To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses

An anonymous reader writes with this news snipped from The Register: Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says. The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers. The interception campaign was revealed last May. Speaking at a Cisco Live press panel in Melbourne today, Stewart says the Borg will ship to fake identities for its most sensitive customers, in the hope that the NSA's interceptions are targeted. 'We ship [boxes] to an address that has nothing to do with the customer, and then you have no idea who, ultimately, it is going to,' Stewart says.

Not new

[raftpeople]

"We ship [boxes] to an address that's has nothing to do with the customer,"

I know some other companies that seem to do this for about half my orders.

Re:Not new

[fictionpuss]

If the NSA does not already have access to Cisco's obfuscated address system, then they are not doing their job.

Re:

[Phreakiture]

If the NSA does not already have access to Cisco's obfuscated address system, then they are not doing their job.

Perhaps, but I believe it is incumbent upon us as American citizens to make their job as difficult as possible. The more steps they have to take to get at our information, the better. The ultimate aim should be to make their data collection so difficult that they have to ration their efforts.

Re:Not new

[hjf]

As a foreigner, I believe it is incumbent upon you as American citizens to OUTLAW THE FUCKING NSA.

Seriously? A WORLD CLASS COMPANY SHIPPING TO DECOY ADDRESSES to avoid ILLEGAL GOVERNMENT SPYING?

WHAT THE FUCK, AMERICA?

Re:

[fuzzyfuzzyfungus]

If the NSA does not already have access to Cisco's obfuscated address system, then they are not doing their job.

It doesn't help that the list of addresses that would totally be plausible recipients of an order of big, fancy, networking gear is markedly smaller than the list of addresses.

Even if you ruled out cracking Cisco(which the NSA obviously wouldn't), bulk characterization of addresses by demographic is something that those sleazy abhumans in 'direct mail marketing' have been doing since before 'spammer' was even a term. Purely by collating publicly available information(or just hiring one of the existing da

How much to become a sensitive customer?

[Iamthecheese]

I would be happy to pay a little extra for this service for non-critical hardware. But if I were actually concerned the NSA would want to twist my knickers there's no way in hell I would: It's a huge red flag for them. Instead I would bribe someone at a different company to accept my shipment and forward it to me.

But let's be honest, if the NSA is interested enough in you to install extras on your hardware, they probably already know your favorite porn, your underwear size, and what you had for breakfast. I'm happy to see extra services appearing for privacy-loving individuals but I don't think this particular one will help.

Re:

[hcs_$reboot]

Or maybe Cisco just needs some free advertising?

Re:

[Anonymous Coward]

How much to pick up product as a will-call at the manufacturing facility?

Re:

[ultranova]

But let's be honest, if the NSA is interested enough in you to install extras on your hardware, they probably already know your favorite porn, your underwear size, and what you had for breakfast.

Because there's nothing more competent than a government bureau safe from inspections. Which, apparently, is intercepting your shipments just because, seeing how it already knows everything. It wishes you to see it as omnipotent so you won't even try. In reality, it couldn't even hold the loyalty of one of its own.

Re:

[ultranova]

Oh right. So when do you expect this "fall" to occur? Because there's not much sign of the three-letter gov agencies letting go of the world's private parts any time soon.

And why would they, when you're signaling right here that you're simply going to submit without a fuss? The NSA will fall when it goes beyond what US citizens are willing to tolerate. Since you tolerate your state killing you, I suppose it might get a while to get there. Or not, as this very story demonstrates.

I cite Obama's election prom

Re:How much to become a sensitive customer?

[jedidiah]

I think this service is entirely pointless. If you are worried about interception using a common carrier, then you need to stop using common carriers. Full stop.

You need to use a proper courier. You also need to work on making your gear more tamper resistant.

Re:

[MachineShedFred]

Yeah, this sounds like a great idea until Cisco receives a subpoena for a list of all customers that used this service.

Whoops!

And credit card numbers will be securly stored

[plopez]

They will be cloudified using super secret double Rot13 encryption.

Re:And credit card numbers will be securly stored

[Minupla]

No! Rot 13 is broken. Hey, Triple DES made DES secure again! We'll do quadrupedal Rot 13! That'll fix em!

Min

a bid to foil the NSA, John Stewart says

[xxxJonBoyxxx]

>> a bid to foil the NSA, security chief John Stewart says

Both John Stewarts are funny guys.

Re:a bid to foil the NSA, John Stewart says

[Your.Master]

The plural of John Stewart is John Stewarten.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Joey Vegetables]

A shipment from San Francisco to Dallas for example, that takes a detour to Boson...

Didn't they only just recently discover that? [wikipedia.org]

Or we just stop buying Cisco.

[Kenja]

Really... when was the last time any of us thought Cisco was the best choice for a project?

Re:

[cdrudge]

Anytime the Cisco account manager stopped by or called.

Re:

[Strider-]

Really... when was the last time any of us thought Cisco was the best choice for a project?

Actually it can be a great deal... I'm in the process of building up a campus network for a non-profit, that will eventually have some 25 switches (Core and access), and 3 or 4 routers. All of it Cisco. Why? Because Cisco's support policies are such that there is tons of perfectly serviceable EoL/EoS equipment available on the secondary market that suits our needs, and available for very little $$$.

Ok, however

[Registered Coward v2]

If you are sophisticated enough to intercept shipments to known addresses what is to stop you from intercepting those to unknown ones and ignoring those to good addresses. It's a bit different than saying lets get boxes to X and ignore YZ to get any not going to YZ? More labor intensive, but some cross referencing of unknown addresses and intel work could still allow an intercept operation to continue.

Alternatively, a little human engineering where a big buyer of Cisco products in the US government says "Fi

No confidence

[Anonymous Coward]

I still can't trust that mechanism. Cisco needs to offer tools to verify the devices are genuine.

Ah, now I see why he quit the Daily Show

[Ecuador]

I expected him to go into politics or something like that. But I guess Cisco security chief is not that bad. Not as funny probably, although I do laugh at some of their obscenely overpriced stuff.
Quick question, how exactly do they establish these fake identities? It would not be such a good scheme if all it does is flag shipments for NSA "hey, look at this, we don't want you to know where it is going"...

Why not just deliver it yourself?

[NothingWasAvailable]

This strikes me as either silly (very James Bond), or an indication that Cisco doesn't even trust its own employees.

Otherwise, why wouldn't Cisco just hand deliver the items using its own employees.

Taking this cloak-and-dagger approach implies that if anyone at Cisco knows who's receiving the hardware, then it is at risk, meaning that Cisco is compromised and knows it.

Re:

[Ksevio]

Probably because Cisco doesn't want to move into the courier business.

Re:Why not just deliver it yourself?

[magarity]

Taking this cloak-and-dagger approach implies that if anyone at Cisco knows who's receiving the hardware, then it is at risk, meaning that Cisco is compromised and knows it.

It also implies that the real problem is at UPS/FedEx/DHL? I'd like to know what the shippers have to say about these interceptions.

Re:

[Grishnakh]

I'd like to know what the shippers have to say about these interceptions.

They probably can't say anything because they've been served with National Security letters and aren't allowed to talk about anything under threat of prosecution or worse.

Re:

[mcrbids]

It's a company, not a military. Of *course* they're compromised! Or at least, compromisable! I mean, every single employee comes to work because they are getting paid. So the NSA leaves a suitcase full of cash at an employee's house, and is asked to leak data, and is offered full legal immunity for doing so.

You wouldn't take an extra $20,000 risk free? If not, you don't know somebody at work who would? Many people would do this for much less.

NSA doesnt' know?

[ugen]

Seriously, I would assume that NSA at least has a "mole" in the order processing/accounting/shipping dept. at Cisco. Unless Cisco pays a lot more than market to these rank-and-file employees or gives them benefits unheard of elsewhere, they aren't particularly hard to get to cooperate, I would guess.

The NSA will respond

[mark_reh]

by putting their stuff into the Cisco boxes in the factory. Wait, aren't they already doing that?

Re:

[frank_adrian314159]

Does it really matter? Does anyone really want to use Cisco gear?

Re:

[courteaudotbiz]

If I check their annual revenue report ($47BN between July 2013 and July 2014), well, some people buy Cisco gear...

Re:

[coofercat]

No - that's the chinese ;-)

Re:

[jedidiah]

...or Iranian democracy could have turned out like Egyptian democracy and all without our help.

Cheaper, faster, better, ...

[fulldecent]

Better solution: include an iPhone and backup battery in the shipment. Use Find my iPhone.

Or just use FedEx's or UPS's real time tracking [blogspot.com] :-)

Re:

[xanthines-R-yummy]

Yes, because NSA *surely* can't hack those types of sites, too...

And how, exactly, are they going to do that?

[tacokill]

You see, the US Government is very keen about governing exports. They prohibit shipping many products into restricted countries and they actively police it in a serious manner. Anyone who's product gets found in a restricted country is in hot water. It doesn't matter if the product(s) was sold through an intermediary or 20 middle men, the manufacturer is 100% responsible for asserting, under penalty of law, that their products will not end up in a restricted country and that's that. The treasury department even publishes a monthly list of offenders they catch but I apologize as I cannot seem to find it on google.

To address this issue, many companies that have been caught are required by the US Treasury Dept to document every single end user of their product. Yes, every single unit that is sold must be documented as to where it's final resting place is. I doubt Cisco is under this kind of requirement (unless they've been caught in the past) but it seems this new policy is a huge risk for them in that area. If you were an Iranian supply store trying to procure Cisco equipment, this seems like a good way to do it without anyone knowing or being able to track it --- and that's a serious risk for Cisco.

The minute one of those units gets found in Iran (or any restricted country), all hell will break loose. Again, it doesn't really matter how it got there.....

Here [doc.gov] is a good overview of the requirements and Here [hostgator.com] is a company that has a good policy summary that they live by. Smart on them.

Understand that this has nothing to do with NSA or espionage. This is just a basic requirement of doing business overseas and exporting products. Doesn't matter whether it's plastic dog poo, Intel CPU's, lab equipment, cranes, or other engineered equipment

Source of the order

[in10se]

Seems easy to circumvent. The [GOVERNMENT ABBREVIATION] monitors the original online or phone order and knows who ordered it. Who cares where it's being delivered.

Re:

[Dunbal]

OK, and how will that help them intercept the shipment and install their spyware on the product?

Re:

[in10se]

The exact same way they are doing it now.
(I have no idea.)

The summary seems to say that only high-value targets are being intercepted, and that Cisco is trying to protect those customers by shipping to somewhere other than their place of business. If that's their new form of protection, it doesn't change anything if the NSA knows who it belongs to.

Boxen? Really?

[l0ungeb0y]

Slashdot needs a "pudger rockin' a fedora" icon for autist keyboard operator submissions

Re:

[courteaudotbiz]

If you RTFA, you would notice that "boxen" is used in the original article. Also, "boxen" can be used as the plural for "box", but it is uncommon.

Re:

[Thud457]

"Technically correct" is the best kind of correct.

NSA, the Anti-American Agency

[BrendaEM]

Someone needs to put some reigns on this out of control horse.

Pointless.

[DoofusOfDeath]

The NSA seems to have its fingers up so many people's hoo-has, that it could easily sort this out. It's amazing what an agency can accomplish when it's not held accountable for ignoring the Constitution. Fucking traitors.

Nope...

[tomhath]

He's a sergeant in the Chinese Army.

Red Herring

[Greyfox]

Does nothing if all hardware is compromised prior to shipping. Would they be allowed to tell you if it were? Would they even be aware if it was? Has the government ever looked at their code or received a report from them about potential security vulnerabilities as part of a disclosure required for a government contract or security certification? I'm guessing if they did, that report was sent directly to the NSA.

Re:

[courteaudotbiz]

Well, maybe you're right and Cisco want to put a false feeling of "anonymity" to compromise more high profile targets with their preinstalled backdoors. Or maybe it's just a way for Cisco to make more money on the back of its customers. In any way, their method cannot guarantee anything, since the shipment is just the last step of an order, and the order can be compromised at so many earlier steps.

Also kind of funny..

[duck_rifted]

..if we forget about all the serious stuff related to it. Summary: "We don't like all this cloak and dagger spy stuff. We want to distance ourselves from intelligence agencies, and show that we're nothing like them. So here's what we're going to do. The shipment will first be sent to the location disclosed by our asset in the field. Refer to challenge-handshake protocol in the self-destructing memo dispatched last week by home office. After delivering the football, the site will be monitored by an eli

Perform tear-downs instead

[DigitAl56K]

Start visiting locations of concerned customers, tear-down their units, check for implants, pull chips, put them in readers, verify firmware, etc. etc.

Figure out what changes are being made to the equipment and then warn customers to check for them upon receipt. Tactics will then change, so check new shipments again 6mos. later.

Trust

[Anonymous Coward]

Good job NSA! Way to destroy not just any integrity we had left as a country, but also undermine trust in the products we sell as well.

A band-aid on a festering wound

[rock_climbing_guy]

This is, at best, like putting a band-aid on a festering, infected wound. This will change nothing. At best, they might stop a few interceptions, after which they will be served with a "national security letter" or something along those lines telling them to cooperate with the three letter agencies or else.

The only way to fix this problem is to go to the source and reform our three letter agencies, and the ho-hum reaction to the Snowden revelations suggests that it won't happen anytime soon.

Think about it

Don't ship, send an employee-courier

[davidwr]

If it's THAT sensitive, either have the customer pick it up from a Cisco-controlled location or have a Cisco employee hand-deliver it to the customer.

Use tamper-evident seals [wired.com] and use something like a "warrant canary"-like system so the delivery person can effectively tell the customer that to the best of his and Cisco's knowledge the shipment was not tampered with en route: The absence of a followup message from Cisco guaranteeing that the shipment and delivery were not intercepted would be treated as a message that it might have been intercepted.

Speaking of "canaries" I wouldn't be surprised to see specialty shipping companies or specialty-arms of big-name shipping companies use "canaries" to guarantee that their shipments were delivered to an authorized person and not tampered with en route.

Re:

[plopez]

box, pl. boxen

Re:Boxen? WTF?

[Holi]

In what fucking language. Pretty sure boxes is the pl. of box. But you know with everyone out there making up new spellings left and right how am I supposed to keep up. (I mean really "rediculous"???? why that one pisses me off so much I'll never know)

Re:

[hcs_$reboot]

My bet, despite them to be pretty far away, goes to a 'n' that surreptitiously replaced a 's'.

Re:

[sumdumass]

Years ago, this was a common mistake by people trying to touch type to fast for their skill level that actually became sort of a fad when talking about computers. Your boxen or my boxen actually refered to our computer hardware. Its also the reason we have lulz insted of lols.its now considered plural for lol but it was really just people trying to keep up with chat in busy chat rooms- where the originsl shorthand started before texting.

Re:

[Crashmarik]

I'll see your vax and raise a DEC-20

Re:Boxen? WTF?

[plopez]

So what is the pl. of "ox"? "Oxes"? I think not.

Re: Boxen? WTF?

[spongman]

What's the plural of fox?

Re: Boxen? WTF?

[Ksevio]

Apparently it's foxen since anything that ends with "ox" it pluralized the same way

Re:

[Anonymous Coward]

No, the plural of vixen is "threesome".

Re:Boxen? WTF?

[in10se]

Have you never read The Jargon File [catb.org]. It's required reading for any hacker.

Re:Boxen? WTF?

[Molt]

I view it more as required reading for anyone who plans to spend time at MIT in the 1960s.

Re:Boxen? WTF?

[Anonymous Coward]

Boxes is the plural of box only if you're talking about containers like cardboard or wooden boxes, etc.

If you're talking about computer gear that happens to come in a vaguely box-shaped chassis (like a computer or a network switch), the plural is boxen. See also "vaxen".

Keep up? The terminology is possibly older than you are.

Re:

[plopez]

Whoosh! Thank you for playing....

Re:

[DoofusOfDeath]

In what fucking language. Pretty sure boxes is the pl. of box.

Auf Deutsch. Seien Sie nicht so unglücklich sein nicht.

Re:

[NotInHere]

No, its like with kid and kitten.

Re:

[qwijibo]

Why it pisses you off is right in the spelling.

Rediculous = something that is so maddeningly ridiculous that you turn red with murderous rage

Example: how you feel when you see someone use "rediculous" in a sentence.

=)

Re:

[cayenne8]

I mean really "rediculous"???? why that one pisses me off so much I'll never know

I think this one predates you my friend.

That is the CORRECT pronunciation by our old friend Ricky Ricardo....shortly after uttering this, he'd tell Lucy she had some "Splaining to do".....

Re:

[jc42]

In what fucking language. Pretty sure boxes is the pl. of box. But you know with everyone out there making up new spellings left and right how am I supposed to keep up. (I mean really "rediculous"???? why that one pisses me off so much I'll never know)

Hand in your card and get the fuck out.

Yeah; methinks we're seeing the symptoms of a serious humo[u]r deficiency here. These things have a long history in the English-speaking world. Many of us are quite aware of the ridiculocities that can easily be found in the English language, and a lot of humo[u]rists have gotten audiences laughing by mocking some of the stupider things in our language. This especially applies to the irregular plurals, which of course are derived from plural forms that were once regular (and still are in German), but wh

Re:

[jc42]

We might as well start with Lewis Carrol

Or with this well-known one about the absurdities of English spelling:

A plan for the improvement of spelling in the English language
By Mark Twain

For example, in Year 1 that useless letter "c" would be dropped to be replased either by "k" or "s", and likewise "x" would no longer be part of the alphabet. The only kase in which "c" would be retained would be the "ch" formation, which will be dealt with later. Year 2 might reform "w" spelling, so that "which" and "one" would take the same konsonant, wile Year 3 might well abolish "y" replasing it with "i" and iear 4 might fiks the "g/j" anomali wonse and for all.

Generally, then, the improvement would kontinue iear bai iear with iear 5 doing awai with useless double konsonants, and iears 6-12 or so modifaiing vowlz and the rimeiniing voist and unvoist konsonants. Bai iear 15 or sou, it wud fainali bi posibl tu meik ius ov thi ridandant letez "c", "y" and "x"— bai now jast a memori in the maindz ov ould doderez —tu riplais "ch", "sh", and "th" rispektivili.

Fainali, xen, aafte sam 20 iers ov orxogrefkl riform, wi wud hev a lojikl, kohirnt speling in ius xrewawt xe Ingliy-spiking werld.

Re:Boxen? WTF?

[fhage]

Kids these days... Digital Equipment Corporation (DEC) VAX.

We had several Vaxen in our lab.

It's used to show who groks tek. Sales dept use "Vaxes". Users say Vaxen.

Now, get off my lawn. I just mowed it.

Re:

[orgelspieler]

I'm waiting for Holi to ask wtf "grok" means next.

nothing sucks like a

[mbkennel]

There was a 1950's-1960's british vacuum cleaner brand, named you know whawt, advertised with the tag line, "nothing sucks like a Vax".

Re:

[dugancent]

No.

http://www.merriam-webster.com... [merriam-webster.com]

Re:

[zifferent]

Geeklore, dude. If the plural of ox is oxen then the plural of box is boxen. Sheesh. Next you're going to tell me you don't know what borked is.

Re:

[in10se]

How can you call yourself a /. reader having not read The Jargon File [catb.org]?

Re:

[hcs_$reboot]

It's in my dictionary: Appomattoxen Cloroxen Coxen Firefoxen Foxen Knoxen Maaloxen Maddoxen Wilcoxen Xeroxen boxen chatterboxen chickenpoxen cowpoxen coxen detoxen equinoxen flummoxen foxen gearboxen heterodoxen iceboxen jukeboxen letterboxen loxen lummoxen lunchboxen mailboxen matchboxen orthodoxen outfoxen oxen paradoxen phloxen pillboxen postboxen poxen sandboxen shadowboxen smallpoxen snuffboxen soapboxen soxen strongboxen tinderboxen toolboxen unorthodoxen

Re:

[bws111]

No, it isn't. Boxen means related to the boxwood tree. Boxes is the plural of box. Boxen is only used by people who want to sound smarter than they are.

Plural of Box is Bice

[Anonymous Coward]

Mouse-> Mice
Louse -> Lice
House -> Hice
Platapouse -> Platapice
Faux -> Fauce
Fox -> Fice
Box -> Bice

Re:

[marciot]

A number of animals do not have plurals, they have a group name:

A basement of geeks.

Re:

[Holi]

Go back to school.

Re:

[MachineShedFred]

Yeah, because the English language is incredibly consistent, and is never contradictory in any way.

Your argument fails on face value alone.

Re:

[MachineShedFred]

Lots of people keep saying this, but if it's only the last two letters that matter in distinguishing the plural form, then I submit to you:

Goose is to geese, as horse is to ???

A. Heese
B. Horses
C. You're an idiot
D. Both B and C.

Re:boxen and Borg?

[serviscope_minor]

What?

You just lost you nerd cred, that's what. I sentence you to 5 hours of reading the jargon file.

Re:boxen and Borg?

[bill_mcgonigle]

What?

"Editors"

While admiring Cisco's efforts here, this seems hard. At least these criteria would need to be satisfied:

1) the order would have to come in over an actual secure channel and be handled on known-secure systems.
2) the payment could not be processed until the delivery was made. Once the payment is made, the delivery location is compromised for future orders.
3) the shipment would have to be to a location that does not appear on the MLS. The receiver would have to follow tracking and send a courier out to meet the delivery driver (a easy expense for the right customers).

Driving to a distributor for pickup also seems like a good idea, so long as #2 is adhered to, since it amplifies the required effort of an attack to intercept several palettes of gear.

What other attacks are there on such a secure-delivery system using a common carrier?

Cisco are in it up to their necks

[Anonymous Coward]

If you trusted Cisco, you'd drive to a random store at a random time and buy a unit off the shelf.

However CISCO sell tech to the US government, and in turn are required to hand their code over to NSA we presume, and certainly have been deeply involved in NSA's cyber security stuff, so I think you have to consider their routers compromised.

http://www.nist.gov/itl/csd/nccoe-041513.cfm

"ROCKVILLE, Md. — In recognition of the critical need to protect private-sector intellectual property and other valuable

Re:

[dpidcoe]

Or just ship everything in boxes with tamper evident seals, then instruct the end user on inspection of said seals while informing them that anything with a broken seal will be replaced?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[jeffmeden]

What?

"Editors"

While admiring Cisco's efforts here, this seems hard. At least these criteria would need to be satisfied:

1) the order would have to come in over an actual secure channel and be handled on known-secure systems.
2) the payment could not be processed until the delivery was made. Once the payment is made, the delivery location is compromised for future orders.
3) the shipment would have to be to a location that does not appear on the MLS. The receiver would have to follow tracking and send a courier out to meet the delivery driver (a easy expense for the right customers).

Driving to a distributor for pickup also seems like a good idea, so long as #2 is adhered to, since it amplifies the required effort of an attack to intercept several palettes of gear.

What other attacks are there on such a secure-delivery system using a common carrier?

The most obvious one: they will just intercept everything leaving Cisco and not heading to a reputable US company (scratch that, they probably target reputable us companies too). If they can intercept and MitM one box they can surely do it to a thousand. Why should they care if they don't even know where it's going, they can needlessly bug 1000 routers for every 1 that gets inside the right place and still have enough money in the budget to buy donuts on friday.

Where did you get criteria 2 and 3 from? It

Re:boxen and Borg?

[DanielRavenNest]

Then the answer is not to send the hardware to empty buildings, but to install a GPS tracking device in the shipping container, and see where it goes off-course. Bonus points if you can track it all the way to the NSA modification warehouse, but at least if you know where it got diverted, you can figure out *how* it gets diverted. I suspect the truck drivers are in on it, but without tracking data, that is just a theory.

Re:

[Ralph Siegler]

Your use of "neckbeard" dates you, that was a hip term two years ago. I'm guessing you have a neckbeard fetish, there might be genre of porn just for you.

Re:

[penandpaper]

Your use of "neckbeard" dates you, that was a hip term two years ago. I'm guessing you have a neckbeard fetish, there might be genre of porn just for you.

Refer to Rule34. HTH HAND.

sauce or it didn't happen.

Re:

[Talderas]

And think of the corporate goodwill it would build.

Re:

[Grishnakh]

Could they do this? Surely the government would just send them a National Security letter and force them to comply under threat of being disappeared.

Re:

[Bob the Super Hamste]

You give the TSA mouth breathers too much credit. This is a far more likely scenario:
TSA goon: Waht is this? It looks expensive. (puts device in their pocket)

or:
TSA goon: What is this? Whoops! (drops device on the floor on accident)

Re:

[bhlowe]

Just address the shipping label to "Iran Institute of Centrifugal Studies" C/O Mailboxes Etc.

Re:

[rock_climbing_guy]

And watch you lawsuit be thrown out because... "National Security!" This will not end unless and until reforms to the three letter agencies are codified into law, and then I have doubts that even that will stop it.