Especially not when you send passwords and private keys to dodgy third parties that suffer security breaches and lie about it

Summary: Sirius ‘Open Source’, emboldened by ISO ‘paperwork’ (certification), lost sight of what it truly takes to run a business securely, mistaking worthless gadgets for “advancement” while compelling staff to sign a new contract in a hurry (prior contract-signing scandals notwithstanding)

A part devoted purely to ISO was last week’s focus/work and this week we show some of the company’s awful practices when it comes to security. This is the most recent example. It’s from this past October and it’s likely what got me “flagged” for bollocking. In short, after the contract-signing scandals of 2019 I was apprehensive about signing another unknown contract and moreover consenting to a company-provided spying device (with camera and microphone) being inside my home. My wife was also hesitant; she expressed very strong opposition to this even before I did. “What next?” she said…

My E-mails about company “mobile phones” were discussed with a friend in IRC (personal channel), albeit only after careful redaction. Polite language was used. Facts were adhered to all along. At the bottom of this post the communications are reproduced in full, with clients’ names and colleagues’ names redacted.

This “mobile phones” strategy it is not about saving money; outsourcing never saves money, it adds a trap for short-term savings. The bills, in turn, gradually increase by a lot and services stop working or get shut down. They cannot even be debugged because they are proprietary (AWS and Google in mind).

As the communication below shows, first they sent some ‘enticing’ message and later they sent an “ASAP” for a contract to sign (for “smart” “phone”). It was likely some sort of waiver. The messages were sent less than 10 minutes apart, obviously coordinated for effect, and there was no room for debate. If the company wants to buy brand new phones while deprecating existing Cisco phones of all staff — and it won’t settle for low-cost phones while at the same time admitting to employees that the company is tight on budget — then what gives?

But there are deeper, more profound issues at stake here. To give some background, consider what the EFF published last month in relation to NLRB (unions):

How does this work? The NLRB protects the right of workers under Section 7 of the National Labor Relations Act to organize and discuss joining unions with their coworkers without retaliation and the board’s General Counsel rightly suggests that surveillance of workers by their bosses can lead to unlawful retaliation, as well as a chilling effect on workplace speech protected by the NLRA.

“It concerns me that employers could use these technologies to interfere with the exercise of Section 7 rights … by significantly impairing or negating employees’ ability to engage in protected activity—and to keep that activity confidential from their employer,” General Counsel Jennifer Abruzzo said in her letter. She added she will urge the board to act to “protect employees from intrusive or abusive electronic monitoring and automated management practices” that interfere with organizing rights.  The general counsel’s memo serves as a marker for future cases considered by the NLRB. Traditionally, the opinion of the NLRB’s general counsel has a significant effect on how the board rules on cases it considers. This means that, should workers wish to file a claim with the NLRB along these lines, the board would take this opinion into account.

While worker privacy has been considered within general consumer privacy bills, workplace privacy rights function differently than those in many other contexts. A worker often cannot walk away from a camera pointed at their workstation. And while a consumer may feel they aren’t really “consenting” to data collection when they use a product or service, they generally have the option to go to a competing product. Workers don’t; saying “no” could cost them their livelihood. Therefore workers are set up to potentially lose certain rights during the workday.   

At the end of the month the EFF revisited this issue:

Since then, EFF has joined with those in the labor community to learn more about surveillance in the workplace and on work devices, and the effect it has on employees. Particularly as regulators start to pay more attention, and legislators include workers’ privacy in general consumer privacy bills, it’s important to understand the ways that the workplace presents unique challenges in this arena.

Bossware has Real Effects on Workers

As white collar remote workers felt bossware breathing down their necks, there was more coverage than ever of how employers are monitoring the workforce, and the lasting effects it has on workers’ health, safety, livelihood, and collective bargaining rights. Even for remote staff, these stresses affected their mental health and family responsibilities. But it is workers across all fields that have increasingly felt the heat of surveillance, and some of the coverage was propelled by blue collar workers who fought back, from meatpacking facilities to service workers to delivery drivers who experienced increased surveillance as a form of retaliation for wage demands. Neither the ineffectiveness nor the impact on real people calmed employers’ desires for increasing means to monitor and control worker behavior, with some even floating a database on worker productivity. Courts and agencies in other countries, like the Netherlands, have been quicker to take on U.S. firms who they allege have violated the human rights of foreign remote workers with demands on their acquiescence to invasive monitoring.

One lingering concern was, those “phones” can be used for spying and we already know the company was spying on workers, as we’ve demonstrated for nearly 2 months already.

The manager did not bother explaining the decision or how it had been reached; he went completely silent. He was trying to force us to sign something in a rush. Yet again… like in 2019. He also sent us nothing and instead went on a fishing expedition in IRC logs (it seems like nobody gave him a heads-up, as we showed before), only to find nothing but gossip that mentions no names, not even “Sirius”. Such stalking by a “thug” isn’t acceptable and it’s easy to get the impression that it was an act of retaliation in a company where managers are immune or exempted from enforcement (like EPO management). A “phone” would likely become just a tool to “manage” people and there’s already years-old track record of bullying by management. A “phone” would be a blunt instrument of coercion by intimidation and humiliation. All the stalking further justifies workers being apprehensive about “mobile” phones at home. In retrospect, we made the right decision when we antagonised/rejected the proposal.

Here is the full correspondence:

Introduction of Company Mobile Phones for the Support Team

Dear All,

This is just to update you that as part of our on-going development and improvement, we will imminently be introducing company mobile telephones for Support Team staff.

Whilst we are also constantly seeking cost savings and efficiency improvements and consequently as you know are looking at significant structural changes in the organisation, we also have significant security obligations for our own compliance and business requirement obligations to our clients.

However, as well as helping with our security compliance we believe this will be a very positive improvement in the ease of use for support telephony. xxxxx will distribute full details and instructions shortly.

Thank you in advance for helping with the smooth introduction of these devices!

Kind regards,

xxxx

9 minutes later another colleague wrote:

Introduction of Company Mobile Phones for Support

Hello Support Team,

With more customers demanding tighter security, the upcoming ISO audit requirements being more strict this coming November, and a general need to ensure you have the right tools for the job, Sirius will now be issuing work mobile phones to Support staff.

This has been under consideration for several years pending the right combination of business, customer, and financial requirements being met for deployment. Whilst the company continues to need to make overall financial savings and to achieve better efficiency, a number of pressing factors have become primary drivers to make this change happen now. (For example, you will be aware of xxxx becoming an increasingly important client of late and the imminent expansion of the support contract with them is key.)

We expect this to be a very positive step for Support Staff and should make a number of key processes more straight forward whilst also enabling key business benefits and security improvements.

Key purposes/benefits of introducing support mobile phones:
1. To enable 2FA and secure authentication for both Sirius and customer environments
2. Separating work and personal devices as a benefit for both work (security) and life-balance (you can turn it off when not on shift)
3. A step towards replacing the legacy Cisco handsets
4. The devices will integrate with the native platform for Google Voice and be a backup/forwarding target for that
5. A backup data connection to work from in case of local internet outage

The company policy on mobile devices and security is currently being updated to reflect this new tool, but please pay particular attention to the following key notes:
* The devices will remain the property of the company
* The devices must be used solely for work purposes and only by yourself
* The devices will be controlled centrally by Sirius, usage will be visible to management
* The devices must not leave the UK without prior specific permission from management

You have already agreed to abide by the Sirius IT policy and all usage of the device should be in accordance with this.

Devices will be distributed shortly and will include a Mobile Device Guide to allow a quick set-up. Please read through the Mobile Device Guide asap once available (which will be assigned to you in xxxx) and then agree to the contents and terms, after which your device will be sent out.

Warm regards,

To the first message I responded: “If this is about facilitating MFA, please provide phones with batteries that can be detached/removed in order to ensure the risk introduced isn’t greater than the risk lowered.”

The response was:

Hi Roy,

What risk are you suggesting we address by opting for mobile phones with a removable battery?

These devices are almost extinct, with only a few options. They also tend to be lower spec’d and poorer performing as you can see here: https://www.androidauthority.com/best-android-phones-removable-battery-697520/

Further to our discussion this morning, I cannot see a reason for us to make this a priority at this point.

Regards,
xxxx

I responded to the longer message as follows:

> Hello Support Team,

Hi,

> With more customers demanding tighter security, the upcoming ISO audit
> requirements being more strict this coming November, and a general need
> to ensure you have the right tools for the job, Sirius will now be
> issuing work mobile phones to Support staff.
>
> This has been under consideration for several years pending the right
> combination of business, customer, and financial requirements being met
> for deployment. Whilst the company continues to need to make overall
> financial savings and to achieve better efficiency, a number of pressing
> factors have become primary drivers to make this change happen now. (For
> example, you will be aware of xxxx becoming an increasingly
> important client of late and the imminent expansion of the support
> contract with them is key.)

We still need a wiki page for them.

> We expect this to be a very positive step for Support Staff and should
> make a number of key processes more straight forward whilst also
> enabling key business benefits and security improvements.
>
> Key purposes/benefits of introducing support mobile phones:
> 1. To enable 2FA and secure authentication for both Sirius and customer
> environments

When I saw the previous message I responded with “If this is about
facilitating MFA, please provide phones with batteries that can be
detached/removed in order to ensure the risk introduced isn’t greater
than the risk lowered.”

It’s understandable that some of these schemes do not support a landline.

> 2. Separating work and personal devices as a benefit for both work
> (security) and life-balance (you can turn it off when not on shift)

Not applicable to me as I don’t use such a device.

> 3. A step towards replacing the legacy Cisco handsets

The Cisco handsets have worked well for almost a decade. They were
always more reliable than Google Voice.

> 4. The devices will integrate with the native platform for Google Voice
> and be a backup/forwarding target for that

We already have a dedicated computer for Google Voice. Plus, it has
several fallbacks in place.

> 5. A backup data connection to work from in case of local internet outage

I think we still have a USB dongle for this somewhere. A SIM card should
be enough to facilitate it. Our connection has generally been reliable
for years.

> The company policy on mobile devices and security is currently being
> updated to reflect this new tool, but please pay particular attention to
> the following key notes:
> * The devices will remain the property of the company
> * The devices must be used solely for work purposes and only by yourself
> * The devices will be controlled centrally by Sirius, usage will be
> visible to management

It seems like sole purpose of it will be 2FA. Any simple phone that can
do SMS can handle robust 2FA. Anything “apps” can introduce more risks.

> * The devices must not leave the UK without prior specific permission
> from management
>
> You have already agreed to abide by the Sirius IT policy and all usage
> of the device should be in accordance with this.
>
> Devices will be distributed shortly and will include a Mobile Device
> Guide to allow a quick set-up. Please read through the Mobile Device
> Guide asap once available (which will be assigned to you in xxxx)
> and then agree to the contents and terms, after which your device will
> be sent out.

If, as stated above, I “already agreed to abide by the Sirius IT policy
and all usage of the device should be in accordance with this,” then why
do I need to sign an additional document? Anyway, I think this needs to
be discussed with staff. I wasn’t told anything about this until today
and it seems like a lot of resources are spent on just an MFA appliance.

Regards.

I tried to speak to them over the telephone, knowing from experience that they would likely not bother replying.

First colleague: Managed to get to him over the phone to discuss the matter.

Second colleague: Tried to avoid talking to me about it over the phone, using obviously fake excuses.

But the point isn’t about a “phone” per se. As we’ll show over the next few days, the company was failing at the very basics and putting not only its own systems at risks but also clients’.

am now satisfied that ONS did not tinker with the mortality data. That’s a relief.

Yesterday I wrote about the latest correspondence with ONS. The latest explanation from Anne suggests we were talking about different sheets. In her own words:

Good afternoon, Dr Schestowitz

Thank you for your response.

I have utilised the previous versions tab of the Deaths Registered weekly set to look through this enquiry.

As I explained in the previous email, the undercount affected death occurrences not registrations. Death registrations use the date of death registrations, whereas occurrences use date of death.

This is a screen shot of sheet 1 (Weekly provisional death registrations in England and Wales) published for week 49. Sheet 2 (weekly provisional death registrations by sex and age in England and Wales) also uses death registrations.

On the previous versions tab this is week 49 when you download the excel spreadsheet published 20^th December. I have used an arrow to denote the publishing week at the top of the screenshot.

There is no week 50 dataset due to the festive period, therefore week 51 contains both week 50 and week 51 data.

This version of Sheet 1 (registrations) was superseded with week 50 and 51 data on 5^th January 2023. As you rightly point out there is no change to the registration data for week 49, this is because the undercount did not affect death registrations.

However, on Sheet 11 which uses death occurrences (date of death) we published 10,565 death occurrences in week 49 on the 20^th December with a note explaining the undercount was due to a processing error.

With the next publication on 5^th January, publishing week 50 and 51 data we corrected the undercount and published 12,109 death occurrences for week 49.

The majority of worksheets within weekly death publication use Registration data, which is why the update in week 51 may not have been overtly visible.

I hope this answers your question and please let me know if I can be of any further assistance.

Kind regards

Anne

“Thank you, Anne,” I said. “That’s a very detailed and satisfactory explanation. I will use it to relay a clarification on what happened and why there’s no reason to doubt the accuracy of this data. PS – the work you do is very important at this time.”

New video:

Description:

US, Weekly Cumulative All-Cause Excess Deaths

https://www.usmortality.com

https://www.usmortality.com/deaths/excess-cumulative/united-states

Excess deaths 2022 (Up to December 1st) 242,224

https://www150.statcan.gc.ca/n1/pub/71-607-x/71-607-x2021028-eng.htm

https://www23.statcan.gc.ca/imdb/p2SV.pl?Function=getSurvey&SDDS=3233

Australian Bureau of Statistics

Provisional Mortality Statistics

Reference period, Jan – Sep 2022

144,650 deaths that occurred by 30 September

19,986 (16.0%) more than the historical average.

Deaths attributed to covid, 8,160

October covid deaths, 232

Australia, September 2022

13,675 deaths (doctor certified)

1,814 were coroner referred.

UK, ONS

https://www.ons.gov.uk/peoplepopulationandcommunity/healthandsocialcare/conditionsanddiseases/articles/coronaviruscovid19latestinsights/infections

UK Prevalence

2.61% in England (1 in 40 people)

3.94% in Wales (1 in 25 people)

4.22% in Northern Ireland (1 in 25 people)

3.26% in Scotland (1 in 30 people)

Deaths and excess deaths (W/E week 13th January 2023)

A total of 19,916 deaths were registered in the UK

20.4% above the five-year average.

Covid UK deaths

1,059 deaths involving COVID-19 registered

(up 842 on the week)

Deaths involving COVID-19 accounted for 5.3% of all deaths

UK, Office for Health Improvement

https://www.gov.uk/government/statistics/excess-mortality-in-england-and-english-regions

Excess deaths in all age groups, (0 to 24 years)
UK, Institute and Faculty of Actuaries

https://actuaries.org.uk/news-and-media-releases/news-articles/2023/jan/17-january-23-cmi-says-2022-had-the-worst-second-half-for-mortality-since-2010/

Mortality rates in 2022 compare to 2019 at different ages

2022, mortality, 7.8% higher for ages 20-44

In the UK, the second half of 2022

26,300 excess deaths,

compared to 4,700 in the first half of 2022

Europe, EuroMOMO, Bulletin week 2 2023

https://www.euromomo.eu

Pooled EuroMOMO, all-cause mortalit

Elevated level of excess mortality,

overall and in all age groups.

Data from 25 European countries or subnational regions

Average levels from pre 2020

https://www.health.govt.nz/nz-health-statistics/health-statistics-and-data-sets/mortality-data-and-stats

https://www.stats.govt.nz/topics/births-and-deaths

Year ended September 2021, total of 34,578 deaths

Year ended September 2022, total of 38,052 deaths

Video download link | md5sum 3fa713aa016effddd846715afa98523f
Sirius Abandoned Everything
Creative Commons Attribution-No Derivative Works 4.0

Summary: Staff with technical skills won’t stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself “Open Source”

DESPITE losing my best friend this week I am trying to keep active and to keep this series going. My friend helped inspire my activism and many other things. The video above explains some of the things that happened at work, based on practical examples (demonstrating that ISO certification changed nothing for the better). More people need to find the courage to confront their bosses and demand justice. Don’t just “play it safe”, try to actually fix things, from within if possible (taking this public is the very last resort).

The video above contains some of the backdrop to the collapse of Sirius ‘Open Source’. It comments on this post. The Gates Foundation was never mentioned in writing at Sirius, only once and strictly verbally in 2019. An NDA signed by Sirius Open Source (yes, that’s an actual sellout considering what the CEO used to believe in^*) changed things for the worse and resulted in the CEO being ‘in exile’. We’re talking about a fervent Microsoft critic, who [cref 168438 moved the company to Washington] for the “first US client” (yes, Gates) and weeks after it all happened not only myself but also my wife got falsely accused. We were acquitted only after months of humiliation. Nobody ever apologised for this.

Back then, as well as in 2017, I wanted to publish “Microsofters Contact My Employer to Get Both My Wife and I Sacked” (yes, it happened prior to 2019 as well). It’s truly quite maddening what Microsoft and its goons would do to silence me; they even pick on loved ones. This became a potential future topic way back in 2016.

More recently after I told a friend that Bill Gates, not Microsoft, was paying Sirius Open Source Inc. (with the actual timing being interesting; coincidence being improbable) a manager intentionally twisted/distorted what I said. What I said was factual, what they said I had said was not. Gates never needed British company to handle something thousands or American firms can easily handle (let alone ask this company to establish itself in another country, which is possibly what happened though the NDA hides it).
___
^* Here’s one old talk that covered “FUD (‘Fear, Uncertainty, Doubt’) as the nonsense that it is [...]”

New video:

Description: (for backup; Google censors his videos sometimes)

JCVI makes interim recommendations to government on the COVID-19 vaccination programme for 2023.

https://www.gov.uk/government/news/jcvi-advises-an-autumn-covid-19-vaccine-booster

https://www.gov.uk/government/collections/covid-19-vaccination-programme

Joint Committee on Vaccination and Immunisation (JCVI)

has advised that plans should be made for those at higher risk of severe COVID-19 to be offered a booster vaccination this autumn (2023).

Professor Wei Shen Lim, Chair of COVID-19 vaccination on the JCVI

As the transition continues away from a pandemic emergency response towards pandemic recovery,

In England, the closure of the autumn booster campaign and the first booster offer will be on 12 February 2023.

(basically no more boosters for healthy under 50s)

Similarly, the JCVI is advising that the primary course COVID-19 vaccination should move,

over the course of 2023, towards a more targeted offer

Coronavirus (COVID-19) vaccine

https://www.nhs.uk/conditions/coronavirus-covid-19/coronavirus-vaccination/coronavirus-vaccine/

Everyone aged 5 (on or before 31 August 2022) and over can get a 1st and 2nd dose of the COVID-19 vaccine.

https://www.sst.dk/en/English/Corona-eng/Vaccination-against-COVID-19

we recommend vaccination of people aged 50 years and over as well as selected risk groups.

Regulator funding

https://www.bmj.com/content/377/bmj.o1538

Industry money saturates the globe’s leading regulators.

Probably the final week of this series

Summary: Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything

THIS is the part of this series where we focus on examples of Sirius failing on technical merits and compliance/conformance. Eventually we decided to show redacted E-mails on ISO along with my copied messages to management regarding bollocking and how it all started, me asking for an apology etc. Being accredited or recognised isn’t the same as being capable and potent. As I mentioned in the very first post in this series, when I joined the company it was different beyond recognition. The company had its own hosting (in its own premises). In 2022 we were suffering habitual outages as we don’t control our systems anymore (Slack, AWS downtimes were common; in prior years clients that relied on Clownflare also suffered outages due to Clownflare rather than their own hosting). To make matters worse, there were security breaches and the company ignored them. I kept bringing that to management’s attention, only to be ignored or rebuffed. Remember this hoax of Citation/Atlas was covered in Techrights years ago. Sirius does not teach its staff real security and does not hire people who understand or value security.

The company had a bizarre trajectory of moving from self-hosted (e.g. Asterisk), then outsourced (but still Free software, ‘managed’ Asterisk), then outsourced proprietary spyware like Google Voice. If “Open Source has won” and if Free software is becoming more widely used, then why is Sirius going in the exact opposite direction of what it was advocating? This is a management decision. It’s not the fault of technical staff — the staff which all along opposed this.

Notice the practice of password outsourcing. Here’s a direct quote sent in a request to me personally: “Put the WordPress credentials (admin user, etc) in a lastpass note and share it with xxxxx (securely, within lastpass) and we’ll be setting up a very temporary and basic portal to share info across the team, to help keep everyone better updated given how Absolutely Mentally Busy it is right now. It’s entirely for internal use when on the VPN.”

It’s another example of mishandling access credentials inside third parties (Slack, LastPass etc.), oftentimes not just rejecting “Open Source” but actively ripping apart Open Source things that work, replacing them with technically inferior and likely illegal (in some cases, due to data protection) proprietary stuff.

The management did even worse than this; it failed to do very basic things, such as sending payslips and sometimes paying the pension provider. Instead they made colourful excuses, so I decided to take photographs of letters from the pension provider, recalling those blunders and deciding that it’s worth discussing belatedly (and maybe add E-mails also; there were loads of E-mails about payslips, not just pensions, spanning different years from 2018 until the present day; there were phonecalls too, but those aren’t recorded).

The management was also bad at communication and correspondence. See the example below (2019):

Subject: Re: I need these tickets dealt with by support
Date: Thu, 3 Oct 2019 11:15:56 +0100
From: Rianne Schestowitz xxxxxxx
To: xxxxxxx
CC: xxxxxxx

Hi xxxxxxx,

I responded to this email last weekend. Please check your inbox. If you
haven’t received it, I can send it again.

Many thanks,

Rianne

–
Rianne Schestowitz, NOC Extension 2834423
Sirius – stress free technology

http://www.siriusopensource.com

t: xxxxxxx

> Hi,
>
> I need these tickets dealt with by support.
>
> 1. Ticket#108642: Roy or xxxxxxx need to answer about security.
> 2. Ticket#108813: Replied with more questions. Can’t reproduce the
> error so far. Back with Support, awaiting feedback.
> 3. (Multiple) Tickets relating to masking – Code fix done, Release done
> and in live. Check with each client once data reimported. Support
> team can do this. xxxxxxx have already confirmed it works.
>
> 1. Ticket#108833: Already fixed, just needs a fresh xxxxxxx import.
> 2. Ticket#108769: The masking fix is done, we just need to schedule a
> reload.
>
>
>
> xxxxxxx xxxxxxx
> Sirius – stress free technology
> http://www.siriusopensource.com
> Tel: xxxxxxx

This was the year bullying against staff started, not too long after Gates Foundation money had landed under an NDA and something called Sirius Open Source Inc. was quietly formed in the state of Washington (where Microsoft and Gates are).

We spent nearly a month explaining what I had already written internally before resigning; we remembered to publish the entire PDF at the end (crossposted in my personal site too) as it is important to emphasise that I raised most of these concerns for years inside the company. Inaction and retaliation led to what became of it, spilling the beans out in public. I never did anything even remotely like this with any of my past employers.

his is the latest (still ongoing):

> Good morning Dr Schestowitz
>
> Apologies, I didn’t note the screenshot in your first email.
>
> For the week you are referencing, we did not publish the numbers of
> death occurrences (date of death) for that week and these were updated
> the following week.
>
> There would have been no changes in any of the tables that use
> registrations data, but you would see the undercount in the occurrences.
>
> May I ask what table you are looking at?
>
> Kind regards
>
> Anne

Hi,

Thanks for the quick reply.

On December 20th the page looked like this:

That was minutes after the 10AM (ish) update.

Despite what it said in the text, the spreadsheet file was updated that morning and included Week 49. Here is a screenshot:

This screenshot was taken on December 20th.

I was expecting that on January 5th this number should be amended, as the figure for Week 49 was incomplete. But in all subsequent updates that number remained the same, so either the missing deaths were added cumulatively to Weeks 50 (onwards) or something went wrong. No “(i) Notice” has been shown since then, so I’m left wondering what actually happened. I need to be sure this data is accurate.

I expressed these concerns publicly about half a dozen times before I learned that Professor Fenon et al had made a formal complaint to the Statistic Regulator. Their complaints is completely unrelated. But it increased my doubts and scepticism about ONS-provided data.

I’ve used your data for a long time. I need to understand why the Week 49 figure (shown in the screenshot above) remained unchanged.
You said: “For the week you are referencing, we did not publish the numbers of death occurrences (date of death) for that week and these were updated the following week.”

If you mean you did not publish Week 49 figures on December 20th, then that is patently untrue and I took a screenshot to prove it. The spreadsheet file was updated that day. It contained the figure for Week 49.

I have more screenshots from around that time and I can provide them to you.

Are we talking about sheet #2 rather than #11?

Regards,

For some background see this prior episode.