ࡱ> 46/01237 LbjbjUU 7|7|ElNNNN" " " Df zOzOzOOPf SJYFFYFYFYnq$s$J j` " sm@nss {NNFYFY""{{{sNFY" FY{s{p {6/ " ӛFYS 08Zf DzOtӛ D<+ʭMxRʭӛ{f f NNNNIdentity Theft April 8, 2006 Team 2 John Casarella Dave Fronckowiak Larry Immohr Linda Liu Sandy Westcott Table of Contents  TOC \o "1-3" \h \z  HYPERLINK \l "_Toc131998907" I. Introduction  PAGEREF _Toc131998907 \h 3  HYPERLINK \l "_Toc131998908" II. What is Identity Theft?  PAGEREF _Toc131998908 \h 3  HYPERLINK \l "_Toc131998909" III. Literature Review  PAGEREF _Toc131998909 \h 4  HYPERLINK \l "_Toc131998910" Individual Costs  PAGEREF _Toc131998910 \h 8  HYPERLINK \l "_Toc131998911" Cost to Business  PAGEREF _Toc131998911 \h 8  HYPERLINK \l "_Toc131998912" Cost to the Criminal Justice System  PAGEREF _Toc131998912 \h 8  HYPERLINK \l "_Toc131998913" IV. Industry Statistics  PAGEREF _Toc131998913 \h 10  HYPERLINK \l "_Toc131998914" US Statistics Data  PAGEREF _Toc131998914 \h 11  HYPERLINK \l "_Toc131998915" V Case Studies  PAGEREF _Toc131998915 \h 15  HYPERLINK \l "_Toc131998916" Case I: Citigroup  PAGEREF _Toc131998916 \h 15  HYPERLINK \l "_Toc131998917" Case II: ChoicePoint  PAGEREF _Toc131998917 \h 16  HYPERLINK \l "_Toc131998918" Case III: Egghead.com  PAGEREF _Toc131998918 \h 17  HYPERLINK \l "_Toc131998919" Case IV: New Jersey Crime Ring  PAGEREF _Toc131998919 \h 18  HYPERLINK \l "_Toc131998920" Case V: LexisNexis  PAGEREF _Toc131998920 \h 19  HYPERLINK \l "_Toc131998921" VI Protective Measures  PAGEREF _Toc131998921 \h 21  HYPERLINK \l "_Toc131998922" Protective Measures against Identity Theft  PAGEREF _Toc131998922 \h 21  HYPERLINK \l "_Toc131998923" Individual Measures  PAGEREF _Toc131998923 \h 22  HYPERLINK \l "_Toc131998924" Educative Measures  PAGEREF _Toc131998924 \h 26  HYPERLINK \l "_Toc131998925" Business Measures, Expectations and Requirements  PAGEREF _Toc131998925 \h 26  HYPERLINK \l "_Toc131998926" Law Enforcement and Adjudication  PAGEREF _Toc131998926 \h 29  HYPERLINK \l "_Toc131998927" Information Technology  PAGEREF _Toc131998927 \h 30  HYPERLINK \l "_Toc131998928" Additional Measures  PAGEREF _Toc131998928 \h 31  HYPERLINK \l "_Toc131998929" Recommendations from the Privacy Clearinghouse  PAGEREF _Toc131998929 \h 32  HYPERLINK \l "_Toc131998930" Conclusions  PAGEREF _Toc131998930 \h 35  HYPERLINK \l "_Toc131998931" References  PAGEREF _Toc131998931 \h 37  HYPERLINK \l "_Toc131998932" Appendix A Additional Charts & Tables  PAGEREF _Toc131998932 \h 42  HYPERLINK \l "_Toc131998933" Table 1. Summary of Identity Theft Techniques and Statistics  PAGEREF _Toc131998933 \h 42  HYPERLINK \l "_Toc131998934" Table 2. Top Ten States for Identity Theft - Information courtesy Federal Trade Commission Created February 1, 2005  PAGEREF _Toc131998934 \h 42  HYPERLINK \l "_Toc131998935" Table 3. Disclosed Incidents at 2005 and 2006 by categories  PAGEREF _Toc131998935 \h 43  HYPERLINK \l "_Toc131998936" Table 4. Costs of ID Theft  PAGEREF _Toc131998936 \h 43  HYPERLINK \l "_Toc131998937" Table 5. FTC Sentinel Top Complaint Categories by Calendar Year 2003 through 2005:  PAGEREF _Toc131998937 \h 44  HYPERLINK \l "_Toc131998938" Table 6. Techniques to reduce Identity Theft  PAGEREF _Toc131998938 \h 45  HYPERLINK \l "_Toc131998939" Chart 1. FTC Sentinel Complaints by Calendar Year 2003 through 2005:  PAGEREF _Toc131998939 \h 46  HYPERLINK \l "_Toc131998940" Table 6. Summarizing Case Studies  PAGEREF _Toc131998940 \h 47  HYPERLINK \l "_Toc131998941" Chart 2. Pie Chart of Percentages  PAGEREF _Toc131998941 \h 48  I. Introduction Identity theft is not a new crime, although recently it has seen a significant upswing. The increased availability of personal information is fueling the changes. This analysis will investigate the definition of identity theft today. Review existing measures, which can be taken to curb identity theft. Also, new measures to minimize identity theft will be introduced. II. What is Identity Theft? Identity theft can be viewed to mean different things to different people. This section will summarize the different definitions of identity theft and categorize them as they relate to the physical act of identity theft and the victim whose identity has been stolen. In its basic form, identity theft is the stealing of another individuals identity for ones self-gain. Identity theft is not new for individual identification documents such as passports and drivers licenses, which have been forged for years. New is the increased trend at which identities are being stolen due to the access of personal information that is becoming more readily available, and the printing, scanning, and copying capability of modern office equipment. To better understand identity theft and subsequently develop protective measures, identity information access and the use of this personal information by the perpetrator must be analyzed. In terms of identity information access, identity information can be obtained through physical means such as rummaging through an individuals garbage to obtain discarded credit card mailings or bank account statements or through telephone calls under false pretenses to search for personal information. Identity information can also be obtained through electronic means such as Phishing or the creation of websites to obtain personal account information and passwords. Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. [23] In terms of the use of this information, identity theft applies to both using an individuals identity to open new bank and credit accounts to using existing accounts whereby additional charges are added to an existing credit card or funds are withdrawn from an existing bank account. III. Literature Review The literature will be reviewed with respect to the types of identity theft, which exist, and the increasing trend in identity theft with associated industry statistics. The Identity Theft Act (U.S. Public Law 105-318) identifies identity theft offenders as anyone who knowingly transfers or uses, without lawful authority, any name or number that may be used, alone or in conjunction with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable state or local law. [31] Figure 1 shows a unique schema in which the literature can be categorized and reviewed with the above identity theft definition in mind.  SHAPE \* MERGEFORMAT  Figure 1. Identity Theft Literature Relational Schema Victims of identity theft can be classified into three categories based upon the severity of the problem: new accounts and other frauds, misuse of existing credit card or credit card number, and misuse of non-credit card account or account number [11]. Figure 1 categorizes identity theft as physical personal information theft, or non-computer related theft, and electronic personal information theft, or e-commerce theft, which encompasses B2B and B2C usage. These two categories are then divided into theft based upon the use of existing personal information such as existing credit cards and theft based upon the creation of new accounts using an individuals personal information. The United States Congress enacted the Identity Theft and Assumption Deterrence Act in 1998. The Congress directed the Federal Trade Commission (FTC) to establish a central repository for identity theft complaints. In addition, the FTC was directed to provide assistance to victims of identity theft and also to educate consumers about identity theft, how to protect oneself against the crime, and what to do if one is a victim of the crime. The FTC is chartered to log all consumer complaints of identity theft, provide identity theft victims with informational materials, and assist victims of identity theft to the appropriate consumer reporting agencies and law enforcement agencies. [9] According to the FTC, 246,570 consumer complaints of identity theft were received during 2004. Of those complaints, the FTC estimated that 28% of the complaints were attributed to credit card fraud, 19% to utilities and phone fraud, 18% to banking fraud, and 13% to employment fraud. Following closely behind those complaints were government documents and benefits fraud, and loan fraud. In addition, between 2002 and 2004 the complaints of Electronic Funds Transfer fraud have more than doubled. [10] The FTC estimates that 9.91 million Americans will be victimized by some form of identity theft in 2005 [10] One major problem with obtaining accurate statistics about the total number of identity theft victims in the United States is that many consumers may not even know that their identities have been stolen. [10] Another problem is that when some individuals discover that their identities have been stolen, they fail to report the crime to any government or law enforcement agencies. According to a 2005 Department of Justice report, victims with household incomes of $25,000 or less and older victims are less likely to report their victimization. [31] As Figure 2 indicates, the number of consumers victimized by identity theft is growing, however the number of requests for information about identity theft has declined. [33]  Figure 2: Identity Theft Clearinghouse Activity Sources: FTC, 2005, 2004, 2003b. Identity theft produces two victimsthe individual whose identity was stolen and the business whose services and goods were stolen. The addition of new data security measures and other forms of consumer fraud prevention have increased the cost of doing business by billions of dollars per year. Furthermore, there is an increased strain on the criminal justice system and prosecution costs taxpayers thousands of dollars per case. For individual victims of identity theft, the FTC conservatively estimates that the overall cost is in excess of $60 billion, with the average individual out of pocket expense averaging approximately $800. [31] Despite the financial cost to individuals, there is also a human cost in time and effort needed to resolve the theft, and the emotional cost of having been victimized. Victims have reported that it has taken anywhere from hours to months to resolve the crime. [31, 40] Individual Costs Individuals may be victimized in a variety of ways. The identity thieves to purchase goods and services may use victims existing credit cards and accounts. The FTC estimates that the average loss to individual consumers is approximately $5.0 billion annually with the victims whose identity was used to open new accounts bearing the burden of $3.8 billion. [15] The average out of pocket expenses incurred by individuals who have had their personal information stolen have been reported at an estimated loss of $500 $2,000 [15] In addition to monetary loss, individuals also need to devote time to resolving the issues. This may take anywhere from several hours or days, to taking several months. The FTC reported that individuals attempting to resolve the crime and restore their credit spent a total of 300 million hours. The victims of new accounts spent a disproportionate amount of that time. [Refer to table 4 in Appendix A] Cost to Business The cost to businesses is increasing as the number of victims grows. Businesses are incurring over $50 billion in losses annually and have seen an increase in expenses as they are forced to increase their security measures and upgrade their computer systems. [15] Credit card companies are incurring additional costs associated with issuance of new cards to replace stolen cards, credit bureaus are incurring extra costs due to additional monitoring of accounts for unusual activity, banks have installed newer surveillance equipment, and many financial institutions are forced to absorb the costs of the theft. [15] Cost to the Criminal Justice System As identity theft crimes increase and are prosecuted, this will place an increasing strain on an already overburdened criminal justice system. The GAO estimated that it costs approximately $12,000 to prosecute one white-collar criminal case. [34] In 2001, it cost almost $20,000 to maintain one white collar criminal in prison --- these costs have obviously increased since then. [34] There is a shortage of police personnel and court officers all of which means increased costs for the taxpayer. Prisons and jails are overcrowded and new ones need to be built. IV. Industry Statistics Identity theft remains the #1 concern among consumers contacting the Federal Trade Commission. Their fears are not unfounded. The facts on identity theft statistics number speak for themselves. Consumer Sentinel collects information about consumer fraud and identity theft from the FTC and over 150 other organizations and makes it available to law enforcement partners across the nation and throughout the world for use in their investigations. Launched in 1997, the Sentinel database now includes almost three million complains and is accessible to over 1,400 law enforcement agencies including every state attorney general in the U.S. and consumer protection agencies in 19 nations [21]. Between January and December 2005, Consumer Sentinel, the complaint database developed and maintained by the FTC, received over 685,000 consumer fraud and identity theft complaints. Consumers reported losses from fraud of more than $680 million. 63% represented fraud and 37% were identity theft complaints. [10] Credit card fraud (26%) was the most common form of reported identity theft followed by phone or utilities fraud (18%), bank fraud (17%), and employment fraud (12%). Other significant categories of identity theft reported by victims were government documents/benefits fraud (9%) and loan fraud (5%). [10] Electronic Fund Transfer related identity theft was the most frequently reported type of identity theft bank fraud during calendar year 2005. The major metropolitan areas with the highest per capita rates of reported identity theft are Phoenix-Mesa-Scottsdale, AZ; Las Vegas-Paradise, NV; and Riverside-San Bernardino-Ontario, CA. [10] The 2002 FTC Annual Report revealed the following: ( HYPERLINK "http://www.consumer.gov/sentinel" \t "_blank" www.consumer.gov/sentinel) Top 10 locations in # of victims (in order): Washington D.C., California, Arizona, Nevada, Texas, Florida, New York, Washington, Maryland, Oregon. [10] Study done in 2000- Nowhere to Turn, done by Privacy Rights Clearinghouse and CalPIRG. Found at  HYPERLINK "http://www.privacyrights.org" \t "_blank" www.privacyrights.org Revised 9-03 US Statistics Data Based on the Federal Trade Commissions (FTC) 2003 survey, Federal Deposit Insurance Corporation 2004 study, the Better Business Bureau in conjunction with Javelin Strategy and Researchs 2006 & 2005 Identity Fraud Survey Report, the selected statistic related findings are summarized as following: (Please see summary at Appendix A Table #1) Total one-year fraud amount rose from $53.2 billion in 2003 and $54.4 billion in 2005 to $56.6 billion in 2006 [11]. The average fraud amount per victim rising from $5,249 in 2003 and $5,885 in 2005 to $6,383 in 2006 [11]. As January 2005, the past twelve months, there were 9.3 million Americans victims of identity theft [11]. Most incidents still obtain personal information through traditional rather than electronic channels. In the cases where the method was known, 68.2% of information was obtained off-line versus only 11.6% obtained online [9]. Conventional methods such as through lost or stolen wallets, misappropriation by family and friends, and theft of paper mail are among the most common ways thieves gain access to information [9]. While precise statistics on the prevalence of account hijacking are difficult to obtain, recent studies indicate that unauthorized access to checking accounts is the fastest growing form of identity theft. [8] Study shows that consumers are attributing risk to their use of the Internet to conduct financial transactions, and many experts believe that electronic fraud, especially account hijacking, will have the effect of slowing the growth of online banking and eCommerce. [8] An estimated 19% of those attacked have clicked on the link in a Phishing email. Most, if not all, large financial institutions and electronic bill paying services (ex. Pay Pal) have been hit with Phishing attacks. [8] Because many phishing attacks originate overseas and because the average life span of a phishing web site is 2.25 days, the sites are hard to shut down. [8] On 2003, identity theft losses to businesses and financial institutions totaled $47.6 billion and consumer victims reported $5 billion in out-of-pocket expenses. In those cases, the loss to business and financial institutions was $10,200 per victim totaling $32.9 billion. Individual victims lost an average of $1,180 for a total of $3.8 billion. [19] Based on 2003 Gartner Survey, the identity thieves have just a one in 700 chance of being caught by the federal authorities due to this crime is often misclassified. [19] Based on January 2006, Websense Security Labs shows the top 10 countries hosting phishing sites are: [1] United States (36.57%) China (8.98%) Republic of Korea (7.7%) Germany (3.75%) Japan (2.8%) Taiwan (2.68%) France (2.37%) United Kingdom (2.1%) Canada (2.06%) Brazil (1.62%) The top ten states with the highest number of identity theft victims per 100 thousands population between January 1 December 31, 2004 are Arizona, Nevada, California, Texas, Colorado, Florida, New York, Washington, Oregon, Illinois. [10] [See Appendix Table #2] Based on the 2005 and 2006 incidents disclosure report from nonprofit organization Identity Theft Resource Center (ITRC), there are at least 152 incidents have been disclosed and potentially affecting more than 57.7 million individuals in 2005. In 2006, so far there are 36 incidents and 1.9 million individuals are affected. [21]][See Appendix Table #3] As FTC data indicated that the total fraud complaints rose from 327,479 in 2003 to 406,193 in 2004 and to 431,118 in 2005. Among those reported complaints, identity theft cases were 215,177 in 2003, 246,847 in 2004 and 255,565 in 2005. [13][See Appendix Chart #1] Identity Theft is the #1 among all complaint categories for the past 3 years and estimated number still increasing. See detail complaints categories shown in Appendix Table #5 and Chart #2. V Case Studies Case I: Citigroup In May 2005, Citigroup lost computer tapes that were being sent to the credit bureau via UPS. The data on the tapes included Social Security numbers and payment history information for 3.9 million customers. After this event, this New York based company decided to start sending its data to the credit bureau electronically using encryption [5]. Citigroup should have learned a lesson from Time Warner who lost a shipment of backup tapes that contained personal information of 600,000 employees that was being sent to an offsite data storage company in March of 2005 [7]. But the question remains, why was Citigroup sending sensitive information unsecured? Why did they not encrypt the data in the first place, and why did they fail to realize that these tapes could get lost or stolen as evidenced by what happened to Time Warner? The answer may be because Citigroup did not correctly identify the risk. Citigroup believed that UPS was a secure method for sending this information and that the data would be difficult to retrieve off the tapes because of the hardware needed to read the tapes. Citigroup needed to evaluate this risk of properly protecting confidential information while in transmission. Now, Citigroup has the issue of dealing with the negative publicity associated with this event, and the loss of any potential customers/revenue it will lose because of it. This issue could have been avoided if Citigroup would have properly identified this risk and taken the steps to protect this information. If the tapes were lost and the data was encrypted, then this story would have never happened. Case II: ChoicePoint ChoicePoint has made more than 50 acquisitions since 1997 to make it the owner of one of the largest collections of personal data in the United States. ChoicePoint sells data to clients doing background checks on job and loan applicants and conducting criminal investigations [36]. On February 16, 2005, ChoicePoint went public to tell 145,000 people that identity thieves may have gained access to their personal information including their Social Security numbers and credit reports. Authorities believe it was the work of a group of people who used IDs stolen from legitimate business people to set up phony businesses that contracted with ChoicePoint for ID checks, Bernknopf (ChoicePoints spoke person) said [3]. With the ChoicePoints security incident, there was no firewall hacked, or an IDS fooled. This was a deceptive scheme that took advantage of security holes in the business process. ChoicePoints CISO, Rich Baich, stated, The mislabeling of this event as a hack is killing ChoicePoint. Its such a negative impression that suggests we failed to provide adequate protection. Fraud happens everyday. Hacks dont [36]. ChoicePoints emphasis was that they were the victims of fraud, and therefore not at fault for the incident. The bottom line is that confidential information was stolen, and the individuals who had their information stolen do not care if it was a hacker or if the company was a victim of fraud. ChoicePoint failed to identify holes in the business process that allowed this event to occur. ChoicePoint needs to recognize that identifying risks with their business process is just as important as securing their information system from an external hacker. Case III: Egghead.com Egghead Software was a company that opened in 1984 to sell computer hardware and software and grew to more than 205 stores worldwide. Then in 1998 the company moved its business to the Internet as Egghead.com. In December of 2000, Egghead.com stated, a hacker has breached its computer system and may have gained access to its customer database [4]. Jerry Kaplan, Egghead.coms co-chairman, stated that there was no evidence to support that the database with the credit card numbers for its customer was stolen but, he also could not give confirmation that they were not stolen. Egghead's inability to determine how many of its customers credit cards had been compromised may mean that the company does not have a real-time auditing system in place, said Paul Robertson, senior developer for security service firm TruSecure Corp. If you don't know how many credit-card numbers you lost, you are giving a quick, blanket, worst-case answer--and then finding out what happened afterwards, he said. [2]. The way that Egghead.com handled its security incident showed that they did not have a good plan to manage the theft of information; it appeared as if they created the plan to handle this situation as the situation unfolded. This lack of planning and risk analysis by management caused Egghead.coms business to suffer tremendously. Shortly after this event, Egghead.com went into bankruptcy, and on November 26, 2001, Amazon.com acquired Egghead.coms assets in the Bankruptcy Court [4]. It is evident that the inability of Egghead.com to successful determine with certainty the extent of information stolen caused more damage to the companys reputation then the actual event itself. If Egghead.com had a well developed incident response plan in place to handle this security breach and a way to handle the media after the breach, Egghead.com may have been able to weather the storm and remain in business. However, all customer confidence was lost after the incident and Egghead.com was not able to recover. Case IV: New Jersey Crime Ring Bank employees for Wachovia Corporation, Bank of America Corporation, Commerce Bancorp Inc., and PNC Bank stole information on 676,000 customer accounts that are all New Jersey residents. The U.S. Department of the Treasury considers it the largest banking security breach in history. The suspects pulled up the account data while working inside their banks, then printed out screen captures of the information or wrote it out by hand, Lomia (a New Jersey Police Detective) said. The data was then provided to a company called DRL Associates Inc., which had been set up as a front for the operation. DRL advertised itself as a deadbeat-locator service and as a collection agency, but was not properly licensed for those activities by the state, police said [14]. With this security breach, there was no technology involved. No hackers breached the information system. This was completely an inside job. The question becomes one of how this could have been prevented? The answer is that in some cases the theft of information cannot be prevented. The only the thing that management can do is be prepared for when it does happen. Because of incidents like this, it is becoming a duty of management to have an incident response plan in place long before a security breach happens. From a risk analysis viewpoint, an incident like this is difficult to detect and almost impossible to stop before it happens. But when it does happen and the criminals are caught, it becomes a necessity to punish the ones responsible to the full extent of the law to deter others from following suit. Case V: LexisNexis LexisNexis is provider of legal and business data. In March of 2005, LexisNexis announced that the information on 32,000 people was stolen. These breaches occurred at one of the subsidiary companies, Seisint Inc. Seisnt Inc. was the company who was the provider of data to the Multistate Anti-Terrorism Information Exchange (MATRIX) system. LexisNexis, which acquired Seisint of Boca Raton, Florida, in September for $775 million, expressed regret over the incident and said that it is notifying the individuals whose information may have been accessed and will provide them with credit-monitoring services [17]. In this incident, hackers stole username and passwords of legitimate users to access the confidential information. In a statement, Kurt Sanford, president and CEO of LexisNexis Corporate and Federal Markets, said that the company will improve the user ID and password administration procedures that its customers use and will devote more resources to protecting user's privacy and reinforcing the importance of privacy [17]. This security breach is very similar to the incident that happened at ChoicePoint who is one of LexisNexiss competitors. There are several policies that should have been implemented that could have reduced the risk of this security breach. Since LexisNexis gives third parties access to its confidential information, there becomes a need to educate these organizations on certain practices to protect the data. Where was this education, and was there a lack of education due to the possible effect that it could have on business? Also, what was the password policy for its customers? LexisNexis has not elaborated on the details of the security breach, but considering the statement of the CEO of LexisNexis after the incident, there clearly seems that there was a failure to detect the risk associated with their customers password policy that could result in a theft of information. LexisNexis inability to properly assess this risk caused the security breach. Through education and a secure password administration policy, this event could have been avoided. VI Protective Measures Protective Measures against Identity Theft  SHAPE \* MERGEFORMAT  Figure 3 Electronic Personal Information Schema The opportunity to assume someone elses identity has been around since recorded history began. With the advent of a national and international postal system personal information started flowing between the hands of total strangers. Thus opportunities for abuse of such information were created. In addition, the commission of a burglary would certainly allow someone to gain access to ones personal information. In the past, identity thieves were somewhat content in using this information solely for financial gain, but this has changed in the information age, which has become dependent upon ones personal information stored in digital format; information which is needed, required and used daily for a multitude of reasons. It is this electronic storage of personal data, which has afforded individuals of devious means to gain access and to then use this information for personal gain, at the expense of the person who has been victimized. We currently do not have the technology to completely safeguard our personal information, especially when one considers this information is stored or is found in various degrees of completeness in a multitude of locations. Without safeguarding standards, the ease or degree of difficulty in gaining access to it varies from storage facility to storage facility. And least we not forget the time and effort expended by those of devious means to succeed at identity theft. There are some protective measures available to both individuals and businesses, including measures requiring cooperation between both. There is also the need to involve various law enforcement agencies, government and information technology, acting separately and in concert, to decrease the ability for someone to steal an identity, as well as in the punishment for the crime once committed. It is not unreasonable to implicate the complexity of the information technology itself has fostered an increase in identity theft. Individual Measures It is still apparent that it is basically the responsibility of the individual to be proactive in protecting his or hers identity. There are some very obvious measures, which should always be taken. Some examples include limiting the number of credit cards carried; do not carry your Social Security card on your person, there is no need to do so; do not keep important documents or documents with personal information on them in your automobile, they should be locked safely at home and one should burglar-proof ones home according to insurance guideless and common sense. There are some basic technology measures that are available to assist in preventing identity theft. Obviously, using difficult to decipher passwords is a starting point. It is surprising how many people use their name or the name of their children as passwords. Remember to commit all passwords to memory with some algorithm to recall them. Destroy the hard drive of your computer if you are selling it, giving it to charity, or otherwise disposing of it. Dont just erase the hard drive; physically remove it. One should give careful consideration what personal information should be stored on laptops, PDAs and USB memory sticks, items easily stolen [7]. Periodic deletion of cookies and the temporary internet files will help, but are only small steps in protecting your identity. Updating both hardware and software is also important, but again, the criminal has already obtained the latest in counter measures to help him to sniff for the data required to steal your identity. Email is notorious as an avenue to extract the necessary information required for identity theft, especially when offering some form of monetary gift or the threat of limiting the access to your own funds. Spyware is becoming an increasing aspect of personal computing. Many sites will place some form of spyware on your computer for the sole reason of collecting demographic data, data that may translate into information that will allow others to steal your identity. There are laws currently on the books of many state and new ones under consideration that will make the placing of spyware a criminal act unless the person is specifically notified that such an occurrence will take place upon the acceptance of the EULA, use of downloaded software, etc. [24]. There are software products such as Spy-sweeper, ad-aware, etc that will identity, remove and even stop the placement of spyware on your computer. The FTC is also doing its best to educate the general public in how to identify when spyware has been installed on your computer. There are some signs when spyware has taken over a computer, such as a multitude of pop-ups and sluggish performance to name two [24]. Identity theft is based upon obtaining documents containing someones personal information. Unoccupied houses or apartments are the prime locations for delivery of products or diverted mail. Credit applications or driver's license renewal forms are at risk in mailboxes; products bought with stolen credit cards on the Internet are delivered to such addresses. Maintain records of applications to forward mail or packages (the Postal Service now requires people to show ID to submit a change-of-address or mail forwarding application). Under the category of personal finance, remember to examine your credit reports from the major national credit reporting firms at least once a year to make sure no one has established credit in your name or is ruining your credit after stealing your identity. The recently enacted Fair and Accurate Credit Transactions Act requires that each of the three major credit-reporting agencies provide consumers with a free credit report once a year. Shred all financial statements, billing statements, and pre-approved credit card before throwing them into the trash. Crosscut shredding is best. No shredder? Use scissors to cut documents. Minimize the number of identification and credit cards you carry with you. Take only whats absolutely necessary. One should cancel all the credit cards, which have not been used in the last six months. Open credit is a prime target if an identity thief spies it in your credit report. Dont give out your financial or personal information over the phone or Internet, unless you have initiated the contact or know for certain with whom you are dealing. The number and type of scams used to extract personal information increase change constantly. It is prudent to learn as much as you can about the various kinds of scams being perpetrated to steal your identity. Of course there are still the obvious methods of discovering identity theft, which begins with an examination of your bank and credit card statements each month for mistakes or unfamiliar charges that might be the sign of an identity thief at work. Credit statements and other bills have a pattern on when they arrived in the mail. Us this pattern to determine is a statement is late and if it is, call and inquire why. If offered, one should always use direct deposit for your paycheck. If someone contacts you by telephone representing your bank and begins to request personal information to update your records, request their name and telephone number, then call your bank and confirm using the general number. Most likely upon this request, the caller will hang up. The number and type of scams used to extract personal information increases and constantly changes. It is prudent to learn as much as you can about the various scams being perpetrated to steal your identity. A new scam has surfaced which relies on your fear of the IRS. A caller claims he or she is from the IRS and will provide some form of threat which can only rectified by confirming your personal information. The IRS will never contact you via telephone, it is required they contact you by mail. A decedent becomes an easy target for identity theft, but there are precautions, which can be taken to decrease the risk. Overall, it is always best to notify all entities in writing; sent certified, with return receipt requested. Remember to maintain a photocopy of all correspondence: letters, documents, etc., not just digitally. Obtain copies of the official death certificate and immediately notify credit card companies, banks, etc. of the death. All closed accounts should be labeled as such with Closed. Account holder is deceased. One should request a copy of the credit report of the deceased and flag the account with the following alert: Deceased. Do not issue credit, for example [16]. Remember to remove all references to the decedent and transfer them to the surviving spouse. Additional groups to notify include, but are not limited to, the Social Security Administration, insurance companies, the Veterans Administration and the Department of Motor Vehicles. Educative Measures There are a few educative measures that can be taken; mostly to inform the public of the dangers of identity theft and what measures they can do to lessen the risk. There are a large number of web sites that are dedicated to educating the public about identity theft. It is important to provide community outreach programs, especially to senior citizens who do not have access to the Internet or are unable to do so. One publication on preventing identity theft is available free on the Internet or from the Federal Trade Commission: Identity Theft: When Bad Things Happen to Your Good Name. Much of this advice is really just common sense. Of paramount importance is to provide the needed information on what to do once identity theft is discovered. Swift action will minimize the potential loss and stress of becoming a victim Business Measures, Expectations and Requirements The liability to corporations, business, banks, etc. in the event of the theft of personal information for which they have been entrusted for safekeeping appears to be limited to bad public relations or a public acknowledgement of the occurrence. Many times the theft of individual information is not immediately made public. California has enacted legislation that requires the public disclosure whenever the personal information has been compromised. With a limited financial risk, businesses may be slow in the installation of safeguards, but this could change if laws required issuers of credit, banks, credit clearing establishments to adopt more fraud-proof practices or become financially responsible for the monetary damage to those affected by the theft of information. It appears it is quite easy to obtain the personal information of individuals from businesses, but there are a few immediate safeguards which should be put into force. For example, businesses should be required to do more in-depth background checks to insure applicants are who they say they are. The reliance on Social Security numbers should also be abandoned. An example is the use of your SSN as your health insurance subscriber number. It is important businesses understand their fiduciary responsibility associated with maintaining the personal information of employees and customers. Inadequately protected business records are an invitation to identity thieves. And some of the measures by which a business can protect their data are considered low-tech. Many businesses do not institute security procedures because they do not appear cost effective. There are some simple, cost effective measures that are available to businesses. All involve the due diligence of people. Businesses should request additional identification beyond someones SSN for identity verification, especially when a persons address is different or there was a recent change of address. Business should also end the practice of relying solely on a persons SSN as a means of establishing a persons identity. The Identity Theft Center (Linda Foley, Executive Director) , has developed a list of important points that business can use to determine if business they deal with are exposing them and their confidential information to Identity theft. An abbreviated listing of the key points is below. Does the business you conduct business with: 1) It provides cross-cut paper shredders at each workstation or cash register area or uses a locked wastebasket and shredding company for the disposal of credit card slips, unwanted applications or documents, sensitive data or prescription forms. 2) It uses an alternate number instead of a social security numbers (SSN) for employee, client and customer ID numbers. 3) It never sends out mail that includes your complete SSN. 4) It requires its health insurance providers to use an alternate number rather than the SSN for membership numbers on health insurance cards. 5) In the event of a computer breach of a database that contains sensitive information; affected individuals are notified in a timely manner. 6) It places photos on employee business cards for better identification and security. 7) It encrypts or password guards all sensitive data stored on computers AND it allows access only on a need-to-know basis. For a complete list and additional information, please reference Factsheet number 102, which is located at the website of ID Theft Center. [41] Law Enforcement and Adjudication Punishment and the adjudication of those engaged in identity theft are still based on outdated laws, which are applicable to theft in general. It is well known among these thieves, how little risk they face. The current legal system does not perceive identity theft as serious as many other crimes. The lack of laws specific to identity theft adds to the confusion for judges, district attorneys and law enforcement personal. Identity theft is a serious crime that often is taken too lightly. Stiffer penalties and more aggressive prosecution are needed. In addition, law enforcement needs to become educated in the forensics of investigating identity theft. There is a recommendation to make the possession, selling and use of personal information a felony. It is difficult if not impossible to prove intent as it is currently required, but it is simpler to catch thieves with the confidential information of others. This improves the possibility of prosecution and raises the risk factor for the criminals. Identity theft is not local, but national and international in scope. Thus it is recommended that law enforcement adopt practices, which include databases similar to, that used by narcotic agents, which facilitates the sharing and comparing of information. More importantly, time and resources should be invested in programs and trainings that will facilitate interagency coordination. Central agencies such as the Consumer Sentinel should conduct more outreach to ensure officers are aware of existing databases and have sufficient training to use them. During the investigation of the identity theft, there is the need for cooperation from various businesses, credit agencies, etc., who are often not cooperative. New legislation (Federal), which would facilitate the exchange of data between law enforcement and businesses and banks during the investigation, is necessary. Until recently, many financial institutions would not provide information to law enforcement without a court order or similar legal process. This was removed by the Fair and Accurate Credit Transactions Act in June of 2004,an example of increasing the cooperation and removing barriers to prosecutors. Information Technology As previously noted, information technology itself is implicated as fostering the increase in identity theft. Weaknesses have been identified in the systems, which exchange information and are taken advantage of by those with devious intent. As technology advances, it is often these advances that are used by identity thieves. It is important to use emerging technology and current technology to assist in the identification of areas where the offenders will concentrate their efforts. A good example of this is the Anti-Phishing website at www.FraudWatchInternational.com. Technology is also able to assist in creating a difficult environment for identity thieves to operate. It also can help individuals safeguard their personal information. A sample of recommended technology solutions follow. These suggestions are taken from a multiple references. Tamper proofed plastic cards such as debit, check, credit, phone, college IDs, visas, drivers license, workplace IDs, and various kinds of smart cards. Tamper proofed documents such as visas, passports, birth and death certificates, letters of credit, documents of ownership, property titles, documents of financial exchange, wills etc. Firewalls and encryption software used for online transactions, such as online purchases by credit card; online voting, online renewal of motor vehicle registration etc. RFID chips (Radio Frequency Identification chips) which allow for the tracking of people and objects. [31] Authentication procedures are considered paramount in the fight against identity theft. Even the use or addition of a simple authentication requirement such as a password or a photograph will substantially reduce fraud. Information Technology (IT) is a valuable weapon in the war against identity theft, but it is administered by people and ultimately maintaining the systems which access and preserve databases of personal information will depend for its security on the individuals who are entrusted to maintain them [31]. This is not to say that technology cannot help reduce this risk. A key to protecting the passwords and identity of individuals may fall upon the use of Quantum Encryption and Biometrics to assist in the authentication of an individual. Again, business will need to evaluate the risk on not implementing these forms of authentication. In conclusion, it should be noted that of the various businesses, which are associated with or are involved in identity theft, insurance companies might prove to be the major players. It is they who should spearhead the introduction of improved security for identities; for insurance companies operate on the assumption consumers will pay money to ensure the security of themselves and their possessions. [31] Additional Measures One obvious pre-emptive measure that is available to most people is to limit the use of electronic banking and online purchases in order to minimize the exposure to risk. People have become too dependent upon the false promises of ease of use or timesavings that is associated with online banking and purchasing. When using personal checks to pay bills, people might consider limiting the amount of personal information that they put on personal checks, including account numbers, social security numbers, home addresses, home phone numbers, and credit card numbers. It may also be advisable for people to walk away from transactions or purchases that require a person to provide information beyond what is considered reasonable and safe. In many cases, a home phone number, drivers license information, or social security number is not necessary for the completion of a transaction, yet it is requested. Recommendations from the Privacy Clearinghouse [36, 38] The Internet provides considerable information on how businesses should protect their records. The Privacy Rights Clearinghouse recommends the following practices: Develop a comprehensive privacy policy that includes responsible information-handling procedures. Use a shredder or similar document-disposal method. Conduct regular staff training, new-employee orientations, and spot checks on proper information care. Support and participate in multi-agency financial-crimes task forces. Limit data collection to the minimum of information needed; for example, limit requests for social security numbers. Put limits on data disclosure. For example, must social security numbers be printed on paychecks, parking permits, staff badges, time sheets, training program rosters, staff promotion lists, monthly account statements, client reports, etc.? Restrict data access to only those employees with a legitimate need to know. Audit all electronic trails. Impose strict penalties for browsing and illegitimate access. Conduct employee background checks. Screen cleaning services, temp services, etc. Include responsible information handling practices in business school courses, and even in elementary schools, if children have access to computers. Keep social security numbers out of general circulation. Prohibit the use of social security numbers to obtain a driver's license, health insurance ID, or other forms of identification. Prohibit the sale of social security numbers, available now on information-broker websites. Maintain central clearinghouses in each state for lost and stolen driver's licenses. Conduct better photo- and ID-checking for new, duplicate, and replacement IDs. Restrict access to birth certificates in states where they are now publicly accessible. Remove social security numbers and other sensitive information from public records, especially when accessible on the Internet. Improve identity checking procedures for "instant" credit, favored by identity thieves. Put photographs on credit cards, or other authentication indicators such as smart chips or PINS. Request additional ID when verifying credit card purchases at the point of sale. Enable customers to put passwords on credit accounts. Truncate digits on account numbers printed on receipts at the point of sale. Use account-profiling systems to detect unusual activity. Notify the consumer of possible fraud. Check if there is an existing account in the applicant's name. Check the social security master-death index. Reduce the number of pre-approved credit applications mailed to consumers. Don't mail such offers to anyone under 18. Print an opt-out phone number prominently on all such offers (1.888.5OPTOUT). Prohibit convenience checks, or at least provide an opt out to credit card and bank customers. Conclusions Identity Theft as a crime will continue to exist for the foreseeable future. This means business, government, and individuals will all have to work on resolving the problem. Unfortunately there is no silver bullet solution to the problem. Those who blame technology and those looking to it as a solution will find it lacking in both counts. Technology has contributed to the problem by making access to confidential information easier by concentrating it. This has lead to businesses selling information and trying to capitalize on it in other ways. Most businesses do not adequately protect their information; lacking procedures, infrastructure, and adequate training. While the government has charted the FTC with assisting in the prevention of Identity Theft, many laws remain non-existent or inadequate. This is partially due to the rapid pace of change in technology out stripping lawmakers ability to understand and define policy. Many individuals do not fully comprehend how much technology impacts their daily lives. Individuals also find it difficult to go without the conveniences that technology supplies. So what must be done? Businesses must put in place technical solutions to prevent hackers from succeeding. They need to train employees and customers on safe guarding identity. They need to run risk assessments and put policies in place to minimize risks. Government needs to educate itself and introduce new legislation. It also needs to create an environment that promotes cooperation between business and law enforcement. Individuals must understand that wetware is the weakest link in the chain. What is wetware? People are mostly made up of water and security people have taken to calling them wetware. People are truly a weak point in any effective strategy to secure peoples identity against theft. Such social engineering schemes such as Phishing are proving successful and are on the rise. Employees also fall prey to their desire to help customers. The result is individuals are the primary key to success. They need to be educated on what to do. They need to have clear instructions on how to discover identity theft. What to do when they believe they have become a victim. Technology can play a prevention role in the form of biometrics. Fingerprint scanning is being tested as a means of replacing credit cards. We see this as a new measure to raise the bar for identity thieves. Basically, with individuals leading the way, business and government cooperating, and a common goal, identity theft can be curtailed. Without all three working together it will get a lot worse before it gets better. References [1] Anti-Phishing Working Group (APWG), Phishing Activity Trends Report, January 2006 [2] Berghel, Hal. Identity Theft, Social Security Numbers, and the Web. Communications Of The ACM February 2000/Vol. 43, No. 2. P. 17 21 [3] Camenisch, Jan, abhi shelat, Dieter Sommer, Simone Fischer-Hubner, Marit Hansen, Henry Krasemann, Gerard Lacoste, Ronald Leenesk, Jimmy Tseng. Privacy and Identity Management for Everyone. DIM05, November 11, 2005, Fairfax, Virginia, USA. 2005 ACM p 20 27 [4] Chen, Hsinchun, Wingyan Chung, Jennifer Jie Xu. Gang Wang, Yi Qin, Michael Chau. Crime Data Mining: A General Framework and Some Examples. Computer. Published by the IEEE Computer Society. 2004 IEEE. P 50-56. [5] Cheney, Julia S., Identity Theft: Where Do We Go From Here? A Discussion Forum Sponsored by the Payment Cards Center and the Gartner Fellows Program. April 2004 [6] Ecommerce, The Cost of Phishing, May 6, 2004 [7] Evens, Elizabeth A., Carolyn M. Kotlas, Donna W. Bailey, Abe J. Crystal and Terri Buckner. Its Eleven OClock: Do You Know Where Your Identity Is? SIGUCCS 04, October 10-13, 2004, Baltimore, Maryland. ACM. [8] Federal Deposit Insurance Corporation, Putting an End to Account-Hijacking Identity Theft, December 14, 2004 [9] Federal Trade Commission, Overview of the Identity theft Program October 1998 September 2003, September 2003. [10] Federal Trade Commission, National and State Trends in Fraud and Identity Theft: January December 2004, February, 2005, page 3. [11] Federal Trade Commission, Identity Theft Survey Report, prepared by Synovate, September 2003, p.4. [12] 2002 Federal Trade Commission Annual Report [13] Federal Trade Commission, Consumer Fraud and Identity Theft Complaint Data, January 2006 [14] Federal Trade Commission. (October 2004). FTC Consumer Alert: Spyware (Brochure]. http://www.ftc.gov/bco/conline/pubs/alerts/spywarealrt.pdf. Retrieved March 27, 2006 [15] Federal Trade Commission Identity Theft Survey report, September 2003 [16] Foley, Linda, Executive Director. The ID Theft Center, Factsheet 102.. Copyright 2000, revised July 2002. http://www.idtheftcenter.org/factsheet102.pdf [16] Foley, Linda (ITRC Executive Director)., Fact Sheet 106 (formerly 17B): Organizing Your Identity Theft Case. Identity Theft Resource Center and Linda Foley, 2000. www.idtheftcenter.org. [17] Foley, Linda (ITRC Executive Director), Fact Sheet 117: Identity Theft and the Deceased: Prevention and Victim Tips, Identity Theft Resource Center, Inc., January 2003. Revised 9-05. [18] Garfinkel, Simson L. (Massachusetts Institute of Technology). Email-Based Identification and Authentication: An Alternative to PKI? [19] Gartner 2003 Press Release http://www3.gartner.com/5_about/press_releases/pr21july2003a.jsp [20] Gayer, Jennette. Policing Privacy, Law Enforcements Response to Identity Theft. CALPIRG Education Fund. May 2003 [21] Identity Theft Resource Center, 2005 Data Disclosure, February 2006, 2006 Data Disclosure, March 2006. Published By The IEEE Computer Society. 2003 IEEE _ IEEE Security & Privacy. [22] M. E. Kabay, PhD, CISSP. Cyber-Safety for Everyone: from Kids to Elders. Norwich University. Accura Printing, South Barre, VT 05670. 2002. [23] Kirda, Engin and Kruegel, Christopher, Protecting Users Against Phishing Attacks with AntiPhish, Proceedings of the 29th Annual International Computer Software and Applications Conference (COMPSAC05), 2005, pp. 1-8. [24] Kirda, Engin and Christopher Kruegel. Protecting Users Against Phishing Attacks with AntiPhish. Proceedings of the 29th Annual International Computer Software and Applications Conference (COMPSAC05). 2005 IEEE. [25] Loibl, Timothy R., Identity Theft, Spyware and the Law. Kennesaw State University, Smyrna, GA 30080 tloibl@students.kennesaw.edu [26] Loibl, Timothy R., Identity Theft, Spyware and the Law. Information Security Curriculum Development (InfoSecCD) Conference '05, September 23-24, 2005, Kennesaw, GA, USA. Copyright 2005 ACM. [27] Maxemchuk, N. F., S. Low., The Use of Communications Networks to Increase Personal Privacy. AT&T Bell Laboratories. Proceedings of the Fourteenth Annual Joint Conference of the IEEE Computer and Communication Societies (INFOCOM '95). 1995 IEEE. [28] Millett, Lynette I. and Stephen H. Holden., Authentication and Its Privacy Effects. November December 2003 Published by the IEEE Computer Society. 2003 National Academy of Sciences. P 54-58. [29] Mont, Marco Casassa, Siani Pearson, Pete Bramhall. Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. Proceedings of the 14th International Workshop on Database and Expert Systems Applications (DEXA03). [30] Preventing Identity Theft: A Guide For Consumers. National Crime Prevention Council, Washington, DC 20036-5325. July 2005. www.ncpc.org [31] Newman, Graeme R. and McNally, Megan M., Identity Theft Literature Review, U.S. Department of Justice, Doc. No. 210459, July 2005, p.1. [32] Newman, Graeme R., U.S. Department of Justice Office of Community Oriented Policing Services, Problem-Oriented Guides for Police, Problem-Specific Guides Series No. 25, Identity Theft [33] Newman, Graeme R. and Megan M. McNally. Identity Theft Literature Review. Prepared for presentation and discussion at the National Institute of Justice Focus Group Meeting to develop a research agenda to identify the most effective avenues of research that will impact on prevention, harm reduction and enforcement. January 27-28, 2005 [34] Newman, Graeme R. and McNally, Megan M., Identity Theft Literature Review, U.S. Department of Justice, Doc. No. 210459, July 2005, p.1. [35] Polstra III , Robert M., A Case Study on How to Manage the Theft of Information. Kennesaw State University, Smyrna, GA 30080. 2004. [36] Fact Sheet 17(a): Identity Theft Victims Guide, Privacy Rights Clearinghouse / UCAN and CALPIRG Charitable Trust. Copyright 1997-2006. Released: Jan. 1997. Revised August 2005. San Diego, CA 92103. www.privacyrights.org [37] Slewe, Ton and Mark Hoogenboom. Who Will Rob You on the Digital Highway?. May 2004/Vol. 47, No. 5 Communications Of The ACM. P. 56-60. [38] Identity Theft: How It Happens, Its Impact on Victims, and Legislative Solutions. Posted: July 12, 2000. Written Testimony for U.S. Senate Judiciary Subcommittee on Technology, Terrorism, and Government Information. Copyright 2000-2006. Privacy Rights Clearinghouse/UCAN. [39] United States Government accounting Office, Report to Congressional Requesters: Identity Theft Prevalence and Cost Appear to be Growing, March 2002. [40] Willox, Jr., Norman A., Thomas M. Regan, Esq. Identity Fraud: Providing A Solution. Internal issue of LexisNexis. [41] Managing Cyber Risk at Community Banks. The Bank Director. A Publication in association with the Chubb Company. First Quarter 2005. http://www.chubb.com/journalists/chubb4678.pdf [42] Woodward, Jr., John D. Biometrics Facing Up to Terrorism. RAND Arroyo Center, 2001. 2003 IEEE. Appendix A Additional Charts & Tables Table 1. Summary of Identity Theft Techniques and Statistics CategoryTechniquesPercentage11%OnlinePhishing email/web sites70%Unauthorized access/Hijacking30%40%Off-lineStolen mail8%Lost or stolen wallet, credit cards, checks, social security card (number)25%Non-financial ways, such as government document, tax forms, etc15%Financial way banks, loans, credit card issuers52%49%UnknownUnknown49% Table 2. Top Ten States for Identity Theft - Information courtesy Federal Trade Commission Created February 1, 2005 [10] LocationVictims/100,000 PopulationLocationVictims/100,000 Population1. Arizona142.56. Florida92.32. Nevada 125.77. New York92.03. California122.18. Washington91.94. Texas117.69. Oregon87.85. Colorado95.810. Illinois87.6 Table 3. Disclosed Incidents at 2005 and 2006 by categories [23] Category2005 Incidents Percentage2006 Incidents PercentageEducational Institutions48%28%Banking/Credit/Financial Services16%11%Governmental/Military Agencies12%22%Health Care Facilities/Companies11%22%Data/Information Companies3%Retail Companies3%3%Other Companies7%14%Table 4. Costs of ID Theft Victims New Accounts & Other FraudsMisuse of Existing Accounts (Both Credit Card & Non-Credit Card)All ID TheftIndividualsPercent of Population1.5 % Credit Card 2.4 % Non Credit Card 0.7 %4.6 %Number of Persons3.23 million 6.68 million 9.91 million Businesses / Financial InstitutionsAverage Per Victim$10,200 $2,100 $4,800 Total $32.9 billion $14.0 billion $47.6 billion Loss to Victims Average Per Victim $1,180 $160 $500 Total $3.8 billion $1.1 billion $5.0 billion Hours Spent Resolving ProblemsAverage Per Victim60 hours15 hours30 hoursTotal 194 million hours 100 million hours 297 million hours Table 5. FTC Sentinel Top Complaint Categories by Calendar Year 2003 through 2005: [13] CY-2003 CY-2004 CY-2005 Sentinel Complaint Categories Complaints / Percentages Complaints / Percentages Complaints / Percentages 1 Advance-Fee Loans and Credit Protection/Repair 19,1974%20,168 3%13,033 2%2 Business Opps and Work-at-Home Plans 13,9953%14,868 2%16,511 2%3 Debt Management/Credit Counseling3 27<1%4,159 1%2,485 <1%4 Foreign Money Offers 21,616 4%35,873 5%55,419 8%5 Health Care 5,1231%6,336 1%6,829 1%6 Identity Theft 215,17740%246,84738%255,565 37%7 Internet Auctions 83,16215%100,04415%80,450 12%8 Internet Services and Computer Complaints 34,4606%38,068 6%34,465 5%9 Investments 2,671 <1%2,796<1%3,577 1%10 Magazines and Buyers Clubs 8,7462%8,455 1%9,273 1%11 Multi-Level Mktg/Pyramids/Chain Letters 2,461<1%2,795<1%2,662 <1%12 Office Supplies and Services 6,9891%9,3521%7,488 1%13 Prizes/Sweepstakes and Lotteries 25,7455%33,8615%48,712 7%14 Shop-at-Home/Catalog Sales 52,81410%52,9638%54,549 8%15 Telephone Services 13,3422%14,3562%10,286 2%16 Travel, Vacations and Timeshare 5,069 1%4,850 1%6,664 1% 1 Federal Trade Commission Released January 25, 2006 2 Percentages are based on the total number of Sentinel complaints for each calendar year: CY-2003 = 542,656; CY-2004 = 653,040; and CY-2005 = 686,683. 3 Fraud category added in CY 2004. Table 6. Techniques to reduce Identity Theft [Newman and McNally, P. 70]  Chart 1. FTC Sentinel Complaints by Calendar Year 2003 through 2005: [13]  ] Table 6. Summarizing Case Studies CaseSynopsisLiabilityIdentified ProblemWhy?RecommendationsOutcomeCitigroupTapes in route to a credit bureau using UPS were lost during transit.Tapes contained SSN and payment history information for 3.9 million customers.Unencrypted data; believed UPS was a secure method of transportation of the data.Did not correctly identify the potential risk.Encrypted electronic data submission.Negative PR.ChoicePointTheft of individuals SSN and credit reports by thieves posing as legitimate businesses, having stolen those identities.145,000 individuals were now at risk to be victims of identity theft.Security holes in the business process; confidential information was stolen.Failure to identify holes in the business process. Took position they were the victims.Identify risks in the business process to avoid future problems.ChoicePoint appeared to have failed to provide adequate protection.Egghead.comComputer system containing customer database was 'hacked', including credit card information.Stolen credit card numbers for customers.Unable to determine if indeed the credit card data was stolen.No plan existed to manage information theft.Egghead.com filed for bankruptcy and was later acquired by Amazon.com.New Jersey Crime RingBank employees stole the personal information from customer accounts.676,000 customer's account information stolen and provided to shell company.Internal security breach, no technology involved.Difficult to protect against.Have an incident response plan tin place to address internal security breaches.LexisNexisIndividual information of 32,000 taken. Stole username and passwords to access confidential information.Identity theft of affected individuals.Lack of defined practices for secure password administration.Failure to detect risk associated with customer's password policies.Institute a secure password administration policy.Provided credit-monitoring services. Chart 2. Pie Chart of Percentages  January 1- December 31, 2005 4 4 Percentages are based on total number of Sentinel complaints (686, 683) received between January 1 and December 31, 2005.     PAGE  PAGE 2  PAGE 46  PAGE 48 Theft through the use of identity information to open new accounts and make new purchases Theft through the use of identity information to use existing personal accounts and resources Theft through the use of identity information to open new accounts and make new purchases Theft through the use of identity information to use existing personal accounts and resources Electronic Personal Information Physical Personal Information Personal Information Digital Certificates Antiphishing (plug-in for Firefox) [6] Firewalls Communication networks to associate data [df2] Identity Theft Protection Education Wireless (Wardrivers wireless hackers) [df1] Identity Theft Protection Hardware Identity Theft Software Protection Electronic Personal Information Biometrics p    ()*DEFGHIJKLhiжЮЀЮrjwUmHnHu&j>*B*UmHnHphuj}UmHnHujUmHnHumHnHu&j>*B*UmHnHphu mHnHu0JmHnHuj0JUmHnHuCJaJjCJUaJ 5CJ aJ 5CJaJ* !()8IV`pJI ` !  ! h^h$a$2Kijk'()Cϵ߯ׯכߍ߯ׯkߍ&j>*B*UmHnHphujkUmHnHu0JOJQJ^JmHnHu&j>*B*UmHnHphu mHnHujqUmHnHujUmHnHumHnHu0JmHnHuj0JUmHnHu&j>*B*UmHnHphu&CDEFGHIJKghij    ()ïѡޓqjYUmHnHu&j>*B*UmHnHphuj_UmHnHu0JOJQJ^JmHnHu&j>*B*UmHnHphu0JmHnHu mHnHuj0JUmHnHumHnHujUmHnHujeUmHnHu*)*+=>?YZ[]^_`ab~ϵ߯ׯכύ߯ׯykjG UmHnHu&j>*B*UmHnHphujMUmHnHu&j>*B*UmHnHphu mHnHujSUmHnHujUmHnHumHnHu0JmHnHuj0JUmHnHu&j>*B*UmHnHphu* %&'(<=>XYZ\]^_`a}~ ɽɯɽɽɍɽyɽ&j >*B*UmHnHphuj; UmHnHu&j >*B*UmHnHphujA UmHnHujUmHnHumHnHu&j >*B*UmHnHphu0JmHnHu mHnHuj0JUmHnHu,_ p 8 Y  n 0 ~ i!Z\lh^h !  !          8 9 : ; M N O i j k m n o p q r ïޡÍj)UmHnHu&j >*B*UmHnHphuj/ UmHnHu&j >*B*UmHnHphu0JmHnHu mHnHuj0JUmHnHumHnHujUmHnHuj5 UmHnHu*    1 2 3 5 6 7 8 9 : V W X Y l m n ϵ߯ׯכύ߯ׯykjUmHnHu&j>*B*UmHnHphujUmHnHu&j>*B*UmHnHphu mHnHuj#UmHnHujUmHnHumHnHu0JmHnHuj0JUmHnHu&j>*B*UmHnHphu*       6 7 8 R S T V W X Y Z [ w x y z 忳忳o&j>*B*UmHnHphuj UmHnHu&j>*B*UmHnHphujUmHnHujUmHnHumHnHu0JCJmHnHu&j>*B*UmHnHphu0JmHnHu mHnHuj0JUmHnHu+          5 6 7 8 K L M g h i k l m n o p ïÍjUmHnHu&j|>*B*UmHnHphujUmHnHu&j>*B*UmHnHphu0JmHnHu mHnHuj0JUmHnHujUmHnHujUmHnHumHnHu-     ) * + - . / 0 1 2 N O P Q [ \ ] w x y { | } ~  ϵ߯ׯכύ߯ׯykjUmHnHu&jj>*B*UmHnHphujUmHnHu&jp>*B*UmHnHphu mHnHujUmHnHujUmHnHumHnHu0JmHnHuj0JUmHnHu&jv>*B*UmHnHphu*   FGHbcdfghijk !"#?@AB~ɽɯɽɽɍɽyɽ&jX>*B*UmHnHphujUmHnHu&j^>*B*UmHnHphujUmHnHujUmHnHumHnHu&jd>*B*UmHnHphu0JmHnHu mHnHuj0JUmHnHu, stuïޡÍjUmHnHu&jL>*B*UmHnHphujUmHnHu&jR>*B*UmHnHphu0JmHnHu mHnHuj0JUmHnHumHnHujUmHnHujUmHnHu* %&'(mnoϵ߯ׯכύ߯ׯykj UmHnHu&j: >*B*UmHnHphujUmHnHu&j@>*B*UmHnHphu mHnHujUmHnHujUmHnHumHnHu0JmHnHuj0JUmHnHu&jF>*B*UmHnHphu*789STUWXYZ['()*+b!###%)))0)`)))>-O-0 1 3ɽɯɽ||wqq 0J"6]CJaJ6CJ]aJ j"UCJaJaJ j."UjUmHnHu jUjCJUaJj!UmHnHujUmHnHumHnHu&j4!>*B*UmHnHphu0JmHnHu mHnHuj0JUmHnHu,l/FS,b!#%))`)))>- 7$8$H$hd^h hhd^h`h ` $d`a$$da$$da$$d]^a$!>-O-d/0 1x3355689 ;;\<<#d`#N #dEƀb`# #d`# d7$8$H$d 3 3w3x335<<<<<<==>>.>/>fMSSiZjZbhhh q qPqQqhqiqjqkqlqmq4rr?ySyDE0 HI)*=Ɲ(`da!½ٷٷٳ٦>*aJ B*ph5>*CJaJ\aJ 5>*aJ jQUjUmHnHuCJaJ OJQJ^JaJ0J jUOJQJ 0J"6]CJOJQJ^JaJ B*ph3f@<==>P>??@@@bbbL$ & F dEƀba$CEƀb!#d`#@ABiCwDTEEQGGeH|H]P$ & F hdEƀb`ha$P$ & F hdEƀb`ha$ |HHHHHHHHIIJ]P$ & F hdEƀb`ha$P$ & F hdEƀb`ha$ J}KLCMDMSMfM]IGE$ hd^`ha$Q$hhdEƀb^h`ha$P$ & F hdEƀb`ha$fMNSSSiZjZZgbbehhhZm q q q q q$$a$$a$$d $d`a$ q%qPqmqqUu?ySy,~E $d`a$ $d`a$$dCEƀb E-E L*=ÚƝ! $d`a$M$dEƀb`a$ Ɲ(ݟ`M$dEƀb`a$ $d`a$F$Eƀba$+,$ڢjQФSSSSSSSY$ & F hd7$8$EƀbH$^h`a$S & F h7$8$EƀbH$^h` Ф`~!8.$ & Fd`a$ $d`a$$d7$8$H$`a$!7$8$H$M$dEƀb`a$ !8Ҽbc{` 3Q5|N7PpEV;<-. !"i*N%C 5CJaJ5 5CJaJ>* 6]aJH*\6>*aJ5CJKHOJQJ\^JaJCJaJaJOP]Q $d`a$P$ & FdEƀO#F`a$P$ & FdEƀ`a$P^ Ҽvw6)caCEƀb $d`a$M$dEƀb`a$ )(}2_pZiabnd`! $d`a$noVb>dc` Zw$gQ5'$da$hd^h|BA 7PkR;<d$da$fM$d$EƀbIfa$Jd$EƀbIfaM$d$EƀbIfa$$$Ifl\/X!/) t0!644 lal^Jd$EƀbIfU$qqd$EƀbIf]q^qa$M$d$EƀbIfa$`Jd$EƀbIf$$Ifl4\/X!/l) t0!644 lal fM$d$EƀbIfa$Jd$EƀbIf`t$$Ifl4\/X! / ) t0!644 lal[U$qqd$EƀbIf]q^qa$M$d$EƀbIfa$),fM$d$EƀbIfa$Jd$EƀbIf,-.`HJd$EƀbIf$$Ifl4\/X!/l) t0!644 lal./z~fM$d$EƀbIfa$Jd$EƀbIf~`Jd$EƀbIf$$Ifl4\/X! / ) t0!644 lalfM$d$EƀbIfa$Jd$EƀbIf`Jd$EƀbIf$$Ifl4\/X! / ) t0!644 lalfM$d$EƀbIfa$Jd$EƀbIf^d$$Ifl4\/X! / ) t0!644 lal [U$qqd$EƀbIf]q^qa$M$d$EƀbIfa$ fM$d$EƀbIfa$Jd$EƀbIf^CEƀb$$Ifl4\/X!/ ) t0!644 lalG$EƀbIfk#G$EƀbIf$$If\ x]$ 0634alG$EƀbIfJ$$EƀbIfa$ k#G$EƀbIf$$If\ x]$ 0634a  lG$EƀbIfJ$$EƀbIfa$ !/k#G$EƀbIf$$If\ x]$ 0634a/5CHlG$EƀbIfJ$$EƀbIfa$HIRk|#G$EƀbIf$$If\ x]$ 0634aRXbglG$EƀbIfJ$$EƀbIfa$ghtk#G$EƀbIf$$If\ x]$ 0634atylG$EƀbIfJ$$EƀbIfa$k((&CEƀb$$If\ x]$ 0634a '+/0RVZll$$IflF "   t0"6    44 lal$If Z[z~tnnntnnntnnn$If$$IflF "   t0"6    44 lal !t`nnnt`nnntla $7$8$H$If$If$$IflF "   t0"6    44 lal !">[@PPP $7$8$H$If$$Ifl\,#f2   t0H$644 la$If a@[P[P[[a[ $7$8$H$If$If$$Ifl\,#f2   t0H$644 la ()*8OV$$Ifl\,#f2   t0H$644 la $7$8$H$If OPQRSfnovwV$$Ifl\,#f2   t0H$644 la $7$8$H$If w~V$$Ifl\,#f2   t0H$644 la $7$8$H$If VTV$$Ifl\,#f2   t0H$644 la $7$8$H$If V$$Ifl\,#f2   t0H$644 la $7$8$H$If #$%V$$Ifl\,#f2   t0H$644 la $7$8$H$If %DEFGH[dmvV$$Ifl\,#f2   t0H$644 la $7$8$H$If vw}~aVVVVVVVa $7$8$H$If$$Ifl\,#f2   t0H$644 la C012PQ^_klyz@Aefgh&'`ajk01hi:;<juCJUaJCJaJCJ aJ 5CJaJ5CJH*aJ5CJ\aJB*CJaJph B*ph 5CJaJ B*phCJaJH'0 $$Ifa$$If 012Q_4..% $$Ifa$$If$$Ifl'r4,B#        `````20:$4 la_lz $$Ifa$4P+%$If $$Ifa$$$Iflfr4,B# `````20:$4 la '*25=@ADhkovy(FfVFfT$If $$Ifa$FfrR $$Ifa$ "Ff[FfX $$Ifa$$If $$Ifa$"&'*=DHPT\`ad<FfaFfn_$If $$Ifa$FfD] $$Ifa$ "KQU[_fjko4FfhFfe$If $$Ifa$Ffc $$Ifa$"%-015FfnFfjl$If $$Ifa$Ff@j $$Ifa$5IPSZ]ehim@ Ffr $$Ifa$Ffp $$Ifa$$If;<>@Achq{$If $ ^a$d hh^h<=>@c  VW]^_*+NOPmnoq    !#Ŀ0JmHnHu0J j0JU jUCJaJ5CJH*aJ5CJH*aJ 5CJaJ j/UCJOJQJ^JaJCJOJQJ^JaJCJaJ j|UB $If$$If֞Y%&i-4'' 'D'D'D'D'D42 22 22 22 22 22 22 24a$IfP$If$$If֞Y%&i-4'' 'D'D'D'D'D42 22 22 22 22 22 22 24aS$If  $If$$If֞Y%&i-4 DDDDD42 22 22 22 22 22 22 24a $If$If$$If֞Y%&i-4' 'D'D'D'D'D42 22 22 22 22 22 22 24a'$If $If$$If֞Y%&i-4 DDDDD42 22 22 22 22 22 22 24a     $If $$If$$If֞Y%&i-4' 'D'D'D'D'D42 22 22 22 22 22 22 24axV$IfVWX $If$$If֞Y%&i-4 DDDDD42 22 22 22 22 22 22 24aXYZ[\]^$If^_u,$If$$If֞Y%&i-4' 'D'D'D'D'D42 22 22 22 22 22 22 24au:X$If $If$$If֞Y%&i-4 DDDDD42 22 22 22 22 22 22 24a$If$If$$IfA֞Y%&i-4' 'D'D'D'D'D42 22 22 22 22 22 22 24a'O*$If*+N$$If֞Y%&i-4 DDDDD42 22 22 22 22 22 22 24aNPo!"&`#$$h&`#$]ha$h]h&`#$ L^`L$ a$ "#/012FG9:DEtu$a$&`#$#$*+-./KLCJaJ>*0JmHnHu0J j0JUu456789:;<=>IJKL L^`L$a$# 01h/ =!"#$%#0P/ =!"#$% 1h/ =!"#$%'&P1h0= /!"#$%}DyK _Toc131998907}DyK _Toc131998907}DyK _Toc131998908}DyK _Toc131998908}DyK _Toc131998909}DyK _Toc131998909}DyK _Toc131998910}DyK _Toc131998910}DyK _Toc131998911}DyK _Toc131998911}DyK _Toc131998912}DyK _Toc131998912}DyK _Toc131998913}DyK _Toc131998913}DyK _Toc131998914}DyK _Toc131998914}DyK _Toc131998915}DyK _Toc131998915}DyK _Toc131998916}DyK _Toc131998916}DyK _Toc131998917}DyK _Toc131998917}DyK _Toc131998918}DyK _Toc131998918}DyK _Toc131998919}DyK _Toc131998919}DyK _Toc131998920}DyK _Toc131998920}DyK _Toc131998921}DyK _Toc131998921}DyK _Toc131998922}DyK _Toc131998922}DyK _Toc131998923}DyK _Toc131998923}DyK _Toc131998924}DyK _Toc131998924}DyK _Toc131998925}DyK _Toc131998925}DyK _Toc131998926}DyK _Toc131998926}DyK _Toc131998927}DyK _Toc131998927}DyK _Toc131998928}DyK _Toc131998928}DyK _Toc131998929}DyK _Toc131998929}DyK _Toc131998930}DyK _Toc131998930}DyK _Toc131998931}DyK _Toc131998931}DyK _Toc131998932}DyK _Toc131998932}DyK _Toc131998933}DyK _Toc131998933}DyK _Toc131998934}DyK _Toc131998934}DyK _Toc131998935}DyK _Toc131998935}DyK _Toc131998936}DyK _Toc131998936}DyK _Toc131998937}DyK _Toc131998937}DyK _Toc131998938}DyK _Toc131998938}DyK _Toc131998939}DyK _Toc131998939}DyK _Toc131998940}DyK _Toc131998940}DyK _Toc131998941}DyK _Toc131998941Dd&D  3 @@"?$/Dd'=c0  # A".]b|Jݑ|.!@=t.]b|JݑTc`HB.xM%y;CB AD18@pc:8` Z(0qx|lg nYLBhiCh10!npY}!$ ^uwg̜>}Nu9yުL&_p4sO3$,?:5ߜ~?:&y;7OOөx|۷#r\__Ly>իWO}۷'>k=}Cߦ]>/_Nn˹4XUs^=;99_9nߓ'O45ҷ*ttU?mv]}Cߦ3iڙCS\׷{X/^}ˮ/ڙne^:&u!_;y>QF>O>oz{w܎;[g֯5^Cƻx-=%mu7:q|,x߃|mq5,M}ML`Ŀežq?sQ;]u}2y47={?ۗά%ǻZsߢ]|m梯dq]>U}]2?Ӌ5Ȳ/]`w5r}Ow.󘇾Ms"~'άbZs"]kE_u[}wϾ՚L/֙6]]}V.Mgd{>vfW7{b_k.ɾ5]vQ_z\t.ϭ=j9]o6ՙ[ݿ=ot_Z=vSY?kۚz|Gn lkſW^3o_ۦ^}}jycw֬?ctfݖ:c}O֙oe;3:l%47Kcwfϵoziiՙ؃=7L|ǜ71}yq|?U>sgM{osг}sg[Ⱦy@=/c]_^5]s;ü*`w==_6](}އ󴷯Zy~-=%9|zC('u]<ny.0y3|sT51yڗyCߦ]3u'szءY߻:*nǟ{c6]e^nrښyb][{Kپk{,UV޵}S_C}Mş,MyMw~l\l 6MMmW8\瓺766MmW`O>6 8L*δ-`}; V0_3Йt&:ЙL@g3Й@g:t&mŋo:ЙCON>]Й1&tX5t&3{3}|t&3կN죏|/t&3o_~{чNO|ot&3Wj7o>>\G}Son7 3hkfcvדϞMw?njuL@gâ<{X't`uL@g-:clugЙ\Gcxfkc1ZЙ\Wi@g:X't>uuXg#X'tcі1#爏?}vЙ3mQ:?uLЙЙܵ˾NЙ3YW?l:caLЙ !wu>wc:t&:t&3wE>:9s3>fЙdθeus1vct悞NXg{=E:ɯ} Йau:*c٘yo|ZЙԙ uƸfXS5 LhӌͶ-&33's[ۿK33e/o~ L9hkO3f3P!u083n3/Й㺭YXf3ڗ:x 8Ϯ|qzاn^:3E=-bz4fݧ5 3yC O=ۧL`;3К!3C ogKk~k:39pkwKk>=\>ҚۺO==m@g܋֜܎q~ߛ8^SOЙ3w5jmcz>u@gi|{Mc}7A;Oݹ8 :s<՚O=n:3Ag\k>v>٧ǏSi[pP'^ҙٵkˌ}΄CEj]ڧ AgA999]oMs?x>uЙu'Z;֌ZqˮΌFX5n%ֵ]EIg^򵟗]ߧi:L؄/_ӄWWWw=Xڃy:75f[l;yuҙk׮c?zSqm:c~9vYIw5aomEUic/T붾_wtܵNSyB΄}׶Z=9mb[??c뮓\5}yS Й}zUWOgWO:Ե˗~+Z{__~&ݟ:le'ɮst3--јٚў_~zꗦ~7e>gX,:q}~sX3ڄ:N<јuz4m::zmysny<:7|<[^suҙԿS duHkDgkvA~>uЙ0W"sЗ9'icӾ:́}5Sߧ-Ԥ39u][;y`|O=~sqF[~x5Agr~yՀ웎y>}ǁ]WY4:||AO=5>{wטIk΄C3T84ѐuz :tmVk>vk8f׾׺ :=՚׿řwn$Й35];?ko:t&x~AZ1>~l<t&LQSq4qw :t&\ki 97C :AvBљ_&3Ag2lk:u~o6g]Й3Y5߿v nьc5:B LЙ^;Hk|kuE :[^zA3Ag2Hkv梃X5_;ws :A[ӵE/s_xa>Ԛ:t&#f^E?{\tЙ3Yk?7t&LS0\tЙ35ϝA梣3u&LA4EGg:A[a.Lt&k\tt8\sљLnMs\tt&3 _ЙNNkMsYc<ә3٢t>wE֟yssn~K_ۯ|l1:t&[µ0/c\;!DWJcLЙlik>v>wE?01뻏ӗ?׾vc^:t&[ٵka.e"ǯ3Ag>Ԛ~Fk_LЙHk:;]_u|}֙3bon;OhQsٹ9?5LЙlǟۜ2=Rgd|[gb.o!u&3s$zO3Ag31aX?Z:t&:}c.e9u&3љ\d|qԙ3љΐ}ٞc]_LЙLi.z4/Ϳҙ3i/t&ˋgk8q=Ǻԙ39Oo;Cۂw*}yHXי3m n|25]s֗:t&L}|B;m E_| c]_LЙ0vLmA><دi[3gm苈՗:ЙCsLիW:0ת/u&%3KyA~ ssK c999L \=>:uuuuLGGGw;==}uz8x̸-xξCļ Ekn֗:_mX}I}qˮΌFX5X'yA>l_sDgEmw}8yfufos\suҙsLtf_g|vN 1>K4`mEUw=fort&a.X>֗:uf1u1zmu8&Igb^/ޗα3ajk[߻?7N[,C-Ϧ57e[~zΣ-ZoV.:ݝ5-c,јњߚX-m-\_9 :sδ8i9,*,MgL \>Rg¢盌9yܵٻLw~G_L@gb^yA|17>y}3yA=Dg:ҙLЙ`^o~13י55t&Э1u&3 33m Й`^3yAt&:Й`^3AgL t&31/Й : t&31/Й : t&31/Й : t&31/Й : t&31/Й : t&31/Й : t&31/Й : t&31/Й : t&31/Й : t&31/Й : t&31/ L0/Й3 @g:  L0/t :Йd^L@gyA3m Й`^3aMǓW^L0/Й0hX.//u&LLgyAdO]]]5y}ɓ'cqߺt=f.۷7rttԻ=nNJ_ut&:6ۙq,eٶfgҎ[vuf4bƺvc./N:  ̗/_ӄqu&M7vt뮓@g¸gɱ7>c1C][??c뮓@gwf_^:]Փ}:ubGN3Ag+ m:t&3Ag:t&L@gt&L@gt&LЙ LЙ@s :XPc &LЙH>m]t&L`}r&LЙ>m:t&01yst&L`|tۚOmЙ3=mG梃  y@gG3Agcq#Й31;LЙXG3Agcq#Й38:SgGLt&0=Bg:3 9yЙnM=Bg:3 ٵ3 #{3 {5љGL@gcEa{3 yЙƔ=zl.::Й L`,{t&0=Bg:3 yЙGL@gcr#t&38:ЙX L`,{t&0=Bg:3 yЙp'^ҙr#t&܋hX.//u& drvv3GLdrzzѧ>ۅ?hcms_zt&0jk::̾.c,~I}qˮFX5X' yЙ>\Os_|ywz{ٙyfg3CdE_eunsvbܰm%67N:39u5_=9m_p;NuҙhLP۬jkkW{w֩}~bzW23ٶ֬:SkZ,qoMek/Egϭ2ta9 y^M7E/i.::=Sag͹yܵ=f3~7u&3F3 0do>Ṑ>Mt&3mgM LMsL@g qyw3 0Ot&{ӹu&3B:Йg3 0lot&XM L sL@g ɵt&36ٛm Lvw Lqt&&{sLЙ ۛ-3Agc麖soLЙ ٛ]g`-3Ag|aLЙ (B:t&cq-K :MsLЙ ɵt&L6ݛL@g0`o>>k LЙBL@g0Rou&L6@-3AgE3 \~| [x+ v麶rEgmȾ99Gg_;bX,|ydZY-^huҙL`t&:ЙL@g3Й@g:t&|~2;t&3- :~{3:Й.1K:=Pgg t&x33:Йc;??߭nnkիWWW7N%1yyys[} n!^{tttX9αkɓ'w?ǒWkЙ3{>өG3m3qό:>OWgm̾8L~8EϚo³jO6sWgeU :~NEo,.rz{]a]>nl;3>^}yx.ْu}v3:Йu^!͛oqЙ^u"idu:O{ּN ރ~NJgҥ1 L3:Й1Й={  L3:Й1Й={  L3:Й1tA8L@gnm1Й={8L@gLtO&|g}4z۷o'GGG7xuuus˗/on%2W?'''7_;իWw8q[~szz+obiy|-]t=W>vmy"7/37~]vmu3љ1O׿A[sVgFCވƬl??>''0#)#6LD mg.{δ-@gnkcc?6hkuf֋Nh/.. lO~^>vmymC6ׯov;׳\e]V̮ˮl;3~]zLtm:s6ՙa5dcT9]ʹHO 5KǞ7xg<3Zۦ:suY3؇u1t}יu_x=2ۣohǴVze}]uufܿxy9!~UeάǺ6oՙ]j_Dg3w3֬scڥxz{߸U[xfW[yg=}άsTuඌg=Y9>Dg:sLjF"_W{梖9>Ҽv_̾ujcܮcAu3sn׬;&Wg3y=Jkјcl[ky۞98Ǯe:oy3љμ5ny3ifٲgs{rwmף_= Zi:5{sV]ٷ߼_nzjmeםoOmW#_/?3n3klXg3y=Xk~uƜי};wk<ۤo>yϿnXJgǧޗ<6uWgt2=ַwIeymŮy:n|L_K=?&Sg3{~@g gt&3ϸ1t&3?c3{АoX]{tbљ3!u然O )7:t&"KљLX}L^%wo\#/p][>N=3n%o3ЙҎ1ݷq]E3k7֥m1Ig3a=q=ey}؏]X.uޞㅵu:7u=::Lt&'.;Fu9;=;/`,]9o_ucv=&Ig3aع-1؎1u1sS o{~u5)7N: |9&n}n}׷/֩}%`[[g/4&t8z̦`U9W&֙;=Wߜlz9.ڶ[7&y@yX']W;ck2ɢxjqyDY苞}r`c|]wn1X5\ڀ=p޸1mX'`wd_,wDd&D  3 @@"?($$Iflִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Ifl/ִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Ifl ִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Ifl ִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Ifl ִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Iflִ4,B #          ``P0:$    4 la($$Iflִ4,B #                ``P0:$    4 laDd&dd0  # AbIdQ6@N%VundQ6@NPNG  IHDR\GsRGBIDATx^o}UuOI3V2P Dpf0@D}!J:!AC%&ђL2Qy 8u 8JLڌ@$@NE y4Wovs=sg7瞳k>{JD H=D:ʉ@"$@"z$@"+iRD HD xցD HD`_H+%z'@"$PQ_%HD HJV<}f,9zQ,'ޝhJK!g*L7HD mW:^:ߎJVB3/g??)׊MJMkS?cDõ~*(80 T "@YwwsQS@sO5V" XVIoFnFq64i>4myzֆA7z]jӟT!\}{~77`y'/0?9oVS>g_+@H,GJRb>S"oWo}[ܓn56[0 wB5hmh:lIv1LmSjknT(+}k1%n#ʟBTێ75Lᦛn>___U;׿/MO>6؁`_▙KK/-eNx O<1i*!|wnTM:|;~,kgIoPo/m׽uqd+Τ:S)1,/&g3 4 O1UcҾ o!~ksQ"rbz wԋ9O 7UNt|&".&bꕛ[qrZX$c!-@id +. yP21 ՠ:*g1Qv#T3r7eEj֍s[]/bBi]UVHL+q2悔򢶻R}eAN|NH<2LE!f?X τh<}2.'oT(3͏YR≆!a\\T,ERUfUZܲ]*lC~䱸sgUk_5q}0't3tĸgO}~<'>q=ꩧq￟zFU~7z//~;5S^ai:/+_Rԛf~יgyǣuȽ6~חկOh%kFR.m!ᢋ.z_s5h;&<ㆵmP//*dWH>g?sAd_,9?SmbX2bEJgRW6ZIy\נ>pOn s3 ,J,ۙ38f @Ѳ׿` i@wO?M i>^5ܖ0R(ַd?eˀa|ǾaACN8,sF $‚f5h^[e0;\ZpZr.O&R}0j[jEJy$ Ɲ:| axE_E5B2E^h;;F+R9e4xqǹ[n6u 4/| GB}cQI>OSa}fCHTwnIo|#T}4fy9)QfW^xLz+k/!]SN9#KHᎵTNzi5a> ʏ}e+bT @ w}wHA3͖LtviVd۰6}0:H;eBک/2RhMSmYgū;3O574膶?Ov h˓e?7X, J>>%` EUR׼5vDX`KוKqU:M6rFt9G*t7x#)hSowĺx(V.FVI%?CHsxc0ȝWnT ʲtUDy+ڊj'/ÿoz0KH0Vk~t^ 2n%Vާ}}-(VQ>qp6A(U'eLtvZ@VbynzS2L˵4/ႮkiXq4ŶU < % e̥R簋&@"$@Z.]"$!#'rfD H뭹.ͅ# tPP\*\g@"$TTȦD HD`jҊOpOD HB TȦD HD`jҊOpOD HB TȦD HD`jҊOpOD HB TȦD HD`jҊOpOD HB TȦD HD`jzY|+pۨo{J??pO{~|__#-Pvȡ__fQgE>Шdo IZ*ŀQLkKsأ:ȝl7vt#&p>'Gì?6p,,,`wS!7+[+n䂂^'_Nz|֫l{vBƟ}n@'ֳqf\k,_W}{ ]Xp13o #~~=#DzꩿaJ^1tM77G*O<3q?%| 0׽Nʒ^0aV"ַբArAafI!NV .Zl A?-ndq&EUEqT5Xo~2Kħa$%^tˉ #9=ECO;4?3gJʆBxXYҖH5@h ox#<Ї>TB4P!XfgYZ#[8rw7HOľ~3G?__NS۞}{|׻E/!>/-ѱӺ#׾{g?Y#y_}@1 ;<o}[O|k( _/rH_xWK^xN"r&B8()wqe}cHA٩Xt .bSwn; 2 ft}w]jUXj/$VȧA@yH*Iђ:o1'|HF}rw0? ͊`R 'Zh׸4<":F?яQH"Xk+￟Bի^ESJYϣ\txiD?[nyk)~0 7eUleqT5o4(#>;3׳>K:K/9 X+_*护bDl L땯|%I'U_*!O|'>W6'՞hSV]~DQR{D o\56Pf!6f @\i5fVֽ8]WZ 'yAzꩧ4|*ԧx%dg m+\6M!%{gb(*0f =6ʈD?"LV- &>rO-ʪHv`eq5",.ˈ/i4a{!Q0⣠y3BZbQ1`B|D q9hCO`e}FTTڲ~6o@([8HڙsG0òn]?$LX#Xz+Nդ7JÄ FL2=͙MRlKͦ i}(?UQӢyH3'Lg6VBv4胳/2 iPw~w0=΍V&r4XM ˒9A EAV`3 Ck'M .s@+Rd:K6 2N^hePbASwU)BR VGYEPXtLiC2De]|AxMs!~ttR >u`Ɗb옺cp\Vڲ~_JT8awm\/_&MEC͵m Y(v0V= GnoSʿ@vՓ>0t` L> u}Pf}$f %L/#Cb^&\fgXY (ާf)>|6׏@À~iY%̂%EI)YGbkA#=OUwg,~7X,dΠPJ 9XqXw~k~TjeMd _am`ɳ:BE0&kZ@o?&me)LuT.φ(kԟ:eT^=l`~^}R[()qF*M!QjcowOuލPpjuc"o(?W))pTѦ@!Mrj niMTV"3{X'B= W`#>0#iۄPldHF2b95; 0Qܻ$BɯA,=8[pelx.a}j,(y`S *@Gwt=rة84[ sǿh80R ԣ%PFlyIJBw2;;u1D)UGYS"#Ȭe M2<g"U(FF5IŌVhEP U`OҚr.M9ۓ)"X(~_1kXmD5 p<h%K)K-1: a¸˵ĎѴ6y?֖xyŮyim\obnu'GOy Xn5PjőQI*$$D!N P1 wF Z-r=2G_wNP>j9osCUn f)S|$1@+2cz& WC'B>!Gzs;d{IJp:3ECB:$Cn^׷eM"" GYdmQ6+0pD/5..>dscyD&iK(GB~pq,P|5US%@c%&*.2_Q%C9>e4eR ! uIz]ZpGe*J{8!(Ar` Σ-"",28 _o&]70R6h<3 ,!%('3# Q$m]tb5 pTM.NAo{$p1H' _eC $P Ed,cNP 20}!+Td2EPť%yY|H粭O7nDVi31B>0vkB!װH)V . g_ZaQP 9$j"ƌJoV%^M wInNmf, RS%sţo[Xa[A@' ]T!abꞙ!zo; [XM畫E\~)R~t_T{n'~d+6EP_շoCH*VⶫO).9 JKݦ:=懁6l_dۤ2(/ݧ K/6R.K(qg!+KݯBaZ>F.NBaI2̌ʺ!wy!?g!=8ò8KH sdKć/d+_`fd,TjXti 'bj\PWYzm6eS ۰MiȔ⣻oOOD`[qӹzV`#G_a|BHz>3zhp˘JtMy'bR)SHez?dʚ6bYGL5~ȕ *^hrnZvV$:v&z4ml;ThOI&E}|]esnP vtx,i5bB}229D3{n0qJ ff!hTJZLfêBzz%(PU*2W!?X%̀'p3~BĴ94l],OdʂЙ)$Mrqx*WZ+'5t?=}y`m#%%ш6 ~\ c zɟ1Vތg҉@ ފc`e%I.nXF }K+/!61VDz/.l ,6"D ~  3KӺg=@"z0]O113qcuŕ{㥆>h8RP#Zaz_?r³7ty`FG°'Cz[z?.7`"3̦f5?AZ>ª-k1fT*pXo%-piɕ6s$/,VS{$MnEp/@Y!`K?ȵ(`ErfpMWlM} ^p"O>11y՛w(ҌïL1.5cK5D2.ݥ QHC} nYS!Z<,y֢JBё% #?.oK*7DϕW][or@ɲroN_wGsJ}ԬaX˂s 2oɴ&)iILrXF30TGt.\ޱJu:~Jx=ۆe|r)(`{]]C"_f`za!8[}YƴPʗJͣ _5)BfYa2o V|0d tflgZ)9a13Wʝɖ( 3Z.>b-0լnm{ /fq!,A}EyEfɜOf $0䱖?8`(dK/fr%Zy&cc*Rj%z(&W悩;y{7mh`;8Jl%EW\$yɈ8T:6zI}F%M6 X:#)%7CO SFUn"$@"Lk'ƀe,[NY& ?ν%SBL]ΑM[4$D, M%~B+1(w+xwQNGQq=!%} Š`HjC1+9h;$KA@6?={;DunZr1V9H 0u !]VYCn;v s_'&T^~eίL*01v&+Mi  ݍ$*EEs._tDKQ+wmʸSYq hM>\Hܐ1]HI'~meI0zH Ф +IָL$M<&֌ ߉Eg>(ab.S1&A,LzF83a*Wkèr6* i.]806jwAL=4z,I]3ɱ/-[\b&>`H:0J zcI8'KHccY2ҭ 2:)0H=B`!rO?F#F3M~{иN6 ;Ɨc(vj6HhT!d爤UI9;+fPbs>+_JŪɎTp`n96r 'z_Yԗ_~9l쌍GxwJXk# vgU8m.6օZl(;HyelanG.*(M..mTBM了KZG*B"E1&mNrږlW..uފT'1L2vQ<O)^6[nU#9FD9\ >Gza*˜of$r# Ws(!$<,0|Ǣ>L cS{A|Sw]+ń 'ҋ#;(*0H̘)AglLꪫDK @ѓ6t/IP^'Kt zl Yp*Mlq#|#ly-*VD7pAif#< ʥ4>fv*Tխ=ԶvR>8RV^җe9g`|;棈5R%pm0SYq4ڱJ#_Zd+*M1(yc^-sE|4ঙSsk;F0 þ yэ di LJYQ[cMiA (G^ 69Ft::| H3Va -IwK}E*Hy`ՁCՕ37}R( !Ʌh3:ˡ 2Tcl 5rf9 17`mъqX\1L ^r:ӓq˙;n`*~_Z ?491@ЇWYF cH)5oUn ឴xP:$6|r6P Gip{qdrޑOL/pcRk8S <-:y! %Kr+a{8Z-~r"jl *44ơ-ʚH:P PWBbK9m\!xKxDZ*CBgMB̬ M+S '?KQ Z)d,P%7 J;JB,=VT!zC^QoG7YTCx+"-tRU/.sc,ºY[)I¬ÑJ!Ȉu)]#J`K̻Q iF%SnØ`Ͳ+_R$SeOGIQ%͠vJ.?m>X]BWx@C>$S-ʊ7b\H |b5 HK']y~ȯR+F8>pup,N d9ӟ4_t e'm*J^6SzZe t&'|2yE&]ep.j0d2 YXG[yůQg ^pLđs ΈoN_9M#7l!UV[ A* Y0Xu@IʀyY˴Xr?c)3AG<vZjm@M¬ :قi(xS~HYFrG)1@|1U)y/ V-_f_PR(e׏ʝ!.,Jp4ŪB SẌ 8OZ厓!Gi*QQ_-Ƞ3`TDSOTrOJ\L9;, 4@ $ LRVC1CbⰎj xQB>̑dFp(PX~c9qs5w: 8"QyQoKV /GfA!1cqwPXǁT9TO7 9$.*,jɠ#9>(r !2 U- |gJ9Ԣ* A F6{l|ڮBw7K?Z(e ߘ[3Вӌ~~Ne,6FvjFͽ&0Ix܈ ҿ妜w}Rn!INHS)ssiW1+z`U(%HBX4V9o䜪%fD!|i۔ɴ1]3ү^Y۝ n!j/v#T/RR7䨼- h*BQ;Rh>M=lv$jwĦ°l9ŖaFĄTLeaqGrV z5WC3BK#KkHۑnZqUquEE66Y(+$(F) ŝR}Ro Ӷľ̥mC~uqym:`f'urӾkXuX>3:ם{ pvY}M܅r$*sǦSjw[!@YTy- 7#I] .ehnTJ+>A,7ָou*3ٗ%d\sg& yɍ|x벗ʭ4K_v1ćU ,H ]]$bONɱ؍Ŏjd !긧AN"@ugS478(pܬQҊlÓ=qBCv)2ǎ[֓QG7#|h2k>IwMbvjpMQ4erQ3DHż c;7 RZw/ז;YP}k nof?@@_#G!㚲W$NGeٹa'pf `oY ~)UNSRTgBe %jQBFMpܗ^~D6_~+  f Mٞ> +p[IGΦ_8nw"E'` m.fM-hjc!Ӥk'DF ?Og(# C3ehW@0L5V*3a̾.mn)*۲ȋhVA2Y{`FLh@3b1iBFMVᨱe.S'J~~>YsxGC.%J6gVΨ+6rgH9f/Ե<n5݈3)jSM+Xz󙈕7ʯ.V"2~΢{渹*\՜8- +|SN:-lrdq5-W;ZPڶ>+qpM!\uܸMl/pעF +K6VP ܛFƝ'ƺxfhBR7Oqv(j2O&Jk8In4J7j7;5b64aڡzR o,:l~ ʙsww 08ix%/PM0JpB1u)my\ĞOSAo?SEfCdܶȚN甜̸z&ɣ;,Ch;׊3VwVbyʇ=F/$y:jW(`E1"FYj*d!G,ȫ AZQVZIvΗ+iV zS,\1ViYoHoYm"SH zr@+~Mil6[#bKv#3p"ІZNM+?s'8 4ӭewv\4fuBF:?ALtYy9Ӌ`7uށ@Ӳ# X-N+50P0gǮ[Et.P40'3<Ò;~ao@!Qjs,=<--qO9nŠ@z={5&i+$zAF-DU 68錸kѶ2zyrGX+n`(zF2J6>dS[&=ot e^VCipmqA1Hn.GBЌ!OȌoזLPGND,=6AGBՑ4tЊ 8CaAtYK\oWj2oX:`jphr#IjH|N9ƨ3XE؃nby/"!mEJf, Y 浶*vR2VJT2iĸʇ|Xn)a`w[hin^D+)6Ufmmt{vzU/y.+c/uc0|X!s>_޻)T5-YbMJ2/AiA@ɿq>4.M($2kRCy$(Jش)ݕ`Eb,(˜P&gG*%F!X mE6($Ӫ>lZo=#MCg4 R*(TXcey%Ć튅- RпlLlE'n^qüu˴Mm/^Q5MO7[cnlI{7]#-v\1!*V֜f4]'6rn׸ˊOC+nv[4dyZ(D:#戵@FF,eg_mz v#<>̞ZΒSVW=!':Mhy7$M:~_~%%l 4\*͈c5[eC6%p۰*c% k1ZJk\~~hvÌr4q8e~?b,A6bm,eTNm7lWı n=y.1-YJ!XlyldlǢ4P#X4_bߪJ}=֓h> UQ`[*VU2wԇܔOAZlW`5"%+R$sZ6A~WeV}|muwͬ7|rKÖp饗>*1][9= L&Y@ifږ9UfXFv IyϤ~t8Lk kBx,4Srŷ쳪$sLAaS5SM,* "3+֬(Eɲ|CrqC`7OTx5KU'zw=攈Y)w[:$ո)MΡX՞I6Im bhxu0XՅz6,m{ÔjMµ6JDr%_[*u+׶O!bYUue4$QSe[s}dok}k$ hDT/2qPH:1 f)Ynz%| RzC+ Lx`G}~ؔܮsCx:_,\]ep{J#Ԗ /.!]mR+ڨT3yߺ e%]OdakS[Z?(͋v rhšjD) FWUHP[rd_]`Qbf$Xlx5fkf}0(۪#ߕEZqT|o3_Z\ѝZn+90s y@٘64S%XWEf܊ImFձ ]-*ib4% [Sٱkb%XŇg\}6Xn7 [$u$.EZgXn3qgmTھ,"ȯ;"w]ItoVWKRyAbB7X"#e E}FYd_NLNV.h wuu3u&1SS3jϛ@k"BaƎ9î8bBkC~^\}1#BO|MU;b.RT"(N[ڦw*S,QUe;H7X2SYq=RJ)F1T ri{^Gp,j? y])Ő K5"ro%Q_xT`NU& Y/cbt⥷XJ@N [-(Sdž 7ue\Ad.!%@Ko StA$}cxXzkskl1J2[KPXP*6׏Ń.man9c(iZћln䈾R6p2c,1Ʊ$G Vt/ϵrMv{/T< ~_8^|a^ׄ ?p5.0g .!ze}s@OMgBf$VS,svS.߱5+9"ǖ 0 ֩>c$q[VRgw/z4b6aolb`ccX¯a%>`(q&FkS _D"m)/{.A&( eXҖo|;x VXh5+o2Gst9쏱ж*Y+zn& rMw+ԛf)SMSG\%⠝}Ѿ? 2>}a#wdūQc=V&4vMoae>KJ#Z{#;F+z3B?q\A'S-ӿ!$w#f|'tGP lF$ !_@U+SmV*(c`:4I1:zvRy !P WF:d`|K9@3ʔy,s>|GT_ඒr -b3V,#\"w=]ŮˍkjtϵA7#D~0ce)<5y@{5jn\3GICu/gd|Gуd𻇽;ű>d H`m+a75JtU(U6Z[?s5rGSoe,/DrS2h.rT޶]se%5}1e]"J1'k1.΁4h(ql^Hg}caqbIC^:5<+7Q3Ѵ+>HnRn7bbLR=V m M `^w\UrEDdJ+7%rq򽔼a(HaHfhWTRg[a;X2rEtC7<. fΨ)2+WvtJ]0^IOMF T+%ܫ0hј[+,d~_rud`eŇ$꬯ўf-Zɐr[2OZP ilpiTWs=rOśKMindUͥXl\ngGx5wu!m9B|"jBqi{.[vnG.)hC~)p4enS*wĖ~_! "PqTc3]M$cu#[VKDrr pk3}U֒{vGyt,YrV =>\D) rwTmΙSL*LRmؑ;xft?gn䜟4J:3݉S9oTଲ ==#N@i̞dj`mO8wW!9e8֍U6:/+Ex(7R픮C L;y;Ek+)@N&Wa2:묳`,^u+}Bۋu*v&5Iأa6A(AoZ^L#m3SG6B!Y0V1[@1JκNƹC) = R-5fkWNJ\q9 ^jQLy-ǽ|t Gm=X;/b.wT9Ob(;xQ l0QoS_@ .r ѿgI*WIP3O(9:8cB%27Rh^ln-pSIr48)FP a𐬙M!ipR*ND(YSyp'Ppń"]e0nͫ(ŗBDY(Š[{KQc 1?2PEZQ #BYmheɘEس]4u=Tr!ٲv嗲%!_یfaV\\K6kzmPY[ʷuW^wp]k]F ({ ~\<#Q Rߨv󅔩Dl ۤ9Š鬎+'M ߸5$؆؂9(Cz8\Y5˜66eaLjt~ۗW~)c8LBgԙ1ɍ&*eu-Q<Fao*鸙ڕv v(라袋|RNlmsiyfz\nIg-3ɑz@-Prt0?|W@!y]F[ͼ$h):K.2D`6čx'x"3iį:P7rkQV`i\-d)(M1":O0`xՖ5RGG$pփ&=/mÃ8qctG &$xJ!y9RD^Nn1/SXqH_84\B} RK ^68d;&q{:%![e70ot 7| _ɇZG >@<|%0 3<!1T/0yA3}PSHbAtw_=ψ E5pr=xmD/4A6<`HD `b,x2(P,!1]cʇ"E3J) MIesrQ EI0tрzW\s ϩqh 0ˬXk}s'|3kC_{Vc+0X:(#aV;ZzS+N6'pJW\O 4| ЫA`B,$] 챌mzH[;R[[XO_@:E竼.rc4aE!lD#U~G#}vQSYqz@TG RDйZ:9V tA[Ph@X$aC}Qhڜi͎u*_K/Ō?o3Bs׮ki|iGxňn9c`#G 2#u> Bj" t휦%{4 -ˎ~5H͛h1@f7U2pGR=:<EO?MuŔRKG}\r _C2r[98ъ\}G>o!Y_6L*JdvV/RPg_%918F\ŽR>ɬGM38y-P&+s2WehC~ywbn~k,5;V4 5 dN},+D( 0:0 躞Wnz*pÀxNV!_X="dXkǥrR8;`xgqq!JQ^!+|1 lf(^z'lfO)g(c[):z}QнQ]#zI]:37y% @%W#oԩBJVn=Miz)*1sV|SrDx})C{lF5I\;}eP(?7 pWX9Ȩ 급5H2d"dx:0\@+h0 v_/y`:,=Q2yH|3%+9adž F o(@֢%K.u/:2+X+ىW7Z  faiq6櫡KUw[A7m5$bl`5:J* Y?11Dmd\lC͐AU`PVX)Z% r aq4|Gw>M-Ы}tȁKe Z @B&n8_2G9̜3 $߬S U.Cw:SbP9=wVQ$袋KGg;)OHQW'y% >\ܟvt碨YD(L-ʔWRx^~2wJ٩Ġo|QOKȨsXTp%v,ϲ -2:IQ/LsqC2!O"5QsdD1.eFzX_FeV*!VGmFq\g|! ѕ]`p/tb}F TMUzoe=ZF퍤UzrO@,p“.qTjKtC淼,s(#x/$5TVۺ!24pca&htL-9~M9L5fń0Afed*E`$}(dpq(IfB '. 32;[ ɱȉyf6gLEC^x!ooIQwJQG?nYUK#k/˩Ӓ'DMqYA5vXyրرdhَs.d@Y7C*-Uu1'CY&L[xԊ8;:a='kP9ctY{+N?t_idV2* MyߕL|(ŗwќ`at8gL;9iY x#>l+lB,DD^)ܙ^enޔ2IER12kZ}ƃ^dݔK'(ʥ3*Տ>xX˳|b&`eU&>Z!9:=S 0}ye*luLٟJA`ґd *'on({>QsrYCőO7"֍` \~SY$oHz ̈l˖uVF8nxC+dh;XoxZM I0cIG$$aJJWm*ѐMZ4cʤJ5S_SVcp|.tZ#7^ H~) {Wc \+?;%ʸZ#]3m6{ь5Vjlӷ^!.t_{ +؃Zn "ViCǾ(ѥ> ʤ9:/O7ju}7CK#:r'J pok޽J%7($G~u8lXO{]iۣsXțc#/[*ئJ'+5V,f' e.ې,xw_]m++n#H-7krOul #w'݅hCF6&m1a̪.v5F=٬UIoYϜRKS$_XmStFͩtH×IG^? 9V,3w{U\k+^bbL_gE !p8Fҹ~АaA!Mg%$a_v,"xV5t/aib,0aW#eo oe>r؟21_UZ& І/6ϋI6F 6c!ϖFvKiw쳕{:(_a_:Nᗾݾ(*5I i#fmCZً)0nž*ǒelS_;{,08ކ6GǘarYwlm*:P*s!Y! ܐY>Е٣\D(/\q[q;%dM08]=`ЦZo:_8Yޝml Ls\$k '9IͿz}ypIoDqi+5"ćH#ϝ=Fua_P_%;#3)&֊U哖|1sKtg<"ky=sV{9=z MBJ|P1M7f)e9d"d>,JfK. i~#GpRBY~AƩ݉z蕿,j] 8e֡,NٔduaЉ裈d6/IƘ%L.Aw؇<WIUtis~%=3a A[yHV}L=YȉOd𰔆fi1A|*]K3ϰ !t>{ꩧF|?`H`a5਺n2a @P7#2jk,Et|U.OhcP/2@׃ZѬ3* bttiY*g ӲVdmWy˽^z% -EI2W_ ޗ-S})2T1p=n*@zxՙg8~a KDE ZI]X viK&:a_+k%s7d5/zw6݂ - Q]^gwIу$A/ c}JϹ;.ߌ(9hf~w+M{K/&[_6Ƃ^U*W YVax+ *!J8IX/|ͫsCZIWۖIKǫHVqaAr9L IAE nP*IY9NZ+jW0h54%mXU.`2}SI/If3T袋܂U |eVò(O<CC&C`ޔjjX'/E _XAіqbsI/$F b]27"iS#O,fh*7 <|[ޢ>U'DGMu2"yN >_%Fr',v u:,)0XyL_OSqI'6ϴeM"|ŇhwyLPg m|ի N3w|-LUT\cˢsp6Ĕ^])9w / >eg{LaKvI+f6hh?8(St^:}lbfA?T'=, TNV+V5c&h]8sx'ҧ_ۖnqdlbynj|u#t4=Q;ٸ4 m^T:|r{L9FJmU_U]N{\B9]")jzu6 S`?_ `KVV<#OJVc+n2!Sqoɕ||29u}+?1]BU(QI(!9X1⻈'Xr5-/Žf,'VV.pe ^5>> OCVۛ6ݲiE/\mv'GaN)?X96do?` m(Y(S#<@r UY(iB<)<3bAÚEz\|ً/;fv,7M7w 걐B!!H6ZY+t;oO;3^A.ia .C2P(zhPLᆤFpb[Sl_;*H `9KNUXpq]*hcaJJՑhY BnKZ*oP̈pz$h+X+o1<- H  Ƭoc6SYCB>e̶^xRcP葘xadu% @Ӑ/ҡ!>XJ$UjqyT eo Ee oFNn#HI9u]B%Ipw~LdNb'kXVmY(#i)j-d H7>颩ñqK M@|/GT)7֢>XQ+̓Rfj9L5{ O96[F`\"311dmYabI>ץ^z"17 ; U^n3s Gb$8b'QfZUtW,ʹ}A IEWqzZe7*+$3I||Y _yv+X;S+&׵SkceD'UOZK͈be&8YT0:!VӮr%jbx".($gW&&g/T X2;Gouc5,D{k$\\f}t렣 BǎˊIr&eEV Gl|Gg"u³+*@}0ml;%}[&&U"%T~SYqznq)5O9H6JF*~o؝a11ȯGr5%D)dB],pB)9׬OsӚ_,7MD8ﷳm'wۄ=EbZ(7HSmhŗ3g5vpDm#gXk,T#d,>PtWY씰-:J<9L_L tQRbŕ\!|F7HFG V`;t"?GO}N. D`δ 6˓D #ͬU,lJ%՚\`MkMIQ\ |IC~U]Ʌ\v+Xb#8yİN9&XiJ۴\2|"=&4-6X*xLB#;O] ,B{LJ!;8V^1P#Naõ#~lpĴk xBYP9Sƽ B7!NSN2ljMQ@&rM|m^AX%e(+C*^Cm?:KW6~:+SySZ#~K0Cv#2W iCcs4:|611͇VfK^/[6\NXOF2) ISi۴…yS 2&diCh G,T 6ˎri`i.x E'=TSZZm=6jmbSͨCF^x!ӭ̵ AjBƲExyx| ̴9IxP!(.cwc^6۬s9 S܈8lMqpI8#VuƢyÄbBi`8_z%VaU\ȞasEgV10ͫ뮻'rҊQ>Q 72ADoH݋ei)AXإ .lVXoⲟ36Fɑљe$ffD (H+~Ձdf&mM|n$^חoW [I(QA`;:+ˮl'IX}hCH\駟9gI8`,U"$H+>Gb{}1 t[Vƾ哕nROy$7E`88VRUWm -PĽ. gJR#{YD3XWHE$ 5D^qo59G^PCmybސ" nDYJzh\+*6HI0C:Y(c!6{xuA^1ɧ>)<3W1l"#*7iuW|1Lk Px`̸<}5iʣY1Hٰ| :-)T;h6SaC7tPC ]9()}n}op ǤgVWxכ YgNAUBny/;0ܗNCDLP =ܦI Gb3X" 8euvm?iIZ%Q+(q;8=Xӹ;œǸKt\z,F u "Κ"XE;+P[eaGŲP*6k g8-F48<0E++6=`67FEY"Vm Fro[4[mƚ m="_5zܕȻQΚUB-LG4ml Ħ?;owA^xr(|3"< , 53L1eGd&qU7|3 昻f)D&YdϏWj}DgʔuNdf^K078^D%ᙽtE0q6_W3ysA?(Wʉjɛ!{)(^b>NmTt՘Zꪫ<7 LFX˧!8OmGxn+k_KQ17+ k'L3IΒ5WTs=e~{p\"+,+tx.-H#PԿ׀fA3:YNȍ_I|ykX3"p9{ry稜yr.?rʎ;$F!-gNeeU(moucciom>_@3֧Qcۦ,< T^dgDu`3>1F1dt8-yŐtz3^gVO= 3bQj\ԆVV|pU#"}Sprʴ|p <n 2cN &r.`IwBF["2W}hCKn"pF!R4T_eTT[[XM9"Cp,7co̵d;eք#i!tD ʊӐb2\.nmF) ܩK9s 8.$RH6D %f!<|ͽW=0UM(T#מ @¾FfN%̱6C LTmظ6o ƶ˞-ۏˋ}b˭R+ fܣ;M;޳82Pw\olt ),xFo8q"fUܲ,2z"@[mƗ3 y?o!}'?ifO>YO|B/3lvc KKWV]~;-&mxb] pxcWU"zC[CEK[|;91)O= G! Bg3@Ƽv6gY62~:N3N}GTؿ_pO){彫6k6Y+^@"pHLkéJ*l\`dmpXҊ1PF!YndGmX_^赹wrqc(,&e"/7rN<38OMC+> |+ XƢhDEW2C;vn+Se8kNG.|$S!ފ׆qZ`_i_]$bIm8R Jդ9S+ֈ%<k*5kPa>2ȃ*{w$WRyoE݇?| 0$BlW;-%.f+-![ه%B몕'+XoŇ,ch$0cĨ3n e"E2|u&wQeW^y% 51Hbmv$DtĉŐ9jnb}+0.rwE.HOo#qQgT,=Q1Raڟ\ә`uܠ> ~׍DJ2O0+keeڣә=g6HhhKbe Ok/]7"ҷJxOc+O1 @E$+ϡ ǽH!+\q euB|ېA*C޵ uXATJSg2hRǶy1syۓpBӼ8JO&%n@&h(lʎn$ӆV|.,r۝X_pK, >`YqtKs#ݲmB \#nC~uUOQO?45?яآ>Ƴ|Q^zc nr=H6.Q0 Vs+J; W0;+]WAfgZoYq>YD H* ^ YBA Qxa4+e(|(N垓+Ype Q]׿ z;Sz뭷2alf $9ckٯG0NNSmCN ܑ>~ ‘c"m\~EB+`g ;>;\W{I='G<)$H8kL3˷A a_bNj 4l>ye}_X/2G#c}Ϟ{Ϧ'@lSNND2bS@l6 _⋕@ )VANl !a^â{IN3Z"ƩzqWy׆l*Z>@4IMq`+b]oZC1i:ƹV~1:Ĵ0.O(Ȅ5`k᜗WNAUmF|* $#_/ӿsN a , ֔X_21ɸKHpǝ%@ǀc*aiq$ǔ2Wt8)[L cOgrݎ5{R˻5>.}wTm2X$%;$L :7:Xs88s_]b$^ň:x0 䦤r'S(SQ62a5[ ;_^jtRKLQ@}t+}Pv^+z${ WsYujFk[Uѫ "W%5"EeCZ9'k[(PkSD`_Q'-j/˸.'ueVr0br>Y `Zqpcp^k'!X6 ly“Rxy2kDew!Qn%9ٷ}|Z=O:D UW$ +*9>' _Tsԋ]rC\!;e4{X(l{L\׆NXF--2 Q2>cNg2,vG*>OuTr8U] TO|ЇI4+AdIuB'f5 *r|.hs9gHىB`*+|0LXc?ҭ7t_t.%6O(%-nLNm.s Rx=aeXr@߇}%I$@59@.tc3=cKUۖcB[DE]0LiPWخX!1#MvH92ed|,ua(z&V}'L\z}PXUP*6䧚Q+0qømclӺpV gEWhƥYYo` > g῏ ?fMӊb6'BX+/s2Jq`]w9YuA{Bl VDhs㮝EY[妌/lņG7TJo~ޚ0۷~SwT,=sZq|sĞ";d2؝}-bPF$)Wxy2ힿPau vf}:YD 4K8W% i+K~i8b l6$#SJbZl"vٕ $8:Xk{ Ӈ6niE$G 8?#?.ڝc9!%mC3a6de`M.`_:o넑BcȆGy˾}JWv7Eve7rl6f9R.2Vط oa3q Uw׼5Df,_U p8 I ` buL9^^6fS *&@8&18bddȚB;68CeD(w$M1H= 8xlYW{̥ %ent#@x$[4N@' '{,+›ۚ.HBBڹf9^(䏙 Ztt;) h+I077\\$Į;x$] fG8./Jnls&:oZa?wKF;uK8SYq`*X;7[h0'z Δưc>Jrwk7>me0Eh3 fK2l-N$|v [9}A ^q>7ع__,A|:OKhje8NރF`;l/+ܗ$XSV1XE&pq..W !ڃX@'|S,̻;2=[(KcvS1rq*D`Lhv9: cS(.Fuxl%%C45=$_BF\w_RC3_~yS3\ "_pJX8*v?9yS>\D Un 6@Z1UK l5#tEpe|H~3΁*>LX&g@"ЍTV;"1# z47Ѭ8bK Bysp4hH.Fo`Hgd2bpb֘WVjBg9*/Y}Jsd K/R?V_jR yWTǕ¹(~1p8VOFg(DMa5nvBΤg{)kpÔ{pY>ǖCTt( H&I*A+zF! &E!$\ⴕq)mB\@Jӆ|m'-hȦaȜiDlFF6!?zC`׷6 ^尾i pt e>BvmC>X5¤u`s!9=T+x٪%*(f܂pD e]9,}\цTs3VU)ˈSmƓ`m (nzHF 8e]y͈}L8JфψR&5]v̙l ,y2W̚h_HG%[gUi,7V`ᥴi.v~eכosB`cD  BzY+#[)ұP&Fi.i3DjP"F!a(sWcji6P5dGG|+uw,Ntk^m7^а4=qY5bZG8VXÄ 7q {+%<Ź\8|jMB`/O ==.fb #7ziA) cǎp 5¨LɰBsqKNG3&Q@Uydd5rJ6ˉV'd<[ 's/3[&„bV!@s% }Ѝ t"iݖ} ]T_|͌ .M@He"-܊Ɩ+~uw""Mo h+e%lq"6xcojSVd3mJE!wFI[n|Nع)-5Kt/r7"Z*Eݠ/*eƚI ̓L9 8CNoY0EMI2馛pG&$xyxs=G?4XHx;T'?GyFau!l+̰ agd,bdU([ͨ3٥Aibb+ -ux_] r>NAL#/E*t 9眕Rf"dөf(+IFgEIG,v=S" C׌:#b>0Pæ҂r9;J[ψZ2-4M{n)!HZO37Q: ^>f|:gU:m6֡[Z$Ohbl6[T!F?ey"M6Fym rÁ+5p]U(RX+Bbl/>#kgm&|n#ivym@ wϞY&$c%X.>8`9.TwGw+nk/JzupeRpg|Ŝ<4iP%OMyZH3pXocnTD`:&eM K6*L`ZIG4+cu]c\OЗI#0[sEsA2Ζ@vw !+3 $@"c[qFUWq(`edA k nnTr9*i&M=tdY"ru05{:ʫ R Uy(.9*/ݤAe4`A@޺P;PôX@"$ 0Eljpܣ}0T9!"V;f+MDDrS85"r//K{1fD\K`gSL KO.[ouѽ8э?ϺO;zw;Ƅ@hŘ)d̶ ɘ``n91@ťI`6"Gk`g>uѐv3^58F|0 gQ#jP7A@176 ˼]LwwϛN=_`fd,TjϨϥ!TD H@ŗSI>*D~.;BBY sܱj^d7W&7r7k)-HD QCm Zl֓2}gxm3bV+zASd$)$D 8,f(2Pf7JxxKo)" `7+FJm%[WᖥM7!7/!nd3~,p=~7Uz m?~RIyu׭R7CzFI#0/90u'pmm}h̡-rSO-^gx< ahp" 8!&/!a1ཆۺlt=H0ky5@RD] Zb{xv(q.o/ʠ tC,zu-k/+ؕzJ`s" t,GʘW"A%\h0p5al=3xΓR`xcLp4Yޚ!h(imp`Tx:0$:h SDr(+A^9)tRͅn9'^џKx`PbC&LeK5>xYh.AFUN0lz[ 쀀pC@WUFM)Zi%5,y 7PS(PϠF鳟Yg(Ģ,2 Jp+00cm k~2d馛 ^EgGlj;ۙ-}^T$溩f"vC5cȩ*>ܩ'T!b%\«rLXT^!*ju()᳴D˿'A'#e[&SSD X4urx)kH4;8ΐ#"P!~`NҒ*!W\:ʘvfhxh*$7 "0Q 4sՆ;vT>ET~ޝh\҆|m3+! 0/x5 /8[ϽV/>4H_c0ua 5k7ǭZߵf4{WR.3*<1{r2g0mo`< F : Fǝ⮌}(vĶI/8gD% A7]~PvXvuq':?#lbll$.fumw^'6ճ4%:%^Nr-j#\v*L::< /zt҃_g-ot< }Pح t/<;]FxDD3D 8cŧ`] HHKzv2 uA P\s N#~1o~b 0 yFt4U[\q@,#i{/RMe6v}T]t^:ep-[ 61o1.0D瀭dl0$0[.rSA_~Uqǚ28JD`C*nϺ2XlLz3.F+`nSb,{7y 1ɎHL۲y Ò1ۿ ny ^"ōǐHL#L\$fT]ҽCMZt2 `^nK^tC zbуh’/fNdL]R~"4L2!U) &*0< K>*g%X|?aYW} -N/aW\ ӈ´ky.ӳA_Oie\%c&qxs/f Ns qJt*&,=s?;`"k_Ԁ؇lYmqɏ/˦B?OwdEmR%^AD"TVu\[ńȐjX*MK&?n\>:\ϊ- FՒf;T]Ũw~w v:3D1ði* "4V3"S!"Fnю"@`!9j@6"2OgL,j@pM "7`A2raKQT& Syu@ꇙyH~Y!Z͍J}TlfÅl(_"VB~%[;I3$(N(LOʕ&W -ǹA+&^Q60'THo xl .73S q&JCBJhzb2@[mKO  &X"ID>,_Hn?O=랕Yo pyg!K"3 p7FD SD 0gFS&<ϔ!5Mcud<`h0Qx1ѢI}%MM~VԨ\Q,#fiәoϣˌ"zBXiV})rP*YXxc}!ŏYӸn_njūI*Q*XOZWLwF]r/ e<], xGxiCg&_)_/p鉾n>rb܇_;,H7nJhQ\r>WwSxG`ߪ3ҐSGʺQVzL_X'"M̲v*6.> n!h>Kή#M}vBXG4MGDalszm ˓ȥ zܔ~hp ->2JIwSY>yfHs"Ad&,٩$m`c|aǵݳ.RƇnBzZ@\ cq d ߒV/(/;3]g#F |{][E票jhV1尿O .R}>4Ysw%jwۘq@(;Qr|@ :boLq.iڴm>m%ͰC֑s3C&Z["x'q|lLmFǙ!2cA]OV8‡ ن'+=m0qynZ /:rS !Hoՠ]Ꮩ T2 fR6t\"0ǒʭCg1PsC7Z"W\[GvD%HFA` #*Zjj .2pC-UƯۛ˱Dg8q$qF-+Gު|gfhG 2(EUCCt Y4yda`%K6kr {$[TX2q-uPq,RD Pm#sm+>{;QT=s`c!o1w[܀^dR_cG^6gC> 9JSLTcDMY(s{g\P'{ם7m gVnELӥKV"蓅@Rs8@+>ģfC \{C꿎 -sX,ꐅ2mO.'zT+lJ~ap&5Vg#)={Nqsz* B_^RObm+'@")SYn K `OdGa9-#AoA 6Y;"X2ȑw0nr4|a=I􍰠8[sq3iUoW+@EG8Ёx嗛^RfpcFzRc(ɀXD`Le!9H*hiqBsӬlA5rISu}R zʐ:`n/G< N7ˀw Nb yD0d3M~\^zأI_F\頯AQ?Ot P:>_^Rs5zv17:ղEI0+)5U,֢XmCkEёL@"xh4ߌb⓽rZ "Lm#cMx@qg)L wp\dɨrt)ȒAÊS>e0EÞm+kt\` #J6{7IЏT ~5+F < P AhX3seta]e(;Х$-JX;ժG)~9E Hx`Mɉ؅'."Jr ! FP5-TY`˅*~)7׆ɒQ&(v\F^wpK_VR..|.[JG{X6*;Fr'v 8_,[ÄlPTMQHf9Mn $B`*+:6E:6jc ɶ':EHUcoԎA$V䪫b@ɜ?G( 8X C;0?2C&+Z.n/Bb%Ycz:k[2Gʎ-uUU2)j;FL#g( @w5bZ:8JEI0G62W_"!}fD 8m.bQҥV"'lXÊ9CYRW=1?5$3fs`>wU_:F4 ?V,6X\ֆ|,7hu<9XYėt<3g:RWpVd%RL0_Tah>i >9ݣ0 + eBiC~+~p-,+=ܢхn;d%7@OlTd}uEzJ%-fW&$"V|^קyV-,K΄- W{Pc2ú35]H &XW`m׿yEH)$௯p%ά*6VL-H Yab!zMhit^+ dz rE"JlkdY>tlyuXeۍn?q&nSj|GKt#ZZJ}D`vvgi3aE3?iؗ쥯}V1.k YfYg #r7>^ߏؘa' _&)7?'>&,8@2N9i?伐f@"ЁTVi[IIi,q]>/Ąj̵ipPUyGɊ@ג2Γ6Kw[&k@xP毜]B׵t-\) Ƙ8pYz=f^BW 8|sK(J!݋һ;q'TsBLTcI>!wyB42L"pUL2K[lKP fqĩQ=\h 77%V6OI}xe0:$$|t0!*A={劙I2_;[0e߸j tRГ !!2-䍙j"_g ,T(,QPhGx@B7b@j_+G$a X[sv,C e:l%!_یK怏F6_bu~YK+_"jw64%!"1_16LNo)ۿbuA:ъzFD;AЪk7=NG篟b:BVU}n;Ug$ħW%o.e;ÚԇL =jېjF kc&tV͹V"9EULWjʙq*Nw޲¶y5`G=,~&Vq!g?qܗ{ xM!rmU aŁ0 xX&}+e!oi;n M"V[f`Ҡȓʒ!7~14OXXƫCF*%].YQ@x7~J_:S/"ǗŚ((:4͎=Fkl +@rwBCJ!8TԿxHX$X2/@"0 i65_S)tL҉d IO$.]ġH2xKc5x7 TL GD1*ʳ?(Z eOLP*6s]|`s9͕`F8,s;⌿AÍ X|ccqNx\V- \щmtU({嫚2W\A1MʳQ T6HE ⻩nXB9zzLŏ%cm%n0}!8ڑ/}sݞP4T; eriE>Zt]zKmv!%]4/7M"h;{3X38ҴtkLF,-"zن|Q_5mmܸMeW6^zirnJ֦VIp"6,X"cleD  Ҋ/D{#]% Һk7yܠjA8l}I&AT7%O hkjE*\D8DD,q"d !:gۍ@", ,qTx_Я~fb-˱̱=7 뮻!f͐4kE\$Mu:@7|4=£-n 2U,2&ʱcXZl&k3~RD>g]);7PvAۦfD S#<|bbjqkj aq8m2?餓P+F²ի)?! lw"ܹ[A QN}2\t* , *аv4|r^z#4m]tѣ>ڡ@-M7㎃t; ڪbl̵Њ 5Eı48f}^qeEHf@c [%@Q9pgabe[kr7MU^k Z1MBJyf%qNs_Lx|e3W/js(UaalPG&! Q\@7FdnA2|wYk$|(2 3C]$dD.hK}6E )c28X`2b,jEkP\%d\k5~XDmPoZ!(tFjhE" Kke7S\~S,- Qv,o2\&`')7HD S#D HH+>)7HD S#D HH+>co^o~_\#RfVx[}\yG^_=JD F al!|б;K/4c>}Qf4\nXkH[y'UN`OsY{3 k a e #8\ +cAVXs@zJ,77>Vu,:3 1x5a39cJ=B83Lѥlj/ᮎp@BPpMìD!V0 _ =__0?!<ǎvb3>1P;a![VW |2qü *1{'t^Ͽ۰Cp_lfr>~iP'"aPOO=z3`0Z y ez!r+=㲈Qk(>Moz)҂q*%O${@Z#9==%H {[sϕP*7(Y 08z)'`^O,JҺW!]2XU\[Fz2,YU4ƟgGa΃>?0H[oZs+=}{L60?xp?K|;aLKxB EJF a9swe_1Bж ×B&]„3sXFcb Af`iAHi"ڌU(O@, Z3s9Dn Q^W` T/0+;+ady,:=*Hg&0:XyL9@"8S=ɿD`D?H`}3_sI1ƘOhH. V?B*_mk((c3-*$Dr(FF&ZZ-/,/REq@#]!%wVns y y(iP!I,B\)2{Y({S8 e2mCn*!MW1MZ4AjAO clst5b f DیƨGπcMEĊr&E`sBY s9f6KĤ-kl<{ZgV|>;73mκF{wҎۦPvI. enC>*Lp`K݃M8@/2 , ?j9Iv@wsD"YnӇ?afŞW#2WX|.OZ]P=oom~FҀclLflD'm8d6ҳ2#b@Ψf 9dc!ҰK d[#m}iC/QoZtFt,O0]jx0 Po ((3)ekʳ!\ΚgYtB~ӟM`t+^-6l_=O؎7)3Hjv(̵ ;+npgI_&LĽ.a=>!rhur4>X]żȹ=՝mxm< 'T&1Q(=jůѷ"Ծr} o`:RjJAtSoŪk)Pcn}58,L _ZahB(Ju9#{/O.6^1p&|LDVN9JUz+?OxNz87x+a@ai a'?I?˒G -0i*^K\ѠJ>^p qS O=Tl $z$ 4oyЁC :@CWI@ O&y%a'X3xy,q%wnӳ)S78HQ$D^H\"a&d.yyX5m zzf$::N; \Zt\LvfMUd$JO::묳v5g<x:y{DY=.2XBBUmD1\c(L=ꪫ5"3#2 P0X_`17{r 1ϼEn trOҽ;o #~g)t ْGXJG-P?&GxoIb/E a\h'/f 5 zP4y{V grY(}P"L/Yg95mH7 % e̥Rυ|$@"L@OlMD HF ,_֭P}nd븂YlK{/tb@LD`ue X&Ifbbm)*-0tV.6(Y\7ExTf B1{t\s!?O8qQ丐|T_;1-*r[nrk<82hGB,"P㤄[pBx]ʯdcW^7bg v}*f?ii8>@"Ҋ]%N c p (PTlIi硪3F OIalexW&.g,iauӭƮ]"Hl䊡 k <>ǥпqmg`KVU:OаpOW4I@"p?r00tpL͠qK6Ge,~`p0Dx7[-k8@`ǣ!Lt,eJdfr@"0?6`TqˈX;d /r[+`jM}bB%;XEΥ :RG]175"ka hd!%AfI|}8y>sB`rU) ekCYBs 2!IC;2TFc&Uc,]",x虡]x,tI їSILofDMrcn="dUiB~tw84uؓȉ,KㅞT ?GBR9 eBiC>cDŜH7 % e̥RυۇЭ  o;yF(r$%$@"dr,ٯ*hdmΙX_8V|o믿~_YRBDP*υ'_X<'W1Q=v?$Lԓ(1ߊNmt+H#@f6|Ay7= /mIt y}qpvE,cc,_|EC"t=/iI0Co N7(Mi*J86^ņp[RIDPH+~%m?a;{ TxQ2 ;dJ+ n aNҒSNA%QR]vers9YlD H6D IncW1 RU/ևp1^wO.c]}լvs@caecIEaݝ9m\>L$X|"{ d?wHB#,,"0J9 Lw^f5ND`ȱJ/sG"?9_ Y( ,/P&T)h 3<**7 Sjе?ۄKщ@"$/~Ձ=h:3p)r# 6 n k*H!V|a2:!4<#HUO;4XϚTnp`xa1$@"Ѕ@ZìwyW\O=b] _>vfD XiŗW&ch &O!H\m.d{z׿uGaK8ݟԧ}@4DC$@"0G}G1Ni 9rPʈ )?pH\w2W?] }ի^E `0&|H D ;Cd$CP8N21X| SF"$@"$rwےJ#uID H6A &heD HD`I_Ri҅I?ԞFn:b)>+wf`^Ft~E83X"$G h?OB}ݧYLG&w`ʹ|䔈ceD HQkrqI'U'-O7Jaa*1SRS9.Ni90ޛq OZ$p_Kex(eʡ(d"mҊlˆQS ox^|ϑ'?Z>o} ZVgK×\r bM;vncN+N!s=O|g> L`[jЇ>#oߨRW%p-X"$_z^bۼjՍu UQO`*Y_8\/4ѷmR逑ƚQ2&'?k_ڈBrA'WyPYg d^@=0ek|J}P*\ y҅#΃`\Wc<ԸbpQˊG}X-oy 9JD 19cwgȎb,HsV*Z4 ?, k)DŽOm&$@@rEij2]f},$e]l̐}[UmhL;%cKA2|2sf,XP*6s]|Y9IQ(0=௝!H,KTXHn*'7EôqPX3:3ȼ%@"yRD HDIJetVU\w@Rs\e@"$@")i)b>HD X iŗRG"$@")i7E,'@"$KA RJ"HD H6E eD HD`)_JI@"$ $@",K)#HD "D H V|)%z$@"$"?x\*D,x?y▱~w'ԯʯ6IDATQ7p>2Ɖ[}J宻:ӈ} ^}_)({^ꪫʸmA[EO>ObΛӈXc 3sqoo*pg?(O|kG?zW'?AI'o~(G~ӟ{ yw Fv&D H:kf=~8G`Xw8' -^*33F9{ӛO}aorqÀ'E}_ sQTV}MGq)囜f7 !0" kT.nC^!K.1QRcބ4$@"E9h?ߌ.Gu?a+BofP_g>^q>P !>92 (0{ꩧ1 o}[&]z|Zo}cP(rRp5CO?e#fޜp F29Bbh>KΰM 4&IUܻ{ooo*+SO?2Ɔ[5Bf Иm1GkZZZHFi 10؅ҕ7߬jyy9) 1E4FonnV|mm-:(a} 'JFid0kjĎBQtT奮K05캢?=<<,< g 5qW-ePܽE[[[<==ipz$d\su 4&J`"$0"? eM;˝><|`zE %ma0jn[ Ǯva5w)#b1;S 5?yK/_'e)?\R$IX+D(t%-z+gX$,ަ1'D8a.IPY)mmllT!0% "f(#jWOi7&=*Gl+Sey5eFe]g'kwyK$}L_%Yn fN^v6ԷцLɫ<ȱw9%U_K^Eqqq #TqŮ}vS5N1}Iw "q(oo>H}.&~׳N֛2r<ٵHѮI^[KD&2NΏnƒ]*c5'$/5wٗ]##~ÈWATN|]􆘾[tJn Ͼfy MQ95kӗtIV%H݄!?)IMkp_OtHp[GgL6t'<Э3ݧYOy[G3L ta=6t@!tn &tS>g+]ۃz9l&hqK?}[yn0u#< u6Wu/Mx\?nBX\iVħi}`/=B{ߍ5M8G}zv`;a>x\P \WiP:7<|%{`}c${5l.6,-t.iD}fyG{Z3 3a{ûL^8tۨs\lqL]l=,{"6h9=?-۩h3ZG?喇wჇtOm~ySX1毯b9R7ʶ>6*/]{4y!لlsW~ oI^ zx!/33ѓlsSUFƂy1^)ϰtl$IzVYF671Nkk}7͵sYpPߏczf]@m}Zz={}>E5]裬'{88^Du:]Гޣ%q|?h߽uDzƵ؂rޓ9MyP| ?{۵:m67{wV\fE}3~HX:e[*[ugM߽*^N ;m, [D(/c*x72/Re$7;9_y6Xq}M.~8P6S~ YsV~ʏrW=/Y׊3/SpYoSzy`gj \kX։a8mQ=t.R>[TKz?&?7~xo)OÉzg Sl{B{k{nٖdοZo=W?S;?;b3>':0}2M~ET*W?tO@ _~_[1t_(6gAƇc[zmbDy$޴|iB˺.%x8N#pv4&?x)~Ђ8/m%G/Q F0K/ M #N`1{}%H??_>Ci簰~,)Y kNb}|y9b}i)O&YnX_o,gȰtЊ4s"}jm٘ue}=s:|>_䟵h{?ڋx B^NUXLC^mz>U>Z{][Q`+r4̈6%ۯvNN} Dd:r$0  # A" :;C#?쨳" s@= :;C#?쨳"8SorfZ x\TGwowYlR- B@!TrVLJ;.:X75A 1mFT!Zii-ZA~fvޛc7o̼7|$u` bJ8@6`>Ew0L OGqP(w˼$_w}[P\+kt笶RZ JknbW4.-ť.eed+1R8P+Q<.z=6zϥVx}lWymb>Y x gUc#ZgN-®ȍ53#R_7G)^)ߓCz= l;5t:'‹+3z?^ t 99맙 Meӝ4IwV+[=$s?@9Qfy1n3MɌi{ʯ/-TSW3Qo[q-u?_CuXKϰxT-oEyBK_޿5Iζ_T[!uƙ|2xӀ]h܀r嗘[PO۸vvF5^AX ;`7jwȳ6@t]VOR<JU%Yz\{IFbSj$(1s\+\sN8r# GsQ.pM8e#pҮ ]] c. i8M8-EyFϓxUhUŇ|1|4G` `} k!,1Џ-|K22=ٜ3.u~lm19@?f4/BBmҬL]Ri?}|(Q>}X7^{W;~Pa:4/]BOGׂWc3V|3t^0fx9ZobTi-\dP1v kZ50fk<^O ĵy=(G_J3#69yDN9ic51ffj!U`GLQ'~E= *-q:{J{$7&֊G^$L9P, VY3O_u%VZ%~%/ٞT}k&wyO) AܓQigX~^X=غb6gQwG$~d݈Ay'YgP<͏qF W~֗L$/.Kᾬ` `LsO۳IaZ|֘v6ZL^o.XΦ`鏟I݀&x}gn)-U1ܹWD65I}4= /`,yF.%M뫱s*~ʽu}긭 1 XcxL8O{ǡkv96Fi (*&(mNM;٧o|p?ي JN|q7J`R(/>0Oi"0ʽWص j^>@'!Ƈl5H;X F}Ll5J/&S A~VH8\#qU(l !5Dః=Xs}K.[ImG'MVڬA#ρOH;oDlXו;fGߑ7s_J3n[+dLX&( i8@8 NormalCJ_HaJmH sH tH R@R  Heading 1$<@&5CJ KH OJQJ\^JaJ F@F Heading 2$<@&5CJ\]aJDD Heading 3$$d@&a$ 5CJaJFF Heading 4$7$8$@&H$5OJQJ^JLL Heading 5$$d@&a$CJOJQJ^JaJ<A@< Default Paragraph Font@@  Footnote Text 7$8$H$OJQJ, @, Footer  !&)@&  Page Number@ TOC 1.U@1.  Hyperlink >*B*ph,B, Header  !&@& TOC 2 ^&& TOC 3 ^&& TOC 4 ^&& TOC 5 ^&& TOC 6 ^&& TOC 7 ^&& TOC 8 ^&& TOC 9 ^FC@F Body Text Indentd`aJ$O$ CM1 B*phPOP Default1$7$8$H$!B*CJ_HaJmH phsH tH FR@F Body Text Indent 2 hd`hLS@L Body Text Indent 3!$d`a$\O!\ Heading 2 Char056CJOJQJ\]^J_HaJmH sH tH :'@1: Comment ReferenceCJaJ4@B4  Comment Text$CJaJ>V@Q> FollowedHyperlink >*B* ph>Bb> Body Text&>*CJOJQJ^JaJ:P@r: Body Text 2'$da$aJ[tCh    LIHGFEDC [tCh         \DIAL%Jl !()8IV`pJI `_p8Yn0 ~ i !  Z\l/FS,b!%%`%%%>)O)d+, -x//11245 77\889=:P:;;<<<=>i?w@TAAQCCeD|DDDDDDDDEEF}GHCIDISIfIJOOOiVjVVg^^adddZi m m m m m%mPmmmmUq?uSu,zE|-E L*=Öƙ(ݛ+,$ڞjQР`~!8.P^ Ҹvw6)Լ(}۾2ݿ_pZiabnoVb>dc` Zw$gQ5|BA 7PkR;<d ),-./z~   !/5CHIRXbghty '+/0RVZ[z~!"> ()*8OPQRSfnovw~#$%DEFGH[dmvw}~'012Q_lz '*25=@ADhkovy "&'*=DHPT\`ad "KQU[_fjko"%-015IPSZ]ehim@;<>@Achq{S ' xVWXYZ[\]^_u:X'O*+NPo!"#/02FG9:DEtu4>IM000000000000000000000000000000000000000000000000000@00!0\0!0!00!0/0/0/0/0/0/0/0/ 0/0/0/0/0/ 0/0/0>)0>)0/0,0/0x/001010101010101010101!0=:0=: 0=: 0=: 0=: 0=: 0=: 0=: 0=: 0=: 0=: 0 =: 0 =: 0 =: 0C=: 0C=: 0C=: 0C=: 0C=: 0C=: 0C=: 0C=: 0C=: 0 C=: 0 0 00`0n90000$000$000000$0000000$000$0000000000!00000!00000000 0 0 0 0 0 0 0 0 000!000000 0 0 0 000000000000000000000000!0000000000!0!000000000000000000000'00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000`0{000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 @0@0@0@0@0 @0@0@0 @0@0@0 0000000000000000000 ((((((((((((666666DDDGiC)  3!C<#Ll>-<@|HJfM qEƝФP)n,.~  /HRgtZ!Ow%v0_"5  VX^u*N"uLK )EGHJj(DFGIi *>Z]^`'=Y\]_:Njmnp2568Xm7SVWYy7Lhkln  * - . 0 P \ x { | ~ G c f g i    ! A   t     ' n 8TWXZ'*8889:.:PmhmkmL TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%TX%T̕XX  (/26=@G!!t!t!t8@66(   (t3 A3  s"*?` B c $X99?(t3T C # C  T D # D"Hc% T E # El"%c% T F # F4( ),x/1=:DISIOjVg^dm%m?u*`!c<dA,M  !"#kEN) -/1O:RIdIOV^d$mOmRu<7 Ѹmc:bMM=TJTyyYx| 12,3MU^$+-+996]D]mm[zcz\{d{;Dv)wԼ(۾12ݿ^op2gh~JMhKT `~]e&(mz~-_a4oqPMS#FWv Y"12}7M3333333333333333333333333333333333333333333333333333333333333333333)H(G>^=]Nn6m7WLl . \ | G g  ~ ~  s s t  m m n 8XimjmN1289:CDEtu34>HIJMLarry|C:\Documents and Settings\Larry\Application Data\Microsoft\Word\AutoRecovery save of Identity_Theft_Project_Master_04-05.asdLarrysC:\Documents and Settings\Larry\My Documents\Pace University\Identity Theft\Identity_Theft_Project_Master_04-05.docLarry|C:\Documents and Settings\Larry\Application Data\Microsoft\Word\AutoRecovery save of Identity_Theft_Project_Master_04-05.asdLarry|C:\Documents and Settings\Larry\Application Data\Microsoft\Word\AutoRecovery save of Identity_Theft_Project_Master_04-05.asdLarry|C:\Documents and Settings\Larry\Application Data\Microsoft\Word\AutoRecovery save of Identity_Theft_Project_Master_04-05.asdLarry|C:\Documents and Settings\Larry\Application Data\Microsoft\Word\AutoRecovery save of Identity_Theft_Project_Master_04-05.asdLarry*A:\Identity_Theft_Project_Master_04-05.docLarrywC:\Documents and Settings\Larry\My Documents\Pace University\Identity Theft\Identity_Theft_Project_Master_04-05Wiki.docLarrywC:\Documents and Settings\Larry\My Documents\Pace University\Identity Theft\Identity_Theft_Project_Master_04-05Wiki.docLarryxC:\Documents and Settings\Larry\My Documents\Pace University\Identity Theft\Identity_Theft_Project_Master_04-08Final.doc 8ӳs(/S`oq rޗza Q hDH6l;" -v'$A6#U>8[0ro{}8oLh ^`hH.h ^`hH.h pLp^p`LhH.h @ @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PLP^P`LhH.808^8`0o(. ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.h^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHhpp^p`OJQJo(hHh@ @ ^@ `OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hH^`o(. ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.hhh^h`OJQJo(hHh 88^8`o(hH.h^`OJQJo(hHh  ^ `OJQJo(hHh  ^ `OJQJ^Jo(hHohxx^x`OJQJo(hHhHH^H`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hH 68q r8[U>-v'l;" Q o{}(/                                              ),-./z~   !/5CHIRXbghty '+/0RVZ[z~"> )*OPQRSfow$%DEFGH[dmvw~'012Ql '*25=@ADhkovy "&'*=DHPT\`ad "KQU[_fjko"%-015IPSZ]ehimchq{S ' xVWXYZ[\]^_u:X'O*+M@8BL`@UnknownLarryGz Times New Roman5Symbol3& z ArialKTimesNewRomanPSMTK,Bookman Old Style?5 z Courier New;Wingdings"1h99w$F *%l$j!0d+53QHXIdentity TheftIBM_USERLarryOh+'0  8 D P \hpxIdentity Theftden IBM_USERTheBM_BM_NormalRLarryR2rrMicrosoft Word 9.0@e@dk2X@8Z@8Z*%՜.+,D՜.+,< hp|  IBMl+ Identity Theft Title$  8@ _PID_HLINKSA  Phttp://www.privacyrights.org/SK!http://www.consumer.gov/sentinel0_Toc1319989410_Toc1319989400_Toc1319989390_Toc1319989380_Toc1319989370_Toc1319989360_Toc1319989350_Toc1319989340_Toc1319989330_Toc1319989320_Toc1319989310_Toc1319989300_Toc1319989290_Toc1319989280z_Toc1319989270t_Toc1319989260n_Toc1319989250h_Toc1319989240b_Toc1319989230\_Toc1319989220V_Toc1319989210P_Toc1319989200J_Toc1319989190D_Toc1319989180>_Toc13199891708_Toc13199891602_Toc1319989150,_Toc1319989140&_Toc1319989130 _Toc1319989120_Toc1319989110_Toc1319989100_Toc1319989090_Toc1319989080_Toc131998907  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&()*+,-.5Root Entry F>8Z7Data 1TableʭWordDocumentSummaryInformation(DocumentSummaryInformation8'CompObjjObjectPool>8Z>8Z  FMicrosoft Word Document MSWordDocWord.Document.89q