Questions on SINs Options

[Doc Chase]

I forgot to add it has to exceed the threshold-but you get the point..

Well that would mean a Rating 6 may as well be a real SIN. That's the point of a R6, I realize, but it's still a fake.

[Voran]

Well that would mean a Rating 6 may as well be a real SIN. That's the point of a R6, I realize, but it's still a fake.

I do kinda like the idea of an auto-check to a degree, a quick and dirty, if your fake rating is higher than the scanner rating, you don't even need to roll, it fools the scanner for cursory purposes. But for story purposes, of if for some reason you've been caught doing something sneaky, an active check is required.

[Doc Chase]

I do kinda like the idea of an auto-check to a degree, a quick and dirty, if your fake rating is higher than the scanner rating, you don't even need to roll, it fools the scanner for cursory purposes. But for story purposes, of if for some reason you've been caught doing something sneaky, an active check is required.

So do I, and I tried to posit a rating of SIN earlier in the thread with the ideae that a crappy scanner could nail a fake, but each rating of scanner only cross-checks so much so a rating 1 probably isn't going to nail a 3 or above, but a 6 has a shot at nailing anything. Data balkanization puts a 'timer' on the scanning test, so if it can't find anything after X seconds then it assumes then it's legit.

[DireRadiant]

A fake SIN always passes the "Do you have a SIN?" question.

[Warlordtheft]

I do kinda like the idea of an auto-check to a degree, a quick and dirty, if your fake rating is higher than the scanner rating, you don't even need to roll, it fools the scanner for cursory purposes. But for story purposes, of if for some reason you've been caught doing something sneaky, an active check is required.

Yeah the only time I think being sneaky applies is when entering a secured facility where security personnel would check your ID. In which case the security personnel would add their skill with datasearch to the test. So in essense it becomes a Data Search + Rating of Verifier used.

Further clarification here:

Glitch or critical glitch:The verfier confirms your ID, and permanently allows you to pass it's inspection until it's next software update (which may be months or weeks away).
Less than threshold:Got away with it.

Equal to the threshold: Some questionable stuff/inconsistencies. For those not being monitored by personnel this is a pass as the system does not flag it as fake just inconsistent. A person would then ask some questions, requiring a con roll to get past.

1 net success or more: Fake sin is detected and security or attendendant is notified.

Take riding the bus or stuffer shack as an example. They know that a good perscentage of the customers are poor and sinless. Therefore many have low level fake sins (1's or 2's), so it does not make sense to question a significant number of commercial transactions that use those fake SINs. Hence why many systems are just automated.


For a secure area example, such as entering an airport and going through customs: A rating 4 scanner might be used along with the Security guard's data search of 3. Your fake SIN of 1 or 2 is more than likely hosed. The fake sin of 3 is iffy, a 4 you're probably good, 5 should be good, and a 6 is unlikely to be caught.

[DireRadiant]

Thought exercise.

A PC is SINless and has not bought a fake SIN.
A PC is SINLess and has bought a fake SIN.

Which one can have a public PAN while shopping in downtown Seattle?

[sabs]

Thought exercise.

A PC is SINless and has not bought a fake SIN.
A PC is SINLess and has bought a fake SIN.

Which one can have a public PAN while shopping in downtown Seattle?

Bachelor #2.
Bachelor #1 will probably get harrassed by Security and asked to 'go back to the barrens'.

[kzt]

Thought exercise.

A PC is SINless and has not bought a fake SIN.
A PC is SINLess and has bought a fake SIN.

Which one can have a public PAN while shopping in downtown Seattle?

Either. You just steal the SIN that someone else is broadcasting. When you require people to wear a sign with their SSN and sign every document with their SSN don't be surprised if identity theft becomes a bit of a problem.

[sabs]

Either. You just steal the SIN that someone else is broadcasting. When you require people to wear a sign with their SSN and sign every document with their SSN don't be surprised if identity theft becomes a bit of a problem.

In order to do that
1) you need to hack a commlink
2) you need to make a computer+decrypt test threshhold 10 interval combat round
3) You need to copy said information to your commlink
4) you need to reencrypt the data

What you have is then effectively a rating 1 SiN.

[Mesh]

In order to do that
1) you need to hack a commlink
2) you need to make a computer+decrypt test threshhold 10 interval combat round
3) You need to copy said information to your commlink
4) you need to reencrypt the data

What you have is then effectively a rating 1 SiN.

A SIN is not just a number. It's an identification system. Broadcasting someone else's SIN will not pass any checks, because it does not match up with your biometric data (or at the very least, your face).

A rating 1+ fake SIN has biometric identification data that associates you to the number via an Identity Service / Databank / Government Identity Service.

So if you tried the above steps, it would more likely be the equivalent of throwing a waving, red flag ARO above you as you walk down the street announcing, "SIN does not match identity on file."

Mesh

[sabs]

You could manually edit the biometrics information stored on your commlink so it matches your basics.

It wouldn't hold up passed even the simplest scanner, but certainly for getting ARO marketing, it should work fine.

[Mesh]

You could manually edit the biometrics information stored on your commlink so it matches your basics.

It wouldn't hold up passed even the simplest scanner, but certainly for getting ARO marketing, it should work fine.

Sure, and I assume you are in that example. The point I was trying to make though is to have a Rating of any score on a fake SIN, the verification has to come from a verification source not your commlink.

Mesh

[Doc Chase]

To hack someone's 'link, steal the SIN info and hack the biometrics, in essence creating a rating 1, takes an absurdly high number of successes. You'd have more luck intercepting the request and spoofing it IMO.

However, to match the biometrics on your 'link with the SIN you stole would answer the 'Do you have a SIN?' question. If there is a sin there and the biometrics link, then there's no reason to run a cross check - especially if there are 140,000 other people there at the same time doing the same things you are.

Except the hacking part.

[DireRadiant]

A SIN is not just a number. It's an identification system. Broadcasting someone else's SIN will not pass any checks, because it does not match up with your biometric data (or at the very least, your face).

While it will not pass any worthwhile verification test against a third party system that includes the additional information, it will in fact pass the very simple test question, "Is that a SIN?"

It wouldn't pass the "Is that the SIN of the person displaying it?" if there is a deeper verification process.

In functional ways the SIN isn't much different then the way a driver's license is used today. "Do you have a license?" is answered by waving a piece of plastic with a picture on it and a state seal(in the US). "Is this your license?" is answered by someone eyeballing the picture and the height and weight info and comparing to the person in front of them. "Is this really the person on the license?" is answered by seeking additional information, other ID, credit cards, utility bills with your name and address, your mothers sworn statement admitting your her child etc etc.

Need to broadcast an Open PAN and SIN? Go ahead and do so, as long as you got that thing that looks like a SIN to a surface glance your good. As a PC walking around in the game you're set, I'm not going to make SIN verification check dice rolls while you go have dinner with the Johnson at the downtown restaurant.

The assumption that a SIN Verification check is required each and everytime a SIN is viewed is one that breaks the game. So don't make that assumption. It's not necessary, nor is it modeled on how these systems work today, nor how they are likely to in the future.

[Mesh]

This discussion just got skewed. What makes a SIN a SIN?

Spoofing the SIN from someone else's commlink is just as effective as making up your own. Because: You do not verify your own SIN.

Someone validating your SIN checks to see if someone else in the world will tell them the SIN is genuine and your picture matches the one on file. They don't care if you or your commlink says it's real.

So if you want a fake SIN that has a rating of 1+, it has to come from hacking a verification source or having someone on the inside insert the data. The better verifiers / validators / checkers will check a variety of databanks and services. A store might check only the least secure, cheapest (free?), verification sources available, while a cop has access to security databanks. Even a store's cursory check against someone in the above example who spoofs a SIN from someone else's commlink will see you're spoofing, because the photo on their verification source doesn't match your face.

Trying to spoof your SIN is today's equivalent of a 16 year old trying to buy beer with his mom's driver's ID. Will it work? Human error, sympathy... who knows... but probably not. Another good example would be a cop pulls you over and asks for your driver's ID. You tell him, "My name is Mesh Jones, officer. The picture on my ID is the one you're looking at. Everything's fine." (IMG:style_emoticons/default/smile.gif)

You gotta hack the verification source to create a Rating X fake SIN.

Mesh

[Doc Chase]

Oh? By your logic than a teenager with a minimal fake ID wouldn't be able to buy beer.

You and I clearly know that's not the case. If I steal Joe McPatsy's license - SIN number - and tweak the biometrics - or physical statistics - to match my own, a policeman's query of 'do you have a SIN?' is met. I am Joe McPatsy, for all intents and purposes. A rating 1 SIN is a fake ID. It has my picture, my stats, but not my birthdate, name or state of birth, quite likely. Do I have it? Yes. It's there. If the cop doesn't trust it, he'll run it. If I look trustworthy, then chances are he's going to focus on someone else who doesn't.

If he's pulled me over because I'm speeding, he's likely to verify. However, he has no cause to verify my identification if I am simply trying to shop in a mall. He has no cause to pull me aside and run my ID because I'm doing nothing visibly wrong. I am there with thousands of other people - he has to look for people acting erratically, like the emo kids in the arcade, the little terrors with their uncaring parents trying to destroy the Gymboree, and the twitchy guy in the trenchcoat flashing it open at random passers-by.

This seems to be the source of contention. Do they need to verify the SIN? Just because it is there does not mean it automatically needs to be verified.

[Mesh]

Oh? By your logic than a teenager with a minimal fake ID wouldn't be able to buy beer.

Your mistake is to equate the "fake ID" of today with the commlink you're carrying. Editing, creating a fake driver's license is the equivalent of hacking the identity/verification source in the above example NOT of editing your own commlink. Your commlink is not the verification source. It's the broadcast source so if you want to put it into today's example: It's your mouth saying you're so-and-so.

Mesh

[Mäx]

Your mistake is to equate the "fake ID" of today with the commlink you're carrying. Editing, creating a fake driver's license is the equivalent of hacking the identity/verification source in the above example NOT of editing your own commlink. Your commlink is not the verification source. It's the broadcast source so if you want to put it into today's example: It's your mouth saying you're so-and-so.

Actually it more like you printing out your own ID badge and then going with it hanging from you neck to a place that requiers ID badges, unless there's a reason for it nobody will sheck closer once they see that "yes you infact do have an ID badge".
There's no kind of verification going on when they sheck your SIN while you walk in the street, the fact that you broadcsting a valid looking SIN is enought for the security guys unlesss you do somethink that causes them to take a loser look.

[Doc Chase]

It's more, and you know it's more. Not only does it contain the basics of your SIN, it contains your account information and social profiles,among other things. If your commlink says, "My SIN is <x>," what possible reason does a LEO have to pursue it further if you are doing nothing wrong?

I'm fully cognizant that the commlink is not the verification source. My point is that it wouldn't matter. You and I both know that a Rating 1 SIN will not hold up to verification requests from anything above local bus fare - the point is that they haven't hacked the verification source which is why it's so crappy. A Rating 6 has covered nearly all the bases - it's the equivalent of a stolen SSN off a dead guy with purchasing history, false school documents inserted into the school's system, a passport issued by the Justice Department and the driver's license to reflect it.

A Rating 1, again, answers the question 'Do you have a SIN?' It will not answer the question 'Is it yours?' A LEO isn't going to ask the second question unless he has due cause to. There's been nothing in the sourcebooks that says due process of law has been suspended with corporate extraterritoriality. A citizen of the UCAS has the right to be left the hell alone by law enforcement unless he's done something wrong. They aren't going to accost him when he's trying to get to Starbuck's Fresh Roasted Cylons.

[Mesh]

Let's break it down, because the license verification system of today is different from how SINs work:

Cop pulls you over or you try to make a purchase with a credit card.

Today:
Cop/Store asks for identification (license) -> you provide your license (it IS the verification source) -> cop/store looks at it and your face. Done.

SIN of tomorrow:
KE drone/Store queries your commlink for identification (SIN) -> comm provides SIN -> SIN is checked against verification source (which has a pic and biometric data). Done.

The problem with thinking you can broadcast someone else's SIN is that it is not the equivalent of a fake ID. It's always checked against a verifier. Rating X fake SINs always have database entries hacked or inserted so that when a check is made, it hopefully finds your fake data and sends back a positive response.

Mesh

[Doc Chase]

Not entirely accurate. If you get pulled over, chances are they're going to run your ID through IFES, or however the hell you spell the acronym. (IMG:style_emoticons/default/nyahnyah.gif)

Hacking the commlink is a bad example, I admit. Thankfully it wasn't mine. (IMG:style_emoticons/default/nyahnyah.gif)

[Yerameyahu]

SCMODS!

[Mesh]

Not entirely accurate. If you get pulled over, chances are they're going to run your ID through IFES, or however the hell you spell the acronym. (IMG:style_emoticons/default/nyahnyah.gif)

Hacking the commlink is a bad example, I admit. Thankfully it wasn't mine. (IMG:style_emoticons/default/nyahnyah.gif)

Yeah, I know, but I didn't want to get into additional license verification that cops today might use. I mainly wanted to show that in 2073, it all gets sent to a verifier even for the most casual "glance". (IMG:style_emoticons/default/smile.gif)

Mesh

[Doc Chase]

Yeah, I know, but I didn't want to get into additional license verification that cops today might use. I mainly wanted to show that in 2073, it all gets sent to a verifier even for the most casual "glance". (IMG:style_emoticons/default/smile.gif)

Mesh

All right then. Let's define a Rating 1 SIN. It suggests that the biometrics server is local and holey since it's the first place everyone goes to insert infoz, yes? An aging computer somewhere in the HR department of every local corporate office?

[sabs]

From Pg 266@BBB
Commlinks, Credsticks, and ID
It used to be that one’s SIN and other forms of identification were all stored on credsticks, pen-sized tubes that served simultaneously as ID and credit card. Since the Matrix went wireless, however, all of this information was transferred to the commlink, and credsticks only survive as certified but relatively anonymous means of payment. In addition, all of a person’s credentials and necessary personal data (licenses, credit history, health insurance, cred accounts, etc.) are stored in encrypted form on her commlink (with a default Encryption rating of 5).

Hacking your commlink and editing the SiN data on it seems like a perfectly valid thing to do.