Can't let Redjack start all the SIN threads (IMG:style_emoticons/default/biggrin.gif)

First of all, a few assumptions:

• A SIN is a string of letters and digits, which serves as an index for ID data in one or more databases. All of this usually gets subsumed under "SIN", but in this case "SIN" refers just to the letters and digits
• The SIN also contains some basic ID information itself, to facilitate quick offline checks
• A SIN is supposed to be a unique, life-long thing which is usually assigned at birth. Information subject to change (height, photo...) can be stored in the attached databases, but the SIN itself should remain unchanged
• SINs were introduced in 2036 and have not changed much since then

So given these assumptions, which data could be encoded into a SIN? Here is what I though of so far:

• Date and location of birth: Pretty obvious
• Nationality/issuing authority: Also obvious
• Sex: Probably still "permanent enough", hindrances for transgender individuals depend on issuing authority
• Name: From weddings to initiation rites, in many cultures a good part of the population changes their name at least once
• Race: "How much melanin qualifies as 'black'?"
• Eye/Hair color: Bwahaha. Also difficult to assess on newborns.
• Metatype: Problematic due to goblinisation. On the other hand, lawmakers might just not have cared for those damn trogs (or even liked the idea of them being stuck with the "wrong" SIN)
• A few prominent points of fingerprints; ear shape, retina etc.: Not too precise but easy to check
• DNA: Again maybe half a dozen specific regions which show high diversity; probably provides better identification than biometrics and is unaffected by cyberware, but also more complicated to scan

Comments/More ideas?

That information likely does not exist within the SIN's ID itself. Much like your address does not exist within your social security number. The SIN is probably just something like 2e4a-55d3-0cb6-8f51, which is not sufficient to encode much data within. Specifically, that sixteen digit hexadecimal code suffices to store eight bytes of data. A QR code on the other hand stores around 300 bytes, so if SINs don't use alphanumerics and instead use something like a QR code they could hold some basic degree of data within the ID itself.

However, the more likely scenario is that it ID itself doesn't contain any information, and that all of the person's information (name, birthdate, etc) is stored in a database entry that the SIN's ID references. Which is how certain illegal people can get away with using other peoples' SINs. If the SIN number itself said that you were a 78-year-old woman named Beatrice from Milwaukee, it might be tricky for any shadowrunner to conceivably get away with using it. The hackers simply jigger the database to put in the new person's data to overwrite the original person's data so that when a young male orc uses it, it doesn't show the store clerk a picture of a little old lady on the register screen.

Ignoring for now the question of what SINs should be, here's a bit more from the 5th ed rules:

From Corporate Limited SIN, p. 84:

"Many of these Corporate Limited SINs record whether or not the character is Awakened."

This is also problematic because this can happen during a person's life.

From Corporate SIN, p. 85:

"Corporate Born records are limited to the megacorporation that generated them. Files in the Global SIN Registry can confirm she has a valid SIN, but do not contain any additional information."

I would change this to have them appear to be Corporate Limited SINs.

From ID and Credit, Fake system identification number (SIN), p. 443:

"SINs are digital, not physical objects. They exist on your commlink, or in your PAN."

This implies that the number could be quite long.

Unlike America, present day Germany does have social security numbers containing personal data, like e.g. birth date. Don't discount the possibility of a SIN containing the same. Of course this cannot be the only basis for the full-length number, but it can conceivably be part of it.



The same sentence appears in the SR4 core rulebook, p. 266

SSNs were never designed as IDs (and suck badly at it), but even these numbers are not entirely random.

SINs on the other hand are said to contain some basic data, and the new rules in SR5 say than only an R3 SIN has any external data attached, and only and R3 check queries even for the existence of external data.


I kept information theory to the level of "yeah, well, this might just be in the same ballpark". A complete fingerprint embedded in a number is BS, but encoding a few reference points falls in the realm of suspension of disbelief (IMG:style_emoticons/default/wink.gif)

In point of fact the first 3 digits of modern SSNs denote the State and county in which you were born, or lived at time of the SSNs issuing if not at birth.

I am so close to having a much more playable set of SIN rules from all these threads. I love the conversations and healthy debates; different views being presented and discussed!

I'm imagining that SIN's are now like QR codes which can contain quite a crapload more of info.

Which means you can do a very basic verification from the number itself, a child can't have a number issued two decades ago. What I'm imagining for SIN spot checks is basically that, just more precise: look at the contained data and decide with a decent probability that the SIN belongs to the person presenting it, without complicated scans or queries to background databases.

"Female Troll in her 30s, UCAS citizenship" is already an improvement, but still pretty unspecific since there are a lot of people who fit that criteria -- meaning that a lot of people can simply copy that number. So what I'm looking for would be a few more distinguishing features, which can still be easily checked and stay mostly fixed from birth on.


@Redjack: TBH I am probably way overthinking all this, but besides gameplay matters I think it's a interesting thought exercise.

Absolutely. I really like the conversation around everyone's different thoughts, then picking out the aspects I like and figuring how to implement that into play with simple rules. I tend to go to a position of over thinking as well, then coming back around to the simple. For example: The new initiative bugged us. We wanted to reduce the difference between the top & the bottom and allow better use of the new interrupts. We went through four different house rule sets, some worked, some didn't. The next to last one was great, but too complicated. In the end, we got about the same number spread by saying Base Initiative is REA + INT + 2d6 (instead of REA + INT + 1d6). Works well, we're all happy, but it was several iterations of testing to get there.

I like it, but with an exact date of birth. I haven't found anything in 5th edition about metahumanity being included as part of a SIN or online supporting data.

On a mostly unrelated note, I found in the 5th edition basic book (Fake SINs, p. 368) where high-Rating SINs come with matching organic samples (blood, skin cells, and hair).

Redjack, you mentioned that fake SINs of lower Rating than the verifier should always fail. I'm also thinking that there could be times when SINs of higher Rating than the verifier should routinely pass. Having it sometimes be a crap shoot feels right.

Part of this is that the team may have no idea what the "Rating" of a given verifier is, and will thus not know if their fake SINs are up to snuff. To me, this seems like a cool thing that a decker could try to determine by hacking, and if she's good or lucky, ensure that the team's SINs pass in any case. Possible tests include:

a) Scan for software version and settings to know what you're up against.
b) Disable the device entirely.
c) Disable merely the security alerts.
d) Whitelist the team's SINs, requiring an additional test (EDIT: after the fact) to un-whitelist the SINs to cover their tracks and not have their SINs burned as a result of the hack being discovered.
e) Lower security settings to cause the verifier to behave as if it were part of a low-security setup, e.g. point of sale.
f) Do a version rollback attack to give the verifier fewer dice due to bugs in previous software versions.
g) Hack the verifier to show perfectly matching demographic statistics to the operator or facial recognition unit.

You could also have the decker change the sensitivity of the scanner more (all the way) to the false positive versus false negative match.

Or just have it send a "pass" in response to any SIN check. They probably won't have anyone worse than the runners going through that checkpoint before it gets noticed, so you don't need to change it back afterwards.

Yeah, heeeeeyyyyyyyy.......

I think those are e and c on my list. As for not setting it back, I'd say it depends on how important it is that they never find out they've been compromised in that way. Thinking about it, it might be a bad idea to let players have a direct way to avoid that kind of security.

Sure, the SIN would have the exact date, but since it's hard to verify a person's exact age, a cursory check by a cop or bouncer would boil down to whether the subject appears to be in the right ball park.

According to 3rd and 4th Edition rules, the SIN contains birthdate, -place, citizenship, and initials. Those are mostly fine, just the initials make no sense. Besides the various opportunities (or even requirements) for name changes, there is also the fact that most of the world do not adhere to the "Given Name, Middle Name, Family Name" scheme. What are the initials of Mr. عبد الله محمد بن موسى الخوارزمی, and do we use the original spelling and reading direction or transcribe him as "Abū ‘Abdallāh Muḥammad ibn Mūsā al-Khwārizmī", or maybe as "Abū Ǧaʿfar Muḥammad b. Mūsā al-Ḫwārizmī"? And at least Arabic is still written horizontally ...

Sex (male,female,X) and metatype on the other hand seem comparatively safe options: Sex reassignment will probably still be rare (and getting a new SIN still be among the easier steps), goblinization follows rules (orks don't become trolls) and in both cases, there will also have been a significant body of decision-makers whose approach was "screw those abominations".



@RJ: So basically everybody gets 2 IPs?

Depends...
Example 1: REA(3) + INT(3) + [2,2] = 10. Only 1 IP
Example 2: REA(3) + INT(3) + [3,4] = 14. Yea! Average is 2 IP.
Example 3: REA(3) + INT(3) + [6,6] = 18. Maxed at 2 IP for the average person... and plenty for interrupts if needed.

Given that the numbers are fairly universal (i.e. most countries apparently are using the same system), and that the system was probably built to last for many generations, and that it was probably built to have blocks of numbers given to various granting authorities (which isn’t efficient), I’d agree that these are big ‘numbers.’ The suggestion that they may typically be something like a QR code makes some sense to me, but also I’m thinking of the IPv6 model of internet addresses, where they basically just allowed for a very large quantity of numbers.

Here the granting nation may not be recognizable as “UCAS” as the front of the number, but knowing that numbers starting between 1025 and 4048 were granted by the UCAS lets those familiar with such things tell quickly.

If the number is sufficiently large, it is possible that how some portions of it are generated may vary between jurisdictions. Within their range of numbers, maybe UCAS codes gender, date of birth, and initials. Maybe the Trans-Aleut Council just hands out numbers sequentially with no additional data buried in it (you have to go look at a database), while maybe Aries codes everything from your blood type to who your parents were.

Anyway, I’d think that the vast majority of SIN checks would be accompanied by, or even be incidental to, license checks. Your national SIN may not tell a viewer much without accessing the appropriate database, but the licenses that you have for everything from driving to being allowed to draw breath while being a mage no doubt contain a lot more personal information. And normally no doubt those licenses are associated with your SIN, available all in one data gulp to anyone with a modicum of authority.

So what makes you think such block allocations would be used, then? Reserve two places in the SIN for the equivalent of an ISO 3166 code, done. Place of birth can be encoded by a military grid number (6 digits for 10 km precision), for the date four alphanumerical digits suffice for 36^4 days or ~4600 years. Sex + metatype fit into one digit, another two digits running number, that's 15 digits with plenty of space.

Because I've been close enough to various standards body to have great respect for their ability to make robustly messy decisions which will not totally alienate anyone but which will please nobody. All the major countries and corps agreeing to one compact algorithm, when data is cheap? Nah, I don't buy it.

Luckily enough, you don't have to buy it. Here's the quote:


So, the explanation is simple: The world is corporation-ruled, the corporations use the CC, the CC has the GSINR as one of its subsidiaries, and global adherence follows.

There certainly is a good number of dumb standards, but numbering schemes are simple enough that they are hard to screw up (IMG:style_emoticons/default/wink.gif)

And as bannockburn pointed out, the fact that the Corporate Court has a few more teeth than other international standardization bodies solves a few principal problems of creating new standards. Case in point, in SR North America has switched to metric...how anti-dystopic is that?

As for the suggestions of QR codes (or simply transmitting some file containing additional data): Certainly possible, but does that solve the question of which life-long and easily verifiable identifying feature could be embedded there from birth? (IMG:style_emoticons/default/wink.gif)

That begs the question, what about gender and racial reassignment surgeries?

Lone Star: This SIN is for a 40 year old human, male. You are definitely not a 40 years old human male.
Person: Well thank you... Though, 40 years ago I was born a human male, but today my name is Alisha Oakenleaf. My surgeon's name is Fred Aspen; he is on retainer.

Lone Star: Ears, breasts, soft skin....
Person: 2,500 nuyen, 5,000 nuyen, weekly spas visits @ 75 nuyen...

Something I thought was conflicting in the rules, it says that SINs are supposed to stay with a person for life, but then goes on to list several examples where a person is issued a new one.

The GSINR allows issuing a new SIN matching sex (gender reassignment would require psychosurgery (IMG:style_emoticons/default/wink.gif) ) or metatype, and in any case, the database gets updated. Of course, this process still needs to go through the national or corp authorities, which may do their worst to hassle those people.

Anyway, I had something of an idea, based on this exchange: Just add a physical token to the mix in the shape of a SIN card, a tiny chip card which stores the SIN plus some verification to prove it's been issued legitimately. It's normally plugged into your commlink but may also be slotted into a verification device directly or even inspected visually, in either case it serves the same purpose as holograms and watermarks on physical documents: It's not impossible to copy or manufacture, but more legitimate than just calling out a number.