpg761wpXHa4vqyGv2zbVIbooGq7f3YptUcgIIt2OElPi9tV05n2v/k0koGSlIcFFYqdJY8vBB6Pr9n79z1YLOYOjwb6Xfxado+uTNuKwBRxb+DL5xI9rEQqz6mf/tspW9vRf1SO2TuCWw78e1dNOJ+l9GF2Yow9Zi1CYlG/Sd1n1TDpf39lCoaJk0wTq+PXDZ5+J2DE+7YVjRbma6+zj8OlnutpeYvniu/8RnYdQ2K6bP5sH3uNbGIABGIABGIABGIABm4Gyxvd2Hlnvq84/q2xF/oZQmGOQX6TBScttR1dWQ1ZE1Pz1v4/ECgkpijLbdseXAomIvfg5SWBZ+uD/gm3HHw9FrNsnDgZjj7zZkVco8Azt6shHwpwt6KgKHgQbAAAgAElEQVR8mlo7sHNvKArGN1Wx10pUhGE0lfr9/101xVmioPnd5KGpqB31DDd4+VFUhlwCzuBosHHmxEr5Lv1udO3Iua+H06Q17die5lyIrTKEQvl1/zf/NSqHBCmtl6ipsBI1txx+tGNtyrTIyg67bB4Jp+yqLqrr/jf/KUw/jI5bfjj8Tr+tH1uM7Fl0PY3PdJx55keBfLNl+dFAArHKGq+3ztO09w27l8Mo2K1Hf6PD/xLr7Knl8fagukn00/WKoNW0a7u96HpNT7btJD/b5dR7RR9u2H0ouH3iULDj7quJkYa5OKOf77C1bXfeu/1Pwt7YGwZgAAZgAAZgAAb6Z6Cs8X1en1Sdf95yrvU8hEIGkK0eQJbZkCXuxIUN83nfKz8LRh94NdAacRJRshpqXBSae/3vQmEqfs32k09G+YURgbuXo3TDNROt6ZqTlz5JzFfTlk0Zddx+8tJKGhLPvv7n0W+b505HaascSVF2k5d+t+Oc27ZMhGKp0pXQ2W3dxnj9OjczeaAjbXNuEbbS9Oy0nYc7ppQnCKYqx4bdhyM7yQ95190L6xDLO81GRdcz9MlHvwq2HHo40a62fyXiaXqvsbk5Sig16ysqPdv/dmRoKALuPbXqekXczn/jHyPbxQU+Mat0w7J++KtwCr7J2xxXoh4/30RI58bTMedy7P8GDNthOxiAARiAARiAARiAgToyUOb4Pk99q84/TxmLOAehEKFw1YC+CLDqkkbZDVlTSuORdkbsMEcJJ4rmk8CUZBdbFEoTWXRdGLWVIrTYmzvYkYJJ+dmCzNzrfxtNmbbTGDn3QkdZ49GIqtuBb/1Px+YWdkSY1lrsJpDGy2bnnyb+FGGrTKFw9+Eoai3LjhLGFCm3bnhvh53idVr1OSYUxqc9m/OLrqf8lbozt1Umnbfrws3UOmnTlYjr2LRt2cS8TD3iR9vHE196L8pH19nTnofPXot+i6dhl0FlSWMlfh2fudmFARiAARiAARiAARiAgWYzUPb4vhsfVeffrXxF/Y5QiFCYOiAvCrIq03HRkBUppWg4O1rKiCnxo3aZlVBl28QWhTKnskrQsaL+IoEk9v3Iuec70rfz0nt7wxGJnAPbZ8Lz7e+1TqEpp9Y+NJFk01/5vXAKqOoViprW9FHtymzqG9azx7Zli0hR3WJprNlWSs8SxhQRaIt19hRs1UWRoZouHLdh358z8rbTLLyemuqbEOWnPO31NlciJDs3urHLJdY1xT70f8o6lfb58fe2j22hcPP82Ygdm8n49fosAXrh5r9F56exknQt3zX7xhD/4T8YgAEYgAEYgAEY8JsBF+P7LMaqzj+rbEX+hlAYEyKKNC5pVd+JuW7IioyScDH+pVuRuGbEM3OMR3bZopCmHWdtijL+xXdXCySW+KQ80qaXGh613t6B91amb4ZC2dj+UAjrmDr8/v9Gay3akYI77roaaPqnqUskCA6OBlNXfhh+HxcQTb7djraIlCb+rNlWXYRCiYhaw8/Uzxxlr+mrPwh2nLoUrrvXrS6pv1u+iouU9jWF1zNjKviKUPj5dN6Ft/852PPsT4I9z/7x6ldsR+Qk1rT24M57nw8kBE5d/jRMa+71XwT731pZm9HY1BYKe6mv7JTYDujLixO0sSW2hAEYgAEYgAEYgAEYqCEDrsf39hhN76vOP16esj4jFNYQ/rKc7WO6VTfkDZNHgpln/rBDeJJAJLHN+MMWSTIjCjePBIlimiU+SYTRBiYm7aSjLQzFxSp7WrLZbEKij9LVudqcQkKmiTA0U4ztqMP4lOSkMiR9l1i3WPtcs62UnmWveP1VLgmp01/9gw6fGXHLHCWmmY1AkuqS+l2XvM11Lupp8rJ5MPXLe7QFXbFhb1jSLY00oTBkKrZRjymrOeZhxZzLsfoHNvgAH8AADMAADMAADMAADBTBQNXj+6rzL8KGedJAKIwJEXmMxjnN6eTq0pCN2GbEk61HLkRi3ppFIUt8UvpJUV42s7YwFBfKtGuzKWO4TpzS/my6sy1iTjz+4Yp4+FmkmkQic529yYWdb7f3ecSfNdsqh1Boyrl57p5A9TSiqKmffRx96I3Ij+a6zKPlq7jt7etc1tPmQXVbvPVfgSIAFd2a9RIP2tBH5db07aS1OhWJqV2eJf4pIlN1NvZLEwq7RdUqvzys2PbkfXP6bHyFr2AABmAABmAABmAABtIYqHp8X3X+aXYp+nuEQoTC3oSOhtmrrIasddKijRtiaw4mNtLB0Y5oKzsSa82ikCXmSYSx004qi71xRChWfTb1WOeuH9sfiTl7nvlxx/p1trCjaDoj+CiCcdvxx6PP24491hdTecSfNduqB6HQtp12Jx5aejDY/cTHUT1Vf9kvbZMa+/rofQ2Fwg4eJPzu2NOz/8YeebPDLiNfeClxoxd7Z2ubp178qohQM809D++R7RvWd1FubpBhAAZgAAZgAAZgAAZgoJOBssb3ee1cdf55y7nW8xAKGTz2LAqsFTqX15fSkMN17D6fThyt05fFkiUQxcWNXkSSRDEtJpxo+nCWje2owYV3/r1zTcTB0WDfq38Tij76beuxxyIBaGjp/ihdW1zSLrkTF78VnhcXHrPKEf8tsW4xm67ZVkrP8kVY3tGVNRrj5Un7vGHqaMcOvXZ0aNo10ffxvC2RNjpHG87suzuyux3JaZ9j3qfaLZ5XSj3ttSnjbJo8Mo+Do2HEoK7VK2szndEHXovq1SEU7jkRfb8ivi5HrMXzjkdAdhPG49fzufNmC3tgDxiAARiAARiAARiAgaYwUMr4PjbmzLJF1flnla3I3xAKe4CiSMOTlpvOuKyGbG+mEO7SunNvqrAhX9s7CktMGVp6IDq/CFHIFv+yhBatL2jvzqyNOySc2TzaYo4Rf1btRGuJUOYcHfNMG7Xzst/bgpfER/s3874IW2UJhYP7zwbKe/zCNzMjM/c+9yeRsNWTUBWzm82BqaOOZdfTzkvv7UjJ0IeDY4n21/qNux55K9j95LfDzUpu2zq5Irxau3EPLZ1PvNYWl8WKLRSKS3sn4yyxW9GKNnM92Z/+PtE3cR747Ob/CTtjZxiAARiAARiAARjojYGyxvd5/VB1/nnLudbzEAoZOLZ64FhWQ7an3kq00I6uG2eOJ9pycP+9HRFocdGtCFEoHhWmPDbOnOgoj0Qe7WRriyxmwxK7I7HLY86d+dqPVwmKw6d/syMtnRvf0dlOt9t7W6DUunbaICV+jV22MiLtxh58ParT0gf/l7jD8eDiF6Lp2arz5oX7VpUzXu7os4RCS1STQBcXanVu2fWMyvNZ/xcXsqeu/rAz0nTzSOgP7YZsmIiiUWM7RUtoFGt2HlrDcO71v42uVRq2UKhzbaFYv2vncE3xt9MZPvtMRxo6D6Gwt5sr2568x3YwAAMwAAMwAAMwAANNYqCs8X1eG1Sdf95yrvU8hEKEwo6B+FqBqtv1pTXkwdFg+iu/t0q02PfKz4KRcy8E208+HSjyad9rv1x1TrhJiMVdIaLQ5pGOacJGzNFabrsuvBNODVakoflex7RNRyTyaBMK+9wdd19dxYnW5rPP0fvNc6dXnZeXCTsqUmlpU43Jpz4Jxh65EQlGhdjKiuqLTz3eMH3HqjrtfvqTYOvRLwbbTz4ZSDC16yzxS9Fweeuo8+zoPaWlnYKnLn8apm/SKbueJh/7aO94rXLJNooelDgnVuL82FOu477TueO/8W4w+sCrweTT3+2wmbFfXChM4u7Ab/1nIPFW0/vnb/xDYjoIhdzc2hzzHh5gAAZgAAZgAAZgoL0MlDa+t8bnWfxUnX9W2Yr8DaEwJxBFGp203HVcZTZkRbztfeGnieKFEUPix3BKbWyq7+b5s1EaYZRcLIrK5sWOukoSSCToxfNM+ixRKFXgiq15KNFHuxrb5dD7+HRRRTFq/bj4eXk/x6MiTbltmxRiKyuqT3XTBi52GXfcdSWXDcOIw6mjHdfa6aS9TxIjVVet82iucVFPk1d0lN8vf5qr7nZZw+sVVRgTUY3/zFG2lvBoPseFQqUjzg6899/ROeZc+6joXVtsTWoHUZ3o3yOmsIm7/x1sja1hAAZgAAZgAAZgoBwGyhzf5/FZ1fnnKWMR5yAUMpBs9UDSRUNWZJW9vpotapj3sy/9VZA0zVeNeMPkkUAim86dfemv0wU8Tc+89/lIRLE3F7E7A6W39/k/jc4zZdBx4e1/DrYsP9rV54qeM9fZQp2dj97vevRz4UfTVeO/9/p5YOdcMH31B1HeKoM9xbgQWyka9LM8JPZpWmy8nBtnjgVav9HYwD5K8JJge9vW3auui6eT9lkRg/te+XlH+rb45qqeSeUTz4vv/ntH2Uz9tTZjGseaQq3oQ9nHnG+O4lF10kYw5rvRh95ItN/A9plg6svJguXE4x+G7WP7nZeidNLWeUyqG9+Vc8OGXbErDMAADMAADMAADMCACwZcjO+z6lF1/lllK/I3hEKEwsTBepGQVZmWy4asqbiagqmovvB119Vgy6GHg/Uj85XYeGDnbLhO4e27FsP1E9ePLVZSjn78r7XpNBVVG2AkrVXYT5r9XKMybJw8EtpRaz7KlklrCvaTtq5RVKby0KvIdPstj33d7eNLUb0l8IVlzNNfDo6GoqBsJXFQPrTTzftegqFsLm6Vf5Uc5C0z53GDDAMwAAMwAAMwAAMwAAMlMTA4GoTj+8On+hpfFOEXl/pCEeXtNw2EwjwDX86prCH2C7a5bm75VNiZ3DbUubOv+Z1jSZ04baaxbYY2QZuAARiAARiAARiAARiAARioGwPrhlaEQo3xqyobQqHjgb4vBq8KaF/z3XvweCgUrt+6egddX21CvfnThwEYgAEYgAEYgAEYgAEYgAEYaBIDGtNLN5o9eAKhsGS9jojCkg3cpIbXxrJOLx4NO5NNw/1vstFGu1AnbgpgAAZgAAZgAAZgAAZgAAZgAAaawsCm4clwbK8xflVl9iXADaEQobCyRuaicY/vOxh2Jlt3zba6ni5sSR7cRMAADMAADMAADMAADMAADMAADFTBgMb0Euo0xq8if+WJUOhYQPPF4FUB7Wu+Oyfnw8Y8MrNQWWfiq+2pNzcQMAADMAADMAADMAADMAADMAADRTAwMr0Yju2HJ/dXNrb3RbciotCxIFpEAyGN/B3t4OhM2JlMLRyprDPBX/n9ha2wFQzAAAzAAAzAAAzAAAzAAAzAQJyByYUj4dheY/z4b64+IxQ6FtB8MbgrgMlnpWMdGBoLOxPxxc7H/NnQLmAABmAABmAABmAABmAABmAABprFgNnxWOP6dUNjCIUl63VEFJZsYDqg6jsg8+RhaHRPZR0KHFTPAT7ABzAAAzAAAzAAAzAAAzAAAzDQPAaGxvaszBTcf7jSMb0vAW4IhQiFlTY0F530jt0r6xSOz1a36KmLepJH8/7w8Bk+gwEYgAEYgAEYgAEYgAEYgIFsBswmpRrbV2krhELHApovBq8Sal/zXr9tIpp+vG5oV6Udi68+oN7Zf3zYB/vAAAzAAAzAAAzAAAzAAAzAwGoGBoZ2ReP59VvHKx3P+6JbEVHoWBCl4a9u+C5sMjG3HHYuOyarfQLhoq7kUQ1j2B27wwAMwAAMwAAMwAAMwAAMwECxDAxPrswQnJg7VKlIKL8iFDoW0HwxOJ1GsZ1GXnua3Y/3HjxeeeeSt8ycVw0r2B27wwAMwAAMwAAMwAAMwAAMwEANGBgcDfYePBEKdFXudmxY8EW3IqLQsSBqAOPovtMxm5oQVeje9vCOzWEABmAABmAABmAABmAABmAABnphwEQTTlW8iYkpM0KhYwHNF4MbwDi67yBNVOHc4VNB1Wsb4H/3/sfm2BwGYAAGYAAGYAAGYAAGYAAGmsGAxuwau0srqkM0objxRbciotCxIEqnVG2nZHZLYgfkav1AO8D+MAADMAADMAADMAADMAADMAADaQxEY/d9B2uzfBhCoWMBzReDpzUCvnfTQWoH5LnllacS28b31abDwf9u/I+dsTMMwAAMwAAMwAAMwAAMwAAM1JuBbRP7wug9jd3rNBvQF92KiELHgigdUvUdkgRC08A3DU8hFtIGYAAGYAAGYAAGYAAGYAAGYAAGYKAGDGiMbsbrdQvuMeVqu66DUFiDhtB2yOpYv9E9B8LOZ8/S8Vo9oaijrShT9eI2PsAHMAADMAADMAADMAADMAADbWdA0YMao0uQ05i9bvVFKHQsoPli8LqB7nN5ds8fDjug6cWjwbqhXbXrhHz2DXXnJggGYAAGYAAGYAAGYAAGYAAG/GFgYGhXoLG5tCGN1evoe190KyIKHQuidYTd1zINDI1FHZE6pDqtfeCrT6i3PzcC+BpfwwAMwAAMwAAMwAAMwAAMiAGNxY1IuBLIM4ZQWKFWhVBYofHpFKvvFAe2fP7UQiHOrFlYvU9oF/gABmAABmAABmAABmAABmAABvxgQGNwM91YIqHG6HX1PRGFjgU0XwxeV+B9LpciC800ZHFYtwVTffYNdffj5gA/42cYgAEYgAEYgAEYgAEY8I8Be6NRjcnXDdUzktCw6YtuRUShY0HUAMaxfp2g2eBEjX989iBTkWkbtX2SRf9Rv/4Dn+ATGIABGIABGIABGIABGMjHgKYaa8xthLc6blyS5EtT3qTf2vQdQiFiCGKIxYCeaMwtnwo7rLnDp4Idk/PYx7JPmzo/6pLvTxw7YScYgAEYgAEYgAEYgAEYgIGiGBienA801pboprF3k2b0IRQ6Fgd8MXhRjYt0yuuo12+bCMb3ff50Y+/B46FgyM7I5dkcnrEtDMAADMAADMAADMAADMAADLSTAe1oLIFQY2uj/WjMrbF3k3xuyt6kMvdTViIKHQui/TiJa6rpLAdHZ4LJhSNRR6ZOQeHRQ6N7gtuGRhvVocFQNQxhd+wOAzAAAzAAAzAAAzAAAzDgIwMaMw+N7QnGZw91jKmnFo4EGms30SYIhY4FNF8M3sTG4HuZ1YlNzC13dG7iVR3cyMxCsHXXbLhbstZZQEDkJsD39kL9aQMwAAMwAAMwAAMwAAMw4A8DGgNrLKzdizU21hhZY2Wj8ZjjxNyhxgqEhmdTF/O5rUciCh0Lom0FyYd6KSx6x+75VVGGprPgeOeqPwNsgk1gAAZgAAZgAAZgAAZgAAZgwE8GJBhqDN20KcZp+obhOO33tnyPUIhQ2MiQ36ob4MDQWPg0ZOfkfLie4fTi0XC9BbMRiulAOPr5h4jf8TsMwAAMwAAMwAAMwAAMwIAPDGgMrLUHNSbWuoNai1Cz8rQuYdXj9qLzN/4sOt26pYdQiFDYusZbt0ZGefwJu8fX+BoGYAAGYAAGYAAGYAAGYAAG2skAQqFjAc0Xg9NhtLPDwK/4FQZgAAZgAAZgAAZgAAZgAAZgAAbay4AvuhURhY4FUTqN9nYa+BbfwgAMwAAMwAAMwAAMwAAMwAAMwEA7GUAodCyg+WJwOox2dhj4Fb/CAAzAAAzAAAzAAAzAAAzAAAzAQHsZ8EW3IqLQsSBKp9HeTgPf4lsYgAEYgAEYgAEYgAEYgAEYgAEYaCcDCIWOBTRfDE6H0c4OA7/iVxiAARiAARiAARiAARiAARiAARhoLwO+6FZEFDoWROk02ttp4Ft8CwMwAAMwAAMwAAMwAAMwAAMwAAPtZACh0LGA5ovB6TDa2WHgV/wKAzAAAzAAAzAAAzAAAzAAAzAAA+1lwBfdiohCx4IonUZ7Ow18i29hAAZgAAZgAAZgAAZgAAZgAAZgoJ0MIBQ6FtB8MTgdRjs7DPyKX2EABmAABmAABmAABmAABmAABmCgvQz4olsRUehYEKXTaG+ngW/xLQzAAAzAAAzAAAzAAAzAAAzAAAy0kwGEQscCmi8Gp8NoZ4eBX/ErDMAADMAADMAADMAADMAADMAADLSXAV90KyIKHQuidBrt7TTwLb6FARiAARiAARiAARiAARiAARiAgXYygFDoWEDzxeB0GO3sMPArfoUBGIABGIABGIABGIABGIABGICB9jLgi25FRKFjQZROo72dBr7FtzAAAzAAAzAAAzAAAzAAAzAAAzDQTgYQCh0LaL4YnA6jnR0GfsWvMAADMAADMAADMAADMAADMAADMNBeBnzRrYgodCyI0mm0t9PAt/gWBmAABmAABmAABmAABmAABmAABtrJAEKhYwHNF4PTYbSzw8Cv+BUGYAAGYAAGYAAGYAAGYAAGYAAG2suAL7oVEYWOBVE6jfZ2GvgW38IADMAADMAADMAADMAADMAADMBAOxlAKHQsoPlicDqMdnYY+BW/wgAMwAAMwAAMwAAMwAAMwAAMwEB7GfBFtyKi0LEgSqfR3k4D3+JbGIABGIABGIABGIABGIABGIABGGgnAwiFjgU0XwxOh9HODgO/4lcYgAEYgAEYgAEYgAEYgAEYgAEYaC8DvuhWRBQ6FkTpNNrbaeBbfAsDMAADMAADMAADMAADMAADMAAD7WQAodCxgOaLwekw6t1h7Jo9FEwfOBGcefiJ1NeJcxfCc3Qu/qy3P/EP/oEBGIABGIABGIABGPCBgZkDxwO9fKgrdaRNV8WAL7oVEYWOBdGqgCbf9M5028R8cOHSc8H1978XvPPJH/b0eunmx8H5i1eCTcOT/CnTlmAABmAABmAABlIZWL77fPgQ8sqLb4XH5bvuD3QP0u0eTefoXD3EtK/tdh2/p9/7YRts0zYG1L+YcYzet61+1Ic2WxcGEAod3+j5YvC6AE45VjrbM488Gf2pmj/Xfo4SGXUDj135E4OB9jIwemYpmP3yqWDT9HTXtj71pWPhuTo/66Xz8qQHV+3lCt+237cnz13IfBh5/uLVxAeOegipB5lp9yW699AsBxhqP0P4GB9nMWCLhKa/QCyEmSxm+K1/PnzRrYgodCyI0ij7b5RF2k4331defDO6+b7xwaeBbtR7mU68cMeZ4MLlzht43dAXWU7Sqgcv+AE/LL1+X/CFX345fJ39i6eCLYuzqW19//Ono3PNNd2OSn/9yHhqmjAIgzDQPAaShL5r128FV198M3yZAb2O19641XEPovuRl29+HN2n6BxzndKwr9W9BzMbmscHbRqfFcFAkkho+gfEQhgrgjHS6OQIodCxgOaLwWlonQ2tKnvoZtv8iT7xtVfXdIOtKUFKw6T3+DOvMNh33H9UxRH51qM9l+0HWyQ0gl+WWHjs44d7FgqV7snvXUAspO/g/6NFDNj3Brrv0P2C3V/psx5SmvsHRQjqO4mE9nIoSRGHOs++l+Hew4//I5sf3uNzWyRU0IPpS+z3iIVwQl9RLAO+6FZEFLbohpROIF8nYN+UazpQUXazowuLTLeo8pFOPj6wE3ayGUgSCbuJhZqibM7p9bh8k3WFbPvznvbYVAbspU10f5BVD3uwr8hCvcyAv9sgn3sP2kgWW/zWXj46+o3rtwLNdDL9ht7bkcfd+hE4aS8n+LZ43yIUOhbQfDE4jbX4xtqLTfUE3vyJSjDs5do859rRA8orzzWcUy0T2B/7pzGQJRIaATAtslDrDu44Nt/1lZRH1rTmtLIW8f3Wpdngnp88Hpz98yeDe//y6WDj1BR9mON7oSL8SBrV92maBmwiAnVfkMcn9qDf3KfkHdybew/lWfUU5OGpxeDtb/8weOO93wm+8eH3g2evvxesGxzLZYM8duKc6vnGB9X7wO4vJAiq3Wu3Y9N36L2+Qyys3le0l/b5wBfdiohCBgFe3byZaTov3/x2KfXWn7IJ9+8WQcAfR/v+OPBpe3yaJOAZcTB+TBML8/IQX9Nw+uLxUvqnrPJowxW7Xud+cTnYNNN905asNPmtPe0BX/bmS3sQ38tDQzs6sJd7CPshaF5xsQyf3jY4Grzw9keRWCHR4rVb3w0GhhAKy7A3afbWLttiL7t/MSKh6hYXCvUdYqGfjLSF9brWA6HQsYDmi8HrCrwP5XJ1I21PN/LBrtSRm5C2MbD3yp0dopktoKW9l1jY7+7Fijy001X+rmy6fmwiXBvRzl/vJRRunCai0JUfyKdd/aiJ8NMgvhffmoeNeuCo971cayKH8kYw9pJ23nNPP/R4h0hohEIiCtvFd14eOK94v6eJhLJ1klCo7xELi/cDbPttU190KyIKHQuidCzVdSzmz1U34GX6QX/IJvRfa4SUmRdpV8cTtm+v7SX62cLZye9/MUiK+jv7087z+hX4qhIKh08sBPf9/HJUV4mD5jNCYXv5pu8q37dm9oIeHLqyt3lIqbxd5Wnno4exN3/7D6L7H3MfpIhChMLymbN9wfv22tu0KzuS0Pg7TSjU73Gx0FzDsb2s4NvyfItQ6FhA88XgNNryGm0325on/C6etpsn+y4HCd3qz+/VsYftm2X75XfOR+KZRML1I+NBPMpQ4p7WErTFQm1i0o+vqxIKF144E9Xznp88FtZzz6WVKcgIhc1ith/uuKY8H5vBvMt7ACMUlrW0ShYvmnKstQhNvY+efjDakRmhsDzOsnzCb+20u9ZX1zgmKeI4SygUD7pG15axRju8tZM3/JrsV190KyIKHQuiNLjkBufCLi6f8JudlXtZY8iFDcijOv6wfXNsb4RBrRWo9/JdklCo7yUW6rd+RUKlUbVQuPDSmeC2odGwnnPX7g7FQ4TC5vBK31I/X7m83zD+N0JhFRGFx848HImEz954L7CFQ4TC+vFpmOHYLt90Ewrxd7v8jT+r8ydCoWMBzReD06ira9Qub9yrvGGHseoYw/bttX2aUFiEz6sSCrcs7Qt23nWgIwoSobC9DBfBKmnk48Pcb7iYwWB8orwU0edaKNw8sifc5Vh5a+rxzqnFUCh87sZKhCFCYT5mjB85Yq9+GUAohJ1+2eG63tjxRbciotCxIEpD7K0hFmkvc+PuYioQQmF1fi6SGdLCj4aBNgqFpm72EaEQ5m0eeN8fD+Ye4OWbH8sgcQ8AAA9GSURBVHcI8WXaU1OOJda5uMex62EESuV99tGnwvoSUdgfN7ZdeY8Ne2UAoRBmemWG8/tjBqHQsYDmi8FpkP01yCLs5lIoNDfOrm/Yi7ATaVTHKLavr+0RCuvrG9oNvqkbA9rITMKZXrtmD5UuFioPk5/LTdRml++K8n3l3e8EA0NjCIWOx091Y5/yVNcfIxRWZ3u498v2vuhWRBTyh176DWxdOk+zbuC1N26VXueqnuzXxdaUw68/TB/8jVAI0z5wTh2L4/zGB5+GIpqLjQPM/Y3ydOXDdUNjwY33V+qoKcfTC8eivIkoLI4jV/4kn+b7DKGw+T6kHTbDhwiFjgU0XwxOB1BdB2A/4U/aLawo39hP9l1EEhRVbtKpjk1sX3/bIxTW30e0I3xUJwa0mZmi/K6//71IQCujfLqfUR7Ky+UGavf++tNRNOHFr7zYUUeEQtpiGayTZjZXCIXZ9oEf7FMUA77oVkQUOhZEiwKUdPrr7Fw84TeDg2vXy49chIP+OMBu2K1XBhAKYaZXZjjfb2bsh4Ynz13oENKKZMOshyihcNvEfGn52GVWPm9/5/dDofAbH34/WL9tZXd4c44tFL7yzncCRR+a3zj63S7wf3n+Rygsz7Zwi21tBhAKHQtovhjchoz37jsd+4a6jGg/VwMD2HHPDjb32+YIhX77n/aP//thwKyNrIi/MmYy2NGErnZYlgh46fkbUTThszfeC7RW4YET90WvxWNngjc//EF4jgTF5TvPB8t3nw+GpxYRDB2Pr/rhlmuq7e/MUgK9rje6FqHQzLpysVQCfFXLF/Zfu/190a2IKOQP26ubNt1UK9LPTAcqUiwM035jJW2tUUhHvPaOGBtiw7owgFAIi3VhkXI0h0VF3ul+Q6/Hn3ml8PsCs3Gay2hCCYXP3XgvqpepX57jk9deK9wGtIfmtAd8lc9X5gFDrxsirkUoNIEUyhs/5fMTdvLXTgiFjgU0XwxOp1J9pyJx0ExB1lP+Xp/YpfnQvmHXn3XaeXxfPQP4AB/0ygBCIcz0ygznw4wYMNFBEtKKut9QuiYCSOn2KiishU0JhV9/64O+hMLHvvoS90aOx1dr8TXXVtOHIRRWY3d4x+55GfBFtyKikD9sL2/abLFQN9lXXnwzWL7r/r6mBimSUJEC5ml6mWsR5e3AOI8/OxgoloGihML1I+PBye9dCL7wyy8HS6/fF/a/O47Nh5/1nV7KS/4bPbMUnP2Lp8LX+IOHnfTVc9fuDstw7heXg43TU07yhNViWcWe9bKn7hE0y0D3CHo4WcQ6gkrDbGCitJWHS79v2jkd7Ng9n/raNjEXvHbrk7DOWsNwx+T+8NyBrZ1rGbosM3nVq13gj3R/9CsUyqa6tp+oQCIK0/0Bq9gmzgBCoWMBzReDx0Hjc3Wdj260zZ+xEfnMUcKhXt2mJuv3a59NN9a1LncchJ3q2MH2/tm+KKEwno7EwiShUMKgEQ51vPtHF50IAQiF/rFNf1a+z3WvYO4vdM+wFmFP19r3Hd3uU6rwb8dmJu9+J1g3yGYmVfiBPMtv22XY2IxNXEYKIxQ2k5Uy+CPN7iz4olsRUehYEKXxdW98rm2k6Tv2tGFzM69j1p+0IgfNE32dSyRh/XzrmiXyay8DcYFP4l4//o4LgBIBTYShEQbjn/X9sY8f7iu/XsuIUNhehntlgfOLZUGbeZj7Cwl9/dg3LhIqzX7SKfsaex3D1259Nxhg1+Na+qlsDki/vz4EobA/u8EbdnPFAEKhYwHNF4O7Aph8eu8sdQOutQUlDpppQklCoc6zpxprvUPWJOzd3jCKzZrEQFwo1LTgfsuvKEIjCuY5nv3pU8GWxdm+8+ulnNNPnFiZevxzph73YjfOpT/Lw4BmHRix8MKl53pq07r30DXR9Zd7uz5P+Yo6R0LhlRffCsv6yjtEFBZlV9Lxo59BKPTDz7Tn5vrZF92KiELHgiidQjM6hbQ/aQmCdhShztPNO35thl/xE37ql4F4JKCi/rTeYL/p5RULXYqE/daF62hXMJCfAVsszDsNWfcZ9nRjljnJb2/YxFZNYyBtDFJmPZh6TDspk6+2pY1Q6FhA88XgbWsoba1P/E9aN+nnL16JnuQz1Zg/1LayT72S2ZYoKNHOjgDURiN3fPRI19f8c/ckiordxEJEwmRfwCh2aToDcbEwa4MT/YZICPNNZ57y52c4PgZxYTuEwvz+ceEP8qi3P3zRrYgodCyI0vDr3fCNf+w/aS0U/tLNjyOR8Nr1W103OTHpcGyGv/ETfsrDQDyq0BYNu72XKJiUR5pYiEgIk0m88F17uLDFQs1U0HrJcf/qO3sWA5GE7fF/3Nd8xreGAXsMYr4r+4hQCH9lM9am9BEKHQtovhi8TY2kzXUxf9L2U3xFEZ6/eJWpxo77hjZzRt2ad2M2ffF4R1RhN4HQ/J61GUlcLEQkbB4XtGV81g8D2gTNrDmoo9b123/0dCgamjX+zO913bikn3pzDe0FBtIZMGMQlw8GzIML5Y1v0n2DbbCNGPBFtyKiENGDP4QEBsyftLlB1+YmbFjCnwM3CDAgBrTj8fI753MLhnmEPyMW3vPjx5xtXALP8AwD1TOgWQuaqWDuN+JHZjFU7yPaCT5wyYCJ7lNfoAcGLl6m39HDC5d1JS/aVhMZQChMEE/KdKQvBi/ThqRdXGf7xNdejW7a9Z4NS4qzLZxiSxiAARiAARjoZEADdD2UNAN2vSeKsNNGMIM9fGAg3Lwo4+GB6SOKPuqhBOMd2pgPbWytdfRFtyKi0LEgulYwud5NB64n/IoqTFozCB+48QF2xs4wAAMwAAO+MaD7D718qzf1pa3DQCcDenigYAWNR8p8KQ8iCTttD4vYI4sBhELHApovBs+Cjt/olGAABmAABmAABmAABmAABmAABmAABmCgfgz4olsRUehYEKWx16+x4xN8AgMwAAMwAAMwAAMwAAMwAAMwAAMwkMUAQqFjAc0Xg2dBx290SjAAAzAAAzAAAzAAAzAAAzAAAzAAAzBQPwZ80a2IKHQsiNLY69fY8Qk+gQEYgAEYgAEYgAEYgAEYgAEYgAEYyGIAodCxgOaLwbOg4zc6JRiAARiAARiAARiAARiAARiAARiAARioHwO+6FZEFDoWRGns9Wvs+ASfwAAMwAAMwAAMwAAMwAAMwAAMwAAMZDGAUOhYQPPF4FnQ8RudEgzAAAzAAAzAAAzAAAzAAAzAAAzAAAzUjwFfdCsiCh0LojT2+jV2fIJPYAAGYAAGYAAGYAAGYAAGYAAGYAAGshhAKHQsoPli8Czo+I1OCQZgAAZgAAZgAAZgAAZgAAZgAAZgAAbqx4AvuhURhY4FURp7/Ro7PsEnMAADMAADMAADMAADMAADMAADMAADWQwgFDoW0HwxeBZ0/EanBAMwAAMwAAMwAAMwAAMwAAMwAAMwAAP1Y8AX3YqIQseCKI29fo0dn+ATGIABGIABGIABGIABGIABGIABGICBLAYQCh0LaL4YPAs6fqNTggEYgAEYgAEYgAEYgAEYgAEYgAEYgIH6MeCLbkVEoWNBlMZev8aOT/AJDMAADMAADMAADMAADMAADMAADMBAFgMIhY4FNF8MngUdv9EpwQAMwAAMwAAMwAAMwAAMwAAMwAAMwED9GPBFtyKi0LEgSmOvX2PHJ/gEBmAABmAABmAABmAABmAABmAABmAgiwGEQscCmi8Gz4KO3+iUYAAGYAAGYAAGYAAGYAAGYAAGYAAGYKB+DPiiWxFR6FgQpbHXr7HjE3wCAzAAAzAAAzAAAzAAAzAAAzAAAzCQxQBCoWMBzReDZ0HHb3RKMAADMAADMAADMAADMAADMAADMAADMFA/BnzRrYgodCyI0tjr19jxCT6BARiAARiAARiAARiAARiAARiAARjIYgCh0LGA5ovBs6DjNzolGIABGIABGIABGIABGIABGIABGIABGKgfA77oVkQUOhZEaez1a+z4BJ/AAAzAAAzAAAzAAAzAAAzAAAzAAAxkMYBQ6FhA88XgWdDxG50SDMAADMAADMAADMAADMAADMAADMAADNSPAV90q9pFFBrDc7wzwAbYAAZgAAZgAAZgAAZgAAZgAAZgAAZgAAbqw0DbRVyEwiP1gY2Gjy9gAAZgAAZgAAZgAAZgAAZgAAZgAAZgoL4MIBQ6moJsGkHbDU796hc+jE/wCQzAAAzAAAzAAAzAAAzAAAzAAAzAQBYDvuhWtYsozHIKv9FoYQAGYAAGYAAGYAAGYAAGYAAGYAAGYAAGXDOAUOgoktA41heDm/pypFODARiAARiAARiAARiAARiAARiAARiAgWYw4ItuRUShY0GUDqAZHQB+wk8wAAMwAAMwAAMwAAMwAAMwAAMwAAOGAYRCxwKaLwY3gHGks4EBGIABGIABGIABGIABGIABGIABGICBZjDgi25FRKFjQZQOoBkdAH7CTzAAAzAAAzAAAzAAAzAAAzAAAzAAA4YBhELHApovBjeAcaSzgQEYgAEYgAEYgAEYgAEYgAEYgAEYgIFmMOCLbkVEoWNBlA6gGR0AfsJPMAADMAADMAADMAADMAADMAADMAADhgGEQscCmi8GN4BxpLOBARiAARiAARiAARiAARiAARiAARiAgWYw4ItuRUShY0GUDqAZHQB+wk8wAAMwAAMwAAMwAAMwAAMwAAMwAAOGAYRCxwKaLwY3gHGks4EBGIABGIABGIABGIABGIABGIABGICBZjDgi25FRKFjQZQOoBkdAH7CTzAAAzAAAzAAAzAAAzAAAzAAAzAAA4YBhELHApovBjeAcaSzgQEYgAEYgAEYgAEYgAEYgAEYgAEYgIFmMOCLbkVEoWNBlA6gGR0AfsJPMAADMAADMAADMAADMAADMAADMAADhgGEQscCmi8GN4BxpLOBARiAARiAARiAARiAARiAARiAARiAgWYw4ItuRUShY0GUDqAZHQB+wk8wAAMwAAMwAAMwAAMwAAMwAAMwAAOGAYRCxwKaLwY3gHGks4EBGIABGIABGIABGIABGIABGIABGICBZjDgi25FRKFjQZQOoBkdAH7CTzAAAzAAAzAAAzAAAzAAAzAAAzAAA4YBhELHApovBjeAcaSzgQEYgAEYgAEYgAEYgAEYgAEYgAEYgIFmMOCLbkVEoWNBlA6gGR0AfsJPMAADMAADMAADMAADMAADMAADMAADhgFfhML/B/AEYt0NGemcAAAAAElFTkSuQmCC" style="margin-left: auto; margin-right: auto;" width="529" /></td></tr><tr><td class="tr-caption" style="text-align: center;">League of Legends is owned by Tencent.</td></tr></tbody></table>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-58240097238200589502020-05-19T11:50:00.005-07:002020-06-04T20:04:53.784-07:00Asynchronous Command And Control and Why You Care If You Do Cyber PolicyImagine you were a bipedal alien scientist studying creatures on Earth and you had never seen any before. Like that 50 First Dates movie with Adam Sandler, but instead of fart jokes from a walrus, science. Almost certainly as you examine things with your ultra-sophisticated tools, you are going to become obsessed with cause and effect or command and control. You're going to map every system and say which parts influence other parts. <div><br /></div><div>In other words, for humans, actions descend from centralized control, carried by a nervous system, with a rationalization of purpose. Even the stupid mitochondria is mislabeled as the "powerhouse of the cell". But this is sadly not how most systems really work! And so when you, the alien scientist, come across an ant colony or a siphonophore or <a href="https://science.sciencemag.org/content/327/5971/1341/F3">certain</a> <a href="https://en.wikipedia.org/wiki/Synalpheus_regalis">species of shrimp</a> and you're literally left reassessing the very meaning of cognition, it's hard not to want to just pretend it doesn't exist.</div><div><br /></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKrhmbu2jR3uoLquzBIxOT9pJXJnl5OdISoepkWHPWBZA68fPIujgiqHMO9COKD3k9NW_2yzrvEYSe5sxGUQlQxFu5GkPTygKhVLhbSbFo2AHmCUv4wcLEhJMs2rrl5JLxMRQkoyllcX4/" style="margin-left: auto; margin-right: auto;"><img alt="a picture of some eusocial organisms" border="0" data-original-height="224" data-original-width="440" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKrhmbu2jR3uoLquzBIxOT9pJXJnl5OdISoepkWHPWBZA68fPIujgiqHMO9COKD3k9NW_2yzrvEYSe5sxGUQlQxFu5GkPTygKhVLhbSbFo2AHmCUv4wcLEhJMs2rrl5JLxMRQkoyllcX4/w400-h204/shrimp.gif" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Basically everything they taught you in school about <a href="https://science.sciencemag.org/content/327/5971/1341/F3">Eusocial organisms</a> was confused because the subject is naturally confusing. </td></tr></tbody></table><div><div><br /><br /></div><div>It is basically like this in all cyber policy when it comes to how implants and command and control work, and this filters into a lot of the policy frameworks you see built out of various places, such as the <a href="https://ccdcoe.org/research/tallinn-manual/">Tallinn Manual</a>, <a href="https://dsgl.defence.gov.au/dsglcontent/Pages/4D004.aspx">export control frameworks</a>, the unfortunately named "<a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2343798">PrEP</a>" framework, etc. </div><div><br /></div><div>Obviously there are a lot of hard definitional questions when it comes to cyber policy:</div><div><ul style="text-align: left;"><li>What is an exploit?</li><li>What is a vulnerability?</li><li>What is known vs unknown, and the meaning of the word 0day?</li><li>What is the location of a cyber operation?</li><li>What is sovereignty and when is it being compromised?</li></ul><div>One of the hardest problems is that because remote access can be used for both espionage and for effect (D4), and of course also for defensive telemetry, the delimiters for policy control tend to lie outside of view.</div><div><br /></div><div>So aside from admiring the problem I wanted to point at a whole new set of problems to admire that we have so far left in a blindspot - worms, emergent behavior, and asynchronous operations. These are the realistic mechanisms which correspond to two major defensive innovations:</div><div><ol style="text-align: left;"><li>Air gaps and air-gap-like network structures (and this includes modern API-driven zero-trust architectures)</li><li>Automated network-speed defenses (Microsoft ATP, for example)</li></ol></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLyipfJ2oDrbDRa7hkBT1zttSLWs8G7Nxw3dGZhAR56vYGPS8Ja8KZ_BYMLCsnjfCTugijARbyVCxXLOqpn2FgUWNih_yCkhznTpkb_uN4STu4U6cUUKCKHq-T6FNyi7q4k7uy9cwgBXI/" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="286" data-original-width="1252" height="91" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLyipfJ2oDrbDRa7hkBT1zttSLWs8G7Nxw3dGZhAR56vYGPS8Ja8KZ_BYMLCsnjfCTugijARbyVCxXLOqpn2FgUWNih_yCkhznTpkb_uN4STu4U6cUUKCKHq-T6FNyi7q4k7uy9cwgBXI/w400-h91/Screen+Shot+2020-05-19+at+2.27.08+PM.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">technically everything is a circle if you zoom out far enough, but obviously Tempest exists and hardware implants exist and supply chain chicanery exists<br /></td></tr></tbody></table><div><br /></div><div>Part of the problem is the lack of operational examples of decentralized control structures in cyber implants, but I will list the ones we know about here. Although it's worth noting that propagation via USB and control via USB are not the same thing.<b> Three of these were just announced this week! But there are literally only five publicly known as far as I can tell.</b></div><div><ol style="text-align: left;"><li>2010 - FLAME (see <a href="https://labs.bitdefender.com/2012/06/flame-the-story-of-leaked-data-carried-by-human-vector/">this</a> amazing Bitdefender article)</li><li>2020 - USB Thief (c.f. ESET <a href="https://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/">here</a>)</li><li>2014 - USB Ferry (Chinese APT c.f. Trend Micro <a href="https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf">here</a>)</li><li>2017 - RAMSAY (DarkHotel c.f. ESET <a href="https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/">here</a>)</li><li>2020 - COMpfun (c.f. Kaspersky <a href="https://securelist.com/compfun-http-status-based-trojan/96874/">here</a>, although the section on the USB C2 is slim)</li><li>2014 - Cycldek (also known as Goblin Panda and Conimes according to <a href="https://securelist.com/cycldek-bridging-the-air-gap/97157/">Kaspersky</a>) "One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data. This may suggest Cycldek is trying to reach air-gapped networks in victim environments or relies on physical presence for the same purpose." This doesn't sound like C2, but hard to say from public reporting.</li></ol><div>For why it is harder to model a system built by passing occasional messages and even more rarely receiving a response to those messages, it's useful to read James Micken's essentially perfect paper on the subject <a href="https://scholar.harvard.edu/files/mickens/files/thesaddestmoment.pdf">here</a>. Implants that take commands from, say, a website are essentially interactive. This is the flavor that Metasploit and CANVAS and CORE Impact model - a simple connected lifestyle of cause and effect. You input a command, you get the result. If you don't get a result, that means perhaps your command has not ended, or your implant has crashed. Those are the two possibilities. </div><div><br /></div><div>But in an asynchronous model, your implant is making a lot of its own decisions! It's thinking "Hey, maybe I don't want to do that job yet, because nobody is on this computer right now so spinning up the CPU and getting really active will light a lot of bells on the endpoint protection system". Or maybe your command did not get there. Or maybe the response did not get back. Or maybe something got corrupted and a gate to complexity hell opened up. Everything is possible. And hence, the behavior of the overall system, like an enraged ants nest, becomes complex and depends on a million factors out of your control.</div><div><br /></div><div>In other words, I like to add to the list of questions above which haunt us: </div><div><ul style="text-align: left;"><li>What is control, without control?</li></ul></div><div> </div></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div> </div><div><br /></div><div> </div></div><div><br /></div></div>Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-23840040203233898902020-04-27T15:45:00.000-07:002020-04-27T15:45:24.309-07:00Defending Forward, aka, hacking the hackersSo the Cyberspace Solarium articles [<a href="https://www.cfr.org/blog/us-cyber-commands-malware-inoculation-linking-offense-and-defense-cyberspace">1</a>] and many other pieces talking about "Defending Forward" have been quite confusing, and I wanted to draw upon a few decades of history to put this strategy in context. In summary, however, defending forward is a complex and expensive tactic that has a perhaps outsized space in our national strategy, especially as espoused by the Cyberspace Solarium.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4tX8ykL4XQSGcnfbIyThs-wMTW8YhepkAaxaUj4sWUTxvdRSnsrPWNc65l1PzNsi8bEtaKFBGmx8UGYYUpTuj8p1GiXgnsN7f0ZZUgfR6Ltw51yb1t2JBWYEscgjWFCkiyp_MfzID6pA/s1600/Pyramid-of-Pain-Extracted-from-9.pbm" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="405" data-original-width="623" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4tX8ykL4XQSGcnfbIyThs-wMTW8YhepkAaxaUj4sWUTxvdRSnsrPWNc65l1PzNsi8bEtaKFBGmx8UGYYUpTuj8p1GiXgnsN7f0ZZUgfR6Ltw51yb1t2JBWYEscgjWFCkiyp_MfzID6pA/s320/Pyramid-of-Pain-Extracted-from-9.pbm" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The <a href="https://www.researchgate.net/figure/Pyramid-of-Pain-Extracted-from-9_fig1_327000443">traditional</a> graphic to show effort to replace pieces of hacker kit although obviously at the top is "people". :)</td></tr>
</tbody></table>
<br />
Part of the expense is that hackers are constantly rebuilding their tool chains. Burning their rootkits or trojans or exploits or C2s or targets has two effects: They switch to their backups or spend a few months doing a rewrite and then move on. Of course, when they rewrite their tools, they are going to do a BETTER job than before, and this means your tracking effort is going to get harder over time.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5NlG6anzZrl53vH418exVwMiw9fQREozbUokCPiRB-q9rEhh782waH7iDdGzRnVp_Myhm_Iotps7XBWam5z5_c8k4uOQAPz8hYao4Gjoexz9niDIXGx8fvSJpZJ87afzxBqCGQqLbkzw/s1600/Screen+Shot+2020-04-24+at+11.44.19+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="554" data-original-width="730" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5NlG6anzZrl53vH418exVwMiw9fQREozbUokCPiRB-q9rEhh782waH7iDdGzRnVp_Myhm_Iotps7XBWam5z5_c8k4uOQAPz8hYao4Gjoexz9niDIXGx8fvSJpZJ87afzxBqCGQqLbkzw/s320/Screen+Shot+2020-04-24+at+11.44.19+AM.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">It's a bit like attacking a footlock in BJJ - you put your own sources and methods at risk by revealing what you know and what you don't know as this graphic clearly illustrates by showing someone's cell phone selfie and a black space for someone else.</td></tr>
</tbody></table>
<br />
<br />
Indictments, a crucial part of the US defend forward and national pressure effort, seeks to be even more longterm, by blowing an actual individual or group's cover. One obvious thing this has done (since it has not resulting in convictions or the cessation of Chinese hacking efforts) is lock the people we indict into their government system, instead of allowing them to migrate into defensive jobs in industry, which is probably not in our best interest. Alisa Esage, while not indicted, was sanctioned as part of a US effort and cannot give speeches in Europe because of this. Did this help us? Of course the smart thing for us to do is include our HUMINT sources in our indictments to provide cover for them. Apparently <a href="https://www.mcclatchydc.com/news/nation-world/national/article207723644.html">this has already happened</a>, and I am late on the update as always.<br />
<br />
A more extreme example of defend forward in cyber is, of course, the Israeli campaign in Iran, <a href="https://www.usatoday.com/story/news/nation/2013/10/02/iran-cyber-war-commander-shot-dead/2912045/">assassinating people involved</a> in their cyber efforts.<br />
<br />
<b>Layers of Vulnerability in Cyber Campaigns</b><br />
<br />
I'm going to rank these from easiest to hardest, but it is also walking backwards on the kill chain, if that's your thing.<br />
<br />
There are of course multiple ways to skin the onion that is a cyber campaign. You can hack the targets of that campaign, and from those steal the toolkit used. This is a non-inconsequential purpose of some pieces of kit we already know about (<a href="https://www.zdnet.com/article/security-researcher-identifies-new-apt-group-mentioned-in-2017-shadow-brokers-leak/">sigs.py</a>).<br />
<br />
You can also hack (or collect) the C2 and launch servers used by hacker groups, as appears to have been done against many of the Chinese crews, some of which decided to use Facebook and other social networks from their exploitation boxes, blowing their attribution instantly.<br />
<br />
You can also hit the analysis arms of various APT groups (i.e. with trojaned Office documents or directly if you can figure out who they are via HUMINT/SIGINT). This is the most long-term effect you can have against your adversaries.<br />
<br />
You can also hack the hackers themselves, which is where historically things have happened amongst hacker groups. There's a rich history here that no cyber strategist should be unfamiliar with because it's the most important analogy to what Defend Forward is trying to do. Let's list some examples:<br />
<br />
<ul>
<li>Mitnick Era - You can read about these exciting stories in all sorts of books, but they predate modern life so I don't recommend using them for basing cyber strategy on.</li>
<li>EL8/<a href="https://seclists.org/fulldisclosure/2002/Aug/227">PHC</a>/<a href="https://github.com/fdiskyou/Zines/tree/master/ZF0">ZF0</a>/#ANTISEC - I'm not trying to imply these are all the same, but they are a modern history everyone in cyber policy should know. </li>
<li>Lulzsec - The public story is that they were eventually rounded up by law enforcement. The private rumors is that they were a victim of an OCO.</li>
<li><a href="https://arstechnica.com/information-technology/2016/04/how-hacking-team-got-hacked-phineas-phisher/">HackingTeam/GammaGroup</a> - Phineous Fisher is still an unknown hacktivist force wandering around making offers for people to release databases. Lots of people drunkenly claim at conference parties to be him/her though, which is traditional in the hacker world. </li>
<li><a href="https://arstechnica.com/information-technology/2018/01/dutch-intelligence-hacked-video-cameras-in-office-of-russians-who-hacked-dnc/">Dutch vs Russians</a> - A classic example of modern defend forward from a partner state</li>
<li><a href="https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html">Israel vs Kaspersky/GRU</a> - I only believe about 10% of the NYT reporting on cyber, since it's usually <a href="https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html">super off-base </a>but it's worth a read.</li>
<li>ShadowBrokers - We don't know the details of how this was done, but that was an opdisk, not stolen from C2 so belongs here as the primary example of how to do denial of national-grade capabilities correctly.</li>
</ul>
<br />
<br class="Apple-interchange-newline" />Even with this limited set of examples, it is possible to start putting together some context for how the defend forward strategy matches our capabilities and investment. Much of the public discussion of defend forward talks about escalatory ladders, but I'd like to frame a few questions here that I find more useful for analysis.<br />
<br />
<br />
<ol>
<li>Are we deterring adversary action, or simply shaping it to be more covert and have greater long-term impact?</li>
<li>Is our activity cost effective and low on side-effects?</li>
</ol>
<div>
<br /></div>
<div>
One thing I think people don't recognize about some of the efforts on the above list is they involve a different type of hacking team than most military or government organizations use today. In particular, 90's hacker groups (c.f. Phineous Fisher) often wrote bespoke tool chains, exploits, implants, C2, and everything, for each target. It was, in modern parlance, a vertically integrated supply chain. It epitomizes the opposite of scale and was highly targeted. </div>
<br />
<br />
The USG has the opposite issue - a thousand potential adversaries, but with the advantages of existing HUMINT and SIGINT infrastructure. The other major difference, of course, being the goal of many of these attacks. Once most attacks happened in the list above, the result was a mailspool drop, and in many cases, along with a full chain of the attack, which adds valuable credibility, and is a tool the USG has not yet used.<br />
<br />
The "Forward" part of "Defend Forward" is hard enough. The other major issue is finding a way to cause an impact on your adversaries longer than a hummingbird's cough.<span style="font-family: inherit;"> <span style="background-color: white; color: #222222;"><b>The easiest metric for whether or not your cyber security strategy is a good one is does it give my adversary more difficult equity issues than I have.</b> The downside of releasing what you know about a target's malware is that they can trace their OPSEC compromises, potentially finding YOUR malware. The upside is that larger corporations, American and otherwise, who have automated threat feeds that include your IoC information may detect and remove the adversary's access. </span></span><br />
<span style="font-family: inherit;"><span style="background-color: white; color: #222222;"><br /></span></span>
<span style="font-family: inherit;"><span style="background-color: white; color: #222222;">On the other hand, they may not.</span></span><br />
<div>
<br /></div>
Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-43987357571650675972020-04-10T08:13:00.001-07:002020-04-10T08:13:12.971-07:00Informing cyber policy from the vulnerability treadmill<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwr2TjykVBbrdQvRmpUzrGGCqTk-J_Ee2WH_2ply6jcfLm2W0U8JnbQNY95gQ5ftXIsuNDtrRbQT6gmdsoH4Ms9v3Rca5RVgBU5WRnx39Y1v7cAtYJL_VqcgCgvz7HZ59dXWi2as_0UF8/s1600/Screen+Shot+2020-04-10+at+10.26.20+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="816" data-original-width="1264" height="412" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwr2TjykVBbrdQvRmpUzrGGCqTk-J_Ee2WH_2ply6jcfLm2W0U8JnbQNY95gQ5ftXIsuNDtrRbQT6gmdsoH4Ms9v3Rca5RVgBU5WRnx39Y1v7cAtYJL_VqcgCgvz7HZ59dXWi2as_0UF8/s640/Screen+Shot+2020-04-10+at+10.26.20+AM.png" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="https://twitter.com/chrisrohlf/status/1247660100250152961?s=20">This is a non-trivial part of being in offense or high level defense</a>.</td></tr>
</tbody></table>
<br />
<br />
I recently wrote on the technical mailing list DD about the vulnerability treadmill, which essentially is the huge workload taken upon every technical person in the industry to keep up with vast amount of exploit information that is released daily. This firehose of information is distinct from the databases set up by various agencies which are used as lexicons (CVD/CVE/etc.) so various products can in theory talk together over XML pipes.<br />
<br />
When talking to policy groups I like to compare any offensive researcher's lifestyle as one where they spend a few hours a day reading every patent that comes out in any particular field. I do this because you often see news articles about how China has exceeded US patents in some area or another based on patent application counts.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvChnqDMchTDDeVNZe3QcL8gcVim2CmXBvdos0jenJ_teg01ihabIsvamOKj67xnEptYsXJv2pSI8-tgYBltCLavDLy64e2QjoJWYeJXIZCDnT8z7LFFbDYS6ew0mn95Ard9iWfHJ6T64/s1600/Screen+Shot+2020-04-10+at+10.43.16+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="438" data-original-width="1074" height="162" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvChnqDMchTDDeVNZe3QcL8gcVim2CmXBvdos0jenJ_teg01ihabIsvamOKj67xnEptYsXJv2pSI8-tgYBltCLavDLy64e2QjoJWYeJXIZCDnT8z7LFFbDYS6ew0mn95Ard9iWfHJ6T64/s400/Screen+Shot+2020-04-10+at+10.43.16+AM.png" width="400" /></a></div>
<br />
But <b>CONTENT IS A LEADING INDICATOR.</b> If any five random Chinese patents are ten times as interesting for a professional to read than any five US patents, then you know what's up without having to do the math on who has more. It is this way with vulnerabilities as well.<br />
<br />
One of the things that is distressing to technical experts in this area is the policy focus on "patching". Patching is not nearly as important as people (in particular, as the Cyberspace Solarium's software liability section) make it sound. If you look at two recent vulnerabilities, the Citrix Netscaler and the recent Symantec Web Gateway vulnerability, you don't see "patchable" vulns.<br />
<br />
The first thing to see about the Symantec Web Gateway exploit (<a href="https://dl.packetstormsecurity.net/2004-exploits/symantecwg-exec.pdf">here</a>) is that it only exists if an <i>upload</i> directory has been created on the device. I'm not sure how common that is. The other thing to note is that the thing appears to be written in PHP, and contain a million other bugs, so I don't really care if this particular bug is realistic or not. It's basically impossible to write secure software in PHP or Perl, which are languages which exist only to prove how hard it can be to write secure software in them.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKb9_yUzRIlGd5YW01uWmei1ZnoPPasyhwpRLhLy7OTpS-Wwjn67JMIkWbjj13mcUVgFJW7GXxzFwXSolzU2Ez842t_6sNE8H6VdwC1OXTJQXc83bTwkni2i7qFUi7ZrGyjsP7oM0_IYc/s1600/Screen+Shot+2020-04-10+at+10.59.15+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="858" data-original-width="1230" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKb9_yUzRIlGd5YW01uWmei1ZnoPPasyhwpRLhLy7OTpS-Wwjn67JMIkWbjj13mcUVgFJW7GXxzFwXSolzU2Ez842t_6sNE8H6VdwC1OXTJQXc83bTwkni2i7qFUi7ZrGyjsP7oM0_IYc/s320/Screen+Shot+2020-04-10+at+10.59.15+AM.png" width="320" /></a></div>
<br />
The Citrix Netscaler <a href="https://github.com/mpgn/CVE-2019-19781">exploit</a> sends as similar message of "Your purchasing department failed and no patch is available for that kind of governance mistake".<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTZ18oOP4kZDOwqCiXrMaNafEtGhRGfEAJS1xZ0xaKk_2MAVSJPDgusH2ahMUQwOLjYxTqWc6heoNk-x8KQnlUJgH_i1zfxItZheejuTZYGw_LCtG4x1w6TVOnvCF_g89DwR_163zR3CU/s1600/Screen+Shot+2020-04-10+at+11.02.47+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1025" data-original-width="1600" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTZ18oOP4kZDOwqCiXrMaNafEtGhRGfEAJS1xZ0xaKk_2MAVSJPDgusH2ahMUQwOLjYxTqWc6heoNk-x8KQnlUJgH_i1zfxItZheejuTZYGw_LCtG4x1w6TVOnvCF_g89DwR_163zR3CU/s400/Screen+Shot+2020-04-10+at+11.02.47+AM.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">"The bug here is ... someone installed PERL and decided to use it on their VPN"</td></tr>
</tbody></table>
<br />
This kind of vulnerability does not exist on equipment when your purchasing department has done their job of due diligence. You don't patch that kind of issue - you rip the equipment out and fire your purchasing manager.<br />
<br />
And in fact, banks regularly do this! Josh Corman had a panel on software liability where he discussed a scenario where banks take all the risk and software vendors take none. <b>But this is not true!</b> Banks are extremely tough customers and the majority of Immunity's business for a long time was reviewing the code of various things banks wanted to purchase, <b>BEFORE THEY PURCHASED IT</b>. If we found vulnerabilities that indicated poor code quality, or if the vendor didn't have a process to handle the vulnerabilities we found, they simply didn't buy it.<br />
<br />
But what does this bring to a policy discussion? Here are three things you can know from staying on that treadmill:<br />
<br />
<ol>
<li>Patching is often just a quality signal - it often can't be used as a metric for a lot of very complex reasons</li>
<li>The Chinese are actually better at cyber than we are right now. <b>We are the "near peer" in cyberspace.</b> I've read all their public exploits and...that's the state of the art. Thinking otherwise is egotism.</li>
<li>Any norms process is going to have to include a much broader group of countries than just the top three. The Scandanavian countries, South Korea, Japan, and a huge host of "secondary cyber powers" are all far past the point of no return when it comes to capabilities. It is as if we are starting the nuclear norms conversation, but you have to take everyone's views into account including Uzbekistan and GreenPeace. This may color your projections on how realistic these norms discussions are. </li>
</ol>
<br />
<br />
<br />
<br />
<br />Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-68293274485201029882020-03-24T10:48:00.001-07:002020-03-26T09:30:10.646-07:00Recruit, Retain, Reject?<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKpA9Ol6O9IXw84swNAod-o0bcgg1BsRGXDHi4AdLZJWUrIqq1rLrnkb1yBCkyyClgiAjLzTW2Uyrao2p8ht9qrMEcqLtUrBtAveDsWfyYd-6ciKwAQ6mqw6Sg0oXNs0dk3ULNTs05450/s1600/Screen+Shot+2020-03-23+at+12.02.17+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="761" data-original-width="1600" height="304" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKpA9Ol6O9IXw84swNAod-o0bcgg1BsRGXDHi4AdLZJWUrIqq1rLrnkb1yBCkyyClgiAjLzTW2Uyrao2p8ht9qrMEcqLtUrBtAveDsWfyYd-6ciKwAQ6mqw6Sg0oXNs0dk3ULNTs05450/s640/Screen+Shot+2020-03-23+at+12.02.17+PM.png" width="640" /></a></div>
<br />
I want to talk about my experience working for the Federal Government, but also look at some wrinkles in the Cyberspace Solarium's efforts to address recruitment and retainment. At some level, every government proposal to address this problem is a twelve-dimensional remastering of <i>Groundhog Day</i>. You can see this in the<a href="https://www.lawfareblog.com/cyber-strategy-and-talent"> supporting document on Lawfareblog</a>, which focuses on the military talent shortage, possibly inspired by a meeting with CyberCom?<br />
<br />
Most reports of this nature nibble around the edges of the problem and the Lawfareblog article proposes the following:<br />
<br />
<ul>
<li>Relaxing military grooming and fitness standards for people in IT roles</li>
<li>Paying IT people more to compete with private industry</li>
<li>Opening offices in cities that people want to work in (or say, in Silicon Valley, where nobody WANTS to work but apparently people end up)</li>
<li>Building a skills database (which ironically would probably get hacked)</li>
<li>Offering unique perks (like training on emerging technologies, or one-of-a-kind challenge coins!)</li>
</ul>
<div>
All of the typical suggested measures largely ignore the the number one issue with recruitment and retainment which is the clearance system. In this day and age, not being able to offer a clearance within a week is insane. In many ways, we need to completely rethink the clearance system, which right now is a one way door - people are required to be working in the Government or for a Government contractor to hold a clearance, and when they lose it, they rarely get it back as it requires a full-on reprocessing, which can take years.</div>
<div>
<br /></div>
<div>
That brings me to my story. I filed for some scholarships in high school, one with NASA and one with the NSA. My high school grades were not great, but the NSA application included an interview and I was even then, as obviously geeky as it got. I had, as it were, mad Turbo Pascal skills, and some beginner assembly language, and the NSA had a voracious appetite for minority students in technical fields like computer science, which I already knew was my focus to the total exclusion of anything else, like social skills or any fashion sense. </div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh13qjAW7b9AIGRaRq_HZEzJannEbtBJXGwVKJOB_V7PnLoGDbESG4D8dKDAKDvZRHRDFHUSJPYlfraROEjh8ufzBiYlWbqDAtI4Q1sBmYy9F1zz138sk5ZaIPOxEX0VaHCS8Vid5cPdnI/s1600/Screen+Shot+2020-03-23+at+6.51.39+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="955" data-original-width="1600" height="191" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh13qjAW7b9AIGRaRq_HZEzJannEbtBJXGwVKJOB_V7PnLoGDbESG4D8dKDAKDvZRHRDFHUSJPYlfraROEjh8ufzBiYlWbqDAtI4Q1sBmYy9F1zz138sk5ZaIPOxEX0VaHCS8Vid5cPdnI/s320/Screen+Shot+2020-03-23+at+6.51.39+PM.png" width="320" /></a></div>
<div>
<br /></div>
<div>
At the time the program was called the Undergraduate Training Program and started in 1986 (legend has it a member of the Congressional Black Caucus got a tour of the NSA and didn't see any minorities and threatened to yank funding until he did), but it appears to have been renamed the Stokes Educational Scholarship. I highly recommend it, if you are a high school student reading this blog, or happen to have one near you! </div>
<div>
<br /></div>
<div>
But also, I think the UTP/Stokes program has offered massive strategic advantages to the United States, getting students into the NSA who otherwise never would have considered it, who have gone on to contribute immeasurably to our national security. It has had high return on investment, in other words. So please don't take this blogpost as saying these efforts are not worth it. However, they will not change the game or solve the problem.</div>
<div>
<br /></div>
<div>
One reason for that is that these programs exist and <i>have for forty years</i>. So what are the new proposals in the Cyberspace Solarium efforts? </div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPPFioI4gMA0p-8YeUg0av9TtmpnMOHVG6WWCUXZKGCZGBUU05kxZdt3BvUDugIMZfNOA8DHoFU8DBDIQ3NYMaSHJtVqAtKc1bqXM9f9WyciqIYxMXz6aPZjrHaMJrwdofG1g-6aoLOVk/s1600/Screen+Shot+2020-03-24+at+12.37.35+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="838" data-original-width="1164" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPPFioI4gMA0p-8YeUg0av9TtmpnMOHVG6WWCUXZKGCZGBUU05kxZdt3BvUDugIMZfNOA8DHoFU8DBDIQ3NYMaSHJtVqAtKc1bqXM9f9WyciqIYxMXz6aPZjrHaMJrwdofG1g-6aoLOVk/s320/Screen+Shot+2020-03-24+at+12.37.35+PM.png" width="320" /></a></div>
<div>
<br /></div>
<div>
Not that we can't "Do more" but aside from the "institutional barrier" of clearances, it's hard to see what we can drastically change to open a huge pipeline of new applicants for the 33K billets we need to fill. </div>
<div>
<br /></div>
<div>
Ask yourself this:</div>
<div>
<ul>
<li>Why does it take 2 years to get a TS-SCI?</li>
<li>Why do you lose your clearance after five years of not using it?</li>
<li>Why can't a small company hold a facilities clearance? Why do companies hold your clearance, and not the government itself? </li>
<li>Do we know anyone who has given up their clearance, gone on to have a successful private industry career that involved extensive travel, and then re-applied and been accepted? If not , why not?</li>
<li>Why have we not already copied and expanded the massively successful <a href="https://www.ncsc.gov.uk/information/industry-100">NCSC Industry-100</a> program?</li>
</ul>
<div>
<br /></div>
</div>
<div>
To be fair, the report acknowledges this pain point by asking for a new report!</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQdcBZbV3M-GOGZnpmQI_V9thmknXBy2Jz7MwipyYHFAcJkpW4NT3FGLse7fQVJTRXilGhek4XA3vFwWHsf03homb_-KN7zRWqcJqF5USk2LW3_sjxZyhgYToRxb7LnLRAkIErDf-gbX8/s1600/Screen+Shot+2020-03-24+at+12.44.54+PM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="886" data-original-width="1250" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQdcBZbV3M-GOGZnpmQI_V9thmknXBy2Jz7MwipyYHFAcJkpW4NT3FGLse7fQVJTRXilGhek4XA3vFwWHsf03homb_-KN7zRWqcJqF5USk2LW3_sjxZyhgYToRxb7LnLRAkIErDf-gbX8/s320/Screen+Shot+2020-03-24+at+12.44.54+PM.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">We don't need another report - we need a massive change to an obviously broken system.</td></tr>
</tbody></table>
<div>
<br /></div>
<div>
<br /></div>
<div>
If you've been following DARPA's work in the area, you may have noticed <a href="https://www.darpa.mil/news-events/2018-09-07">they've already done research on getting people a clearance in a week</a> - we just need the political wherewithal to follow through on implementing it. </div>
<div>
<br /></div>
<div>
It may be, of course, that even with the clearance roadblock removed, the Culture roadblock, as identified by the authors of the Solarium report, would remain. Culture is not about haircuts and fitness levels - and in fact most hackers I know are very into Brazilian Jiu Jitsu and can run a reasonably fast mile.</div>
<div>
<br /></div>
<div>
Culture is about a deeper set of problems, none of which are in the cyber domain: </div>
<div>
<ul>
<li>Politicization of the Mission, including the ICE mission</li>
<li>The Drug War</li>
<li>"Stop and Frisk"</li>
<li>"Why are we still in Afghanistan?"</li>
</ul>
<div>
If exposure to Stop and Frisk already pre-tuned you to thinking that law enforcement was an unacceptable career path, you're not going to apply to fix IT security issues at the FBI. CISA's mission may be amazing, but you can't retain workers who have their friends getting detained by ICE in front of their kids. You can't have the AG writing polemics against End to End encryption and then try to recruit people out of Facebook into DoJ because they already know the head boss is full of it.</div>
<div>
<br /></div>
<div>
<b>Sometimes you can't solve your recruitment problem by throwing money at the problem</b>, or more scholarships, or reaching out to more people. A better solution would include an agency that is removed from these complications - entirely out of the executive structure, with a mission that attracted the best and brightest because they believed it was uncorrupted. We can still call it CISA!</div>
<div>
<br /></div>
<div>
But until we solve the personnel problem, we can't solve the other problems the Solarium report tries to address. And until we address the Culture and Clearance problems, we can't even begin.</div>
<div>
<br /></div>
<div>
<br /></div>
</div>
<div>
</div>
<div>
<br /></div>
<div>
--------<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJQbZ0uhO8zvgmggviGHvP_Z6aRDYFS46OYhcg_4FzugQqmrTPH0KxhYRBI3XX0LGSKC1YALlpPXqLPzuvxzhTh2phawtecRCBIcEkS-upWH5SvOwUcOiyvluAx7LQHoxdExCqOCJz_V0/s1600/Screenshot_20200325-104813.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1600" data-original-width="758" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJQbZ0uhO8zvgmggviGHvP_Z6aRDYFS46OYhcg_4FzugQqmrTPH0KxhYRBI3XX0LGSKC1YALlpPXqLPzuvxzhTh2phawtecRCBIcEkS-upWH5SvOwUcOiyvluAx7LQHoxdExCqOCJz_V0/s640/Screenshot_20200325-104813.png" width="302" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">A quick note from someone...</td></tr>
</tbody></table>
<br /></div>
<br />
Another note:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijNxw_z27BZC8WF5b034ww2d3lC_udEmyjoxt9wUSNCogkOnnXv8HSL8ruoPmMBUKs9AAiRtV4X2I8EG6J7mLsmT0xupnAtIKqbXIVHEf5u1aWcH9qXfl9C65lUmljh19BNYH1Q3gpXiM/s1600/Screenshot_20200325-134203_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="758" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijNxw_z27BZC8WF5b034ww2d3lC_udEmyjoxt9wUSNCogkOnnXv8HSL8ruoPmMBUKs9AAiRtV4X2I8EG6J7mLsmT0xupnAtIKqbXIVHEf5u1aWcH9qXfl9C65lUmljh19BNYH1Q3gpXiM/s640/Screenshot_20200325-134203_2.png" width="302" /></a></div>
<br />
<br />
<br />
<br />Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-27612720388424169392020-03-12T13:00:00.002-07:002020-05-21T11:38:55.219-07:00The Solarium Review - What Sticks OutMost comprehensive reviews of government policy have little-to-no impact, because they involve complex unpopular legislation, or implementation by an unwilling executive branch, or more often, both.<br />
<br />
That's why it's understandable that the members of the Solarium have embarked on a marketing tour, doing podcast after podcast and panel after panel to sell not just the ideas in their paper, but the idea that these things have a hope of getting implemented. It may even be true! To that end, it's good to look at many of the ideas with a critical eye, and in depth.<br />
<br />
Some things immediately stand out:<br />
<br />
<ul>
<li>Six paragraphs of absolute cowardice on the End-2-End encryption issue</li>
<li>The document portends a heavy lift and massive investment in <a href="https://www.cisa.gov/about-cisa">CISA</a> which is under DHS</li>
<li>So so so much about norms - which in certain circles is like going to a scientific convention and talking about astrology </li>
<li>The section on adding liability to software vendors (4.2) is a difficult task, to say the least.</li>
</ul>
<div>
<br /></div>
<div>
Each of these items requires a massive paper to analyze. The lack of a stance on E2E encryption while at the same time throughout the document giving the standard polemic on public private-partnership evidences that the Commission was not of the view that the overall technical community needed to be wooed - that you can on one hand go to war with the community on major issues key to their worldview, and on the other hand recruit, retain, and partner with them. This is not how the world works. They missed a once-in-a-decade opportunity. </div>
<div>
<br /></div>
<div>
For CISA - which is under DHS - there are two major issues: </div>
<div>
<ul>
<li>Can CISA handle the lift? Can they scale up and do all the things recommended in the report? Being able to hire and manage that many contractors alone is difficult. We have to assume everything this document asks is going to be done under someone else other than Chris Krebs...</li>
<li>Will industry ignore that they sit next to the EXTREMELY UNPOPULAR immigration arm of DHS, which has tainted DHS's whole image to an almost unrecoverable extent.</li>
</ul>
<div>
<br /></div>
</div>
<div>
The software liability issue is complex but any detailed look at it can talk about how weird many of the ideas on this section are. As Perri would say "There are too many issues in this section to list." Although, to be fair, a future blogpost will do so.</div>
<div>
<br /></div>
<div>
<br /></div>
Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-12709649455775953832020-02-11T07:58:00.003-08:002020-02-11T08:02:00.972-08:00The Transmission CurveImagine everything your company does, but in terms of a RAR file. Every document, and email, and VOIP-call, and Teams message, every password and LDAP entry, every piece of source code in the git repo, and webex, and document scan, and database of PII, and Salesforce spreadsheet. Everything, no matter how trivial, related to the running of your company. If you're a five hundred person company, let's say that you generate about a Petabyte worth of information per year. This is dominated by useless webex video conference calls, which a hacker could not care less about. A more realistic total cost of ownership (TC0), in terms of bytes, for a five hundred person company for one decade, is 35 Terabytes (I backed this up with some real-world information and some calculations which I can share as needed - this includes all emails, documents, source code, and phone calls, but no video).<br />
<br />
That is currently just over a month of downloading for our hacker friends - but we will be nice and say they only download data at night (aka, 1/3 the time). Also, a month is a very long time to be "on target" but download size is basically static over the years and the time is pressured down by increasing network speeds. If you are in the ever growing box-of-pain (see below) then every time you get hacked, your entire company's IP value walks out the door.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwqqAvoCPlugpES0j44dxIoBhSIib7ROr0c5rQM5WQ2nbFc70u-lLALC9uheYlrI6bvOIhnWCFG9S2poeqXenJdHYt3PiLILXHOSIBgkdnS4urn9Uhxvgmqy2n8IBOrVTtSnBRqQKS5EM/s1600/Screen+Shot+2020-02-11+at+10.57.05+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="668" data-original-width="1600" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwqqAvoCPlugpES0j44dxIoBhSIib7ROr0c5rQM5WQ2nbFc70u-lLALC9uheYlrI6bvOIhnWCFG9S2poeqXenJdHYt3PiLILXHOSIBgkdnS4urn9Uhxvgmqy2n8IBOrVTtSnBRqQKS5EM/s640/Screen+Shot+2020-02-11+at+10.57.05+AM.png" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><div>
<span style="font-size: 12.8px;">Everything in this graph is either my estimate or Crowdstrike's but just understand that as speeds go up, and corporate IP size remains static, the odds of any hacked company being completely downloaded before you catch the pesky hacker goes to 1.</span></div>
</td></tr>
</tbody></table>
<br />
Hackers or signals intelligence agencies deal with this question every day in a different form, because 99% of what you see on most networks is useless porn and Windows updates. You want to filter that out on-site and then only send back the good stuff. But as network speeds go up, and storage costs go down, it's often easier to download everything and sort through it later. This is of course similar to the problem a certain large SIGINT group reportedly <a href="https://gizmodo.com/how-much-it-costs-the-nsa-to-store-an-entire-countrys-p-1578666785">had</a>.<br />
<br />
Following this curve is why I think the Endpoint Security people's <a href="https://www.fifthdomain.com/thought-leadership/2018/08/17/why-you-should-follow-the-1-10-60-rule-of-cybersecurity/">1/10/60 minute</a> rule is ridiculous, and why humans in the loop for security response are also hilarious. Ask yourself, at what speed of network does your company enter the box of pain before 60 minutes is up?<br />
<br />Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com1tag:blogger.com,1999:blog-2702972381435105050.post-59273771614238010952020-01-23T08:47:00.000-08:002020-01-23T08:48:03.873-08:00AI Cyber Controls and Bezos and MBSI wanted to link to <a href="https://www.cfr.org/blog/we-need-drastic-rethink-export-controls-ai">this post on CFR</a> where I wrote about the right way to look at creating new export controls in a complex technical space.<br />
<br />
Also, I'll be talking about cyber <a href="https://www.americanconference.com/global-encryption/">export controls</a> at the 10th forum on Global Encryption, Cloud, and Cyber Controls, March 24th and 25th in San Fransisco if you want to come heckle.<br />
<br />
But more I wanted to write a few words here about the recent Bezos hack, which is something still developing:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9lGFSL0kIHZ2XjlYjWjTazyHbl-mV4DNrf3rBArN7C49FbpidsZ0vIgD9OqbdeHDahqIOdXxsV8bPuohm9ZzwHQyt2Z6VQsPdkKN1Dnh5b-0TnmUcBWjpWIk4Yl6inG1bgipsfYCZcTQ/s1600/Screen+Shot+2020-01-23+at+11.02.35+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1230" data-original-width="1312" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9lGFSL0kIHZ2XjlYjWjTazyHbl-mV4DNrf3rBArN7C49FbpidsZ0vIgD9OqbdeHDahqIOdXxsV8bPuohm9ZzwHQyt2Z6VQsPdkKN1Dnh5b-0TnmUcBWjpWIk4Yl6inG1bgipsfYCZcTQ/s320/Screen+Shot+2020-01-23+at+11.02.35+AM.png" width="320" /></a></div>
<br />
A good perspective on the "Civil Society" (ugh, what a phrase) take on this sort of thing is <a href="https://www.lawfareblog.com/proposed-response-commercial-surveillance-emergency">this lawfare article</a>. Like many articles it leans heavily on export control of spyware as the solution to human rights ills. The first thing you'll notice about this, and other policy groups, is that they call for "Transparency", a term which is worth dissecting.<br />
<br />
In particular, it is ironic that the FTI report on Bezos's phone is generated with the exact technology they want to control! It is the very definition of dual use! And it is incomplete, because the one thing you do not have on your own iPhone is Transparency, so we do not even know for sure what the exploit was that got KSA (allegedly) onto Bezos's phone. In fact, Apple is <a href="https://www.zdnet.com/article/corellium-hits-back-against-apple-lawsuit-claims-ios-virtualization-is-for-the-common-good/">currently suing under weird parts of the DMCA</a> a company that does help with transparency, Corellium, after trying to buy them (presumably to stop them from selling their virtualization platform for iOS).<br />
<br />
When you hear Transparency from Citizen Lab what they mean is that they want long spreadsheets on basically everyone who buys any dual use software, based on confusing and inexact export control regulations which would strangle small companies who work in this space. This would in theory feed into stricter export control rules, or even domestic legislation. It would probably be easier and better to fix the DMCA and our vision of copyright so everyone can do forensics on their own phones and find out when they get hacked.<br />
<br />
It's also worth noting that Israel is not a member of the Wassenaar group of export control nations (nor is China, obviously, although Russia IS a member) and that the Kingdom has extensive offensive resources that go far beyond buying off the shelf exploit toolkits. I did a quick open source Twitter survey a while back after the UAE Project Raven articles came out and all I found was good penetration testing and offensive research teams in the KSA.<br />
<br />
<br />Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-29099320163078660842020-01-15T07:24:00.003-08:002020-01-15T07:24:59.175-08:00Local PrivEscs that are Remote Code ExecutionOne thing you will notice if you read the NSA advisory yesterday and the Microsoft advisory is that the NSA advisory had MORE information in it. Despite both organizations being "defenders" this is because software vendors have views of the world colored by a completely different view of systemic risk. Sometimes this means advisories get issued for vulnerabilities that are not really exploitable, but typically it means the impact of a vulnerability is vastly underrated. This is presumably why Project Zero releases full details at 90 days, instead of letting the vendor do all public communication, but it's also why most bug bounties include non-disclosure clauses.<br />
<br />
In other words, if vendors had their way, an advisory would have less information in it than a fortune cookie.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTkVZU4y6qXYlvS3OpmVVzWsIGYSulN2K9gyqXDwvixu6Tu0MDLpb7jKfQLAAZ5-d-hilk0TbB1b8q7YT0zjMhbaQjrxDeZMo9mNcoqZBWdPI0xvJpQeuWeI5Tg8mWBBkAuU1NVr5ItII/s1600/Screen+Shot+2020-01-15+at+9.55.24+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="313" data-original-width="1600" height="77" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTkVZU4y6qXYlvS3OpmVVzWsIGYSulN2K9gyqXDwvixu6Tu0MDLpb7jKfQLAAZ5-d-hilk0TbB1b8q7YT0zjMhbaQjrxDeZMo9mNcoqZBWdPI0xvJpQeuWeI5Tg8mWBBkAuU1NVr5ItII/s400/Screen+Shot+2020-01-15+at+9.55.24+AM.png" width="400" /></a></div>
<br />
If you've been in the security research business then you also know that vendors, and often other researchers, will often under-analyze a vulnerability. It's an interesting metric to have to see which bugs got patched, but were called LPEs when you really know they are RCE. Some companies are known to label every remote heap overflow a "crash/DoS", which becomes a funny meme, but also has strategic implications for critical infrastructure.<br />
<br />
I guess what I'm trying to say is that <b>a disparity in information is a disparity of control</b>, and nothing leverages this more than an operator in the cyber domain.Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-10989860296118574042019-12-19T12:07:00.003-08:002019-12-19T12:07:32.310-08:00DHS's cyber policy is a straight up casualty of the partisan warsA great Politico article <a href="https://www.politico.com/news/magazine/2019/12/18/america-cybersecurity-homeland-security-trump-nielsen-070149">came out this week</a> on DHS and its rocky history when it comes to executing on its cyber mission. Every aspect of it deserves a read, but it can be summed up in a few bullet points as well, for the lazy:<br />
<br />
<ul>
<li>DHS did not have the talent base to pull of a lot of its cyber mission, and probably never will</li>
<li>Budgetary scale in DHS to address cyber issues is minimal and probably always will be</li>
<li>DHS has forever lost the trust of the constituencies it needs</li>
</ul>
<br />
That last bullet point is hammered in by Kirstjen Nielsen's career implosion as she promoted harsh anti-migration methods but is emphasized by the current DHS twitter account, which is now a partisan parody of what you would want to see from an organization trying to get cooperation from large technology companies.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRPZv9Tjd_qlRXSvTbmiqB_X-tHFx84GUsvsAAYRR6ePH6JK7zQWVtwRxuqdKPOv2UVqpYhuAmtih_bCgTfYlNRbeDnMCDZ8OSCdA0b8j2zCcQ0X1bHKmOhvnQPPgfC5yNP2tvg1x5VB4/s1600/Screen+Shot+2019-12-19+at+11.52.38+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="612" data-original-width="1534" height="127" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRPZv9Tjd_qlRXSvTbmiqB_X-tHFx84GUsvsAAYRR6ePH6JK7zQWVtwRxuqdKPOv2UVqpYhuAmtih_bCgTfYlNRbeDnMCDZ8OSCdA0b8j2zCcQ0X1bHKmOhvnQPPgfC5yNP2tvg1x5VB4/s320/Screen+Shot+2019-12-19+at+11.52.38+AM.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">sheesh</td></tr>
</tbody></table>
<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP2BFCfkN49w4JyF2GjuT3hlCZs9BM2Q7K0pifESTH0MZ_YGUodgQztrF-W766wbks7ncuNlT-YALbuTdMUVBbI6qoa3MfVW1gimTXzV7vUXobkHk2u3oOuKcHoEJAoEfaDpsuGZEq4Ps/s1600/Screen+Shot+2019-12-19+at+11.49.02+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="364" data-original-width="1516" height="76" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP2BFCfkN49w4JyF2GjuT3hlCZs9BM2Q7K0pifESTH0MZ_YGUodgQztrF-W766wbks7ncuNlT-YALbuTdMUVBbI6qoa3MfVW1gimTXzV7vUXobkHk2u3oOuKcHoEJAoEfaDpsuGZEq4Ps/s320/Screen+Shot+2019-12-19+at+11.49.02+AM.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">argh</td></tr>
</tbody></table>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhz2JMae8jE0VQ3vExmLWKF2xZYtP_DP5k2-7373AC6OURNBBVaJNE_ORxFjWe7HZNxiujBhMWZhx1NN5dV12gfr2jXKPjJjWyKQdSWumJwL60UfkcngD21nEACt9HnbVTvhNH8YOnrXQI/s1600/Screen+Shot+2019-12-19+at+12.00.49+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="825" data-original-width="1600" height="165" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhz2JMae8jE0VQ3vExmLWKF2xZYtP_DP5k2-7373AC6OURNBBVaJNE_ORxFjWe7HZNxiujBhMWZhx1NN5dV12gfr2jXKPjJjWyKQdSWumJwL60UfkcngD21nEACt9HnbVTvhNH8YOnrXQI/s320/Screen+Shot+2019-12-19+at+12.00.49+PM.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Hmmm.</div>
<br />
<br />
Many people, myself included, always wonder at the efforts of government agencies to turn themselves into budget anti-virus companies. But strategically, the one thing DHS or DOJ has to offer is their reputation. When they make an attribution or statement from their official Twitter feed, that has to be believed by everyone. And we don't have that anymore, which is going to have implications up and down the cyber domain.<br />
<br />
In some ways, having an independent cyber agency is the only solution. Untainted by the other missions of DHS, without the history of DHS, without the offensive mission of the NSA or military, and perhaps set up in a way that allows private industry to trust it with a respected technical leadership. I don't see this happening any time soon, however, but it might be something for a future administration to consider.Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-15284888644705089252019-12-16T07:56:00.000-08:002019-12-16T07:59:14.031-08:00Are End Use Controls Fit For Use?<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx4aj4u3rf7aQrOyEEhbw6oSjq_OHL4yjF9p38Y96fwdcVqIN6jnBrKlZhOOHAIY8jEH0BdrnRef6DOYnHo2PYS5U57k4gkMQedgpF1h55Gf4QL_Pz_i5E6km9_n3Wc6u97nJf_iPmheQ/s1600/wassenaar.jpeg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="386" data-original-width="1158" height="106" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx4aj4u3rf7aQrOyEEhbw6oSjq_OHL4yjF9p38Y96fwdcVqIN6jnBrKlZhOOHAIY8jEH0BdrnRef6DOYnHo2PYS5U57k4gkMQedgpF1h55Gf4QL_Pz_i5E6km9_n3Wc6u97nJf_iPmheQ/s320/wassenaar.jpeg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="https://twitter.com/Aristot73/status/1203250494745010177?s=20">https://twitter.com/Aristot73/status/1203250494745010177?s=20</a><br />
(You can see here a classic case of End Use Controls)<br />
<div>
<br style="font-size: medium; text-align: start;" /></div>
</td></tr>
</tbody></table>
<div>
You would not know it from public reporting, but Export Control is in a bit of a crisis, and that crisis has a name, and that name is "End Use Controls". This is important because when I started really looking at Export Controls, post the "Intrusion Software Debacle", Export Controls were a sleepy little town at the edge of the wilderness, and now they are the center of everything, with Huawei as the most obvious example.</div>
<div>
<br /></div>
<div>
But deep down, the US has less and less ways to project strategic power, and export control is taking over the role of many other parts of diplomatic basket, parts it is not especially suited for. You can sum up the selling point of export control's historical role by saying "Preventing bad things from getting into the hands of bad people" and to a certain extent, that still exists. </div>
<div>
<br /></div>
<div>
But let's take a look at a <a href="https://www.foreignaffairs.com/articles/united-states/2019-12-12/beyond-trade-war">new article</a> from Ely Ratner, Elizabeth Rosenburg, and Paul Scharre in Foreign Affairs on Countering China.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaNiE_KHWzwAir5NAlFozWz_5E-Uuw_HHFMH_QXxvRkSoj3xKkeiDMOsOKDWChlwCZmDdP1ANmU1pAiHURLZxck-QpPn5cboJopBvZonl6HMXWlJ2CKdG3gtS7pVa5LqtZykmPufUTlLQ/s1600/Screen+Shot+2019-12-16+at+10.31.45+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="904" data-original-width="1422" height="203" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaNiE_KHWzwAir5NAlFozWz_5E-Uuw_HHFMH_QXxvRkSoj3xKkeiDMOsOKDWChlwCZmDdP1ANmU1pAiHURLZxck-QpPn5cboJopBvZonl6HMXWlJ2CKdG3gtS7pVa5LqtZykmPufUTlLQ/s320/Screen+Shot+2019-12-16+at+10.31.45+AM.png" width="320" /></a></div>
<div>
<br /></div>
<div>
Let's sum up their recommendations so you don't have to do all the reading:</div>
<div>
<ul>
<li>Boost R&D Spending</li>
<li>Attract talent by expanding high skilled Visa Program</li>
<li>Enable domestic production of 5G by using Tax incentives and government buying power</li>
<li>Enhanced Visa Screening to counter espionage and coordination with Academia on a blacklist</li>
<li>Adding PLA organizations to the Entity List</li>
<li>Blacklisting all PLA-associates from Visas (this conflicts with their other recommendation, obviously)</li>
<li><b>Expanding Export controls based on End-Use</b></li>
<li>Finding new sources of Rare Earth minerals (I assume by asteroid mining? lol)</li>
<li>Forcing Chinese companies to comply with US Financial Transparency Rules</li>
<li>Promoting BLOCKCHAIN (lol)</li>
<li>New Multilateral agreements "Just like TPP but somehow different in that we actually sign them this time"</li>
</ul>
</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnIt3D4ahAn7XQurpSzdCEu8Nw9AJrnmXYPhv3jdf5HV4Jk-1AIFXiq0mIG7sWmqt0kmFrK6SHFKFZNiK2M-c9W-vKwtUdy6WMmWIALH1XGX8aTwiLm0PkRmj1fZQTmzfyWLDFL2RVYaw/s1600/Screen+Shot+2019-12-16+at+10.43.55+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="991" data-original-width="1600" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnIt3D4ahAn7XQurpSzdCEu8Nw9AJrnmXYPhv3jdf5HV4Jk-1AIFXiq0mIG7sWmqt0kmFrK6SHFKFZNiK2M-c9W-vKwtUdy6WMmWIALH1XGX8aTwiLm0PkRmj1fZQTmzfyWLDFL2RVYaw/s320/Screen+Shot+2019-12-16+at+10.43.55+AM.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Wait, WTF? Is this for real?</td></tr>
</tbody></table>
<div>
<br /></div>
<div>
I don't know how articles like this from CNAS are not supposed to be meant as the duct-taped-banana of "Countering China" thought-pieces. The bit on export control is the most likely-to-happen bit! Equally as insane as all the other ideas though.</div>
<div>
<br /></div>
<div>
By definition, an end use control does not prevent technology from getting in the hands of bad people. It prevents companies from MARKETING technology as for a specific thing, but the technology itself is going to invariably become ubiquitous. If at any point in your creation of an export control you're saying things like "Well, this technology is so dual use that the only difference between Military and Non-Military use is the going to be the description on the task order" then what you're doing is creating a nice way to talk to people informally about the wiseness of their business model and customer-set, more than an actual "Export Control".</div>
<div>
<br /></div>
<div>
These issues are hugely relevant when it comes to understanding strategic contention around cyber tooling, but also around machine learning technology, 3d-printing, biologics, and the next generation of consumer products. Ask yourself, is there a GUIDELINE anywhere for how to create a GOOD end use control for your subject matter? What's the difference between an export control that WORKS and one that DOESN'T? If you don't have such a guideline, then you know the answer is that there is probably no good way to do it.<br />
<br />
But if export controls aren't the answer, what is?<br />
<br />
<br /></div>
Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0tag:blogger.com,1999:blog-2702972381435105050.post-54153396135733121592019-12-11T07:37:00.001-08:002019-12-11T07:59:50.137-08:00Crypto Prima Nocta<br />
Yesterday there was a big Senate hearing on Encryption and the witnesses were Matt Tait (hacker), Cyrus Vance (DA NY), Erik Neuenschwander (Apple), and Jay Sullivan (Facebook).<br />
<br />
<a href="https://www.judiciary.senate.gov/meetings/encryption-and-lawful-access-evaluating-benefits-and-risks-to-public-safety-and-privacy">https://www.judiciary.senate.gov/meetings/encryption-and-lawful-access-evaluating-benefits-and-risks-to-public-safety-and-privacy</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrh3-uqGfOQAmF9BDTR-t97zYsAq49eX4vJhASu88KECSm9TKKgHG1ihvzMPp9ytxcO0I2nd0YUmKxkoxX2BSe8yCM0WIL135bRr0aL5acG0RVyrmrAmIjSDL1pgSqaAqJEcRmXJcSXTw/s1600/Screen+Shot+2019-12-11+at+9.18.05+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="993" data-original-width="1600" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrh3-uqGfOQAmF9BDTR-t97zYsAq49eX4vJhASu88KECSm9TKKgHG1ihvzMPp9ytxcO0I2nd0YUmKxkoxX2BSe8yCM0WIL135bRr0aL5acG0RVyrmrAmIjSDL1pgSqaAqJEcRmXJcSXTw/s320/Screen+Shot+2019-12-11+at+9.18.05+AM.png" width="320" /></a></div>
<br />
<br />
For any dying government policy there's going to be a set of policy experts that advocate keeping it in the interests of Stability. Crypto policy is no different from the principle of <i>Prima Nocta</i> in that way. You can see this in Cyrus Vance's testimony, which harkened back to the balance of power when CALEA was signed into law. CALEA was 25 years ago. Has anything changed since then, do you think? It is the OK BOOMER of surveillance balances.<br />
<br />
What's really changed, since today Judaism is being defined as a nationality for some reason, is the public's awareness that maybe giving governments free access to our deepest secrets is not a great idea. What governments always say is "Terrorism, Child Exploitation Materials, Murders and Serious Crimes" but what they mean is "War on Drugs and political resistance". Senator Kennedy probably was the most pessimistic person on the panel, and literally said "Your companies don't care what we think, do they? They don't trust governments." But it's not the companies that don't trust governments so much as everybody in general.<br />
<br />
The Government (and Matt Tait's) argument is pretty simple: We need a balance that allows the Government access to anything stored on your phone at any time. They'll say "decrypted when presented with a lawful court order" but Apple's policy is even simpler: "No."<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLh9rgC75cBrYTNuGz4yD5lRnRAeLnOz7k1CzN2lsf0OPxrTCqd3QEuI8CIpxk2pD0VC6QFmY7R-mN1lC9ODqrJK_JnrPhF5c99t_FBd-bmSRnHTi8LBVjeo8TetRkfvXGQsAB1oDBp9E/s1600/Screen+Shot+2019-12-11+at+9.34.24+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="382" data-original-width="1526" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLh9rgC75cBrYTNuGz4yD5lRnRAeLnOz7k1CzN2lsf0OPxrTCqd3QEuI8CIpxk2pD0VC6QFmY7R-mN1lC9ODqrJK_JnrPhF5c99t_FBd-bmSRnHTi8LBVjeo8TetRkfvXGQsAB1oDBp9E/s640/Screen+Shot+2019-12-11+at+9.34.24+AM.png" width="640" /></a></div>
<div style="text-align: center;">
<span style="font-size: xx-small;"><a href="https://twitter.com/saleemrash1d/status/1204755568507924488?s=20">https://twitter.com/saleemrash1d/status/1204755568507924488?s=20</a></span></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
There were a couple obvious fallacies from the pro Key-Escrow testimony from Matt Tait and Cyrus Vance.<br />
<br />
<ul>
<li>Key Escrow (on devices) is doable and easily splittable from the problem of end-to-end encryption on the wire</li>
<li>Key Escrow will be secure against modification by people on their own phones</li>
<li>Various Senators assumed Apple HAD a magic key, and then decided to delete it, when Apple was super clear they just decided to enable "Full Disk Encryption" instead of "Some Disk Encryption"</li>
</ul>
<br />
I get that Surveillance-Authoritarianism is the pumpkin spice of this decade's political season - you get a bit of it with everything. At one point one of the Senators said "Is Apple willing to take liability for any attack that could have been prevented by a decryptable device?" which is an insane question, since Apple is ALSO not willing to take liability for any damage from an unencrypted device falling into the wrong hands, nor is the Government able to prevent Apple from BEING ATTACKED BY OTHER NATION-STATES or willing to take THAT liability.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsiBUi9q4pLwbu1-l9136tBwQRecwfDBAsWEX2P37Ki5jLMNj9adBlv0cgl_zJQGes7-dgGHtuThmdH6bghGC35rmHlFU12jNyrtF2vFmK1Di27KyGKaZRmZpQoUeZjCN7BiC1N6HH71s/s1600/Screen+Shot+2019-12-11+at+9.49.13+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="926" data-original-width="1524" height="388" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsiBUi9q4pLwbu1-l9136tBwQRecwfDBAsWEX2P37Ki5jLMNj9adBlv0cgl_zJQGes7-dgGHtuThmdH6bghGC35rmHlFU12jNyrtF2vFmK1Di27KyGKaZRmZpQoUeZjCN7BiC1N6HH71s/s640/Screen+Shot+2019-12-11+at+9.49.13+AM.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Lol</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
It's not possible to do key escrow as a matter of legislative policy. Even assuming a law passed that mandated it, Apple and Google would also have to magically ban any application that disabled it. This is something Apple could do to non-Jailbroken devices the same way they ban VPN services in China, but it's not something Google can do on their platform. And you cannot do key escrow without making devices less safe - Matt Tait is 100% wrong about this being a technologically feasible effort.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPjiFdIORAvDuhd8EXuvvVHW4_2ZntmExqT9ROfSsbk-rQLbNhaqyyBClab1f9vGcLk5CJXygeIa59TZgiEo4W9bGAVk9ntwNM4cOqRm2zFTP2srihWzqWu6zb9MZGmm1IrM2gKq-Wlh8/s1600/Screen+Shot+2019-12-11+at+10.15.06+AM.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1210" data-original-width="1518" height="318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPjiFdIORAvDuhd8EXuvvVHW4_2ZntmExqT9ROfSsbk-rQLbNhaqyyBClab1f9vGcLk5CJXygeIa59TZgiEo4W9bGAVk9ntwNM4cOqRm2zFTP2srihWzqWu6zb9MZGmm1IrM2gKq-Wlh8/s400/Screen+Shot+2019-12-11+at+10.15.06+AM.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">We live in a world where you can't even trust hardware (this bug came out DURING the hearing!), so adding special hardware to decrypt your device is a dumb dumb thing to do and Apple knows it.</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Lindsay Graham said point blank that if Industry doesn't magically solve this problem for him, then he's going to pass legislation about it, and there was a big bipartisan show on the floor of both support and opposition, which makes it hard to say if there's an actual plausible threat there (unlikely). But the deal has already been cast: What Law Enforcement wants out of the cloud, it can have. What it wants from the device, it cannot. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br />Dave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.com0