SINs, Renamed to: Let's argue about SINs Options

[Redjack]

In the thread, Redjack's Matrix Primer, we started discussing SINs. The original context is in regards to the ownership mechanic. This thread is to discuss house rules for SINs.

Modern society in 2075 produces a staggering amount of information every second of every day: where you are, what you buy, and what you do. With the system producing all of these pieces of information, there needs to be an easy way to store, track, and correlate it. All of that information needs to be associated with a person somehow. That’s where the SIN comes in. A SIN is issued to a person a birth, and stays with them (baring exceptional circumstances) for the rest of their life. A SIN identifies a person in the global information system and is attached to every piece of information associated with them in the Matrix. No aspect of modern or legal life can function without a SIN. Those who don’t have one can’t get a job, can’t buy food, can’t even walk down the street.

So the problem really breaks down here in that governments should be issuing SINs to people and corporations should be demanding it.

When I GM my SR4 game, the technomancer on the team is continually getting short term fake SINs for the team. Many times he buys SINs that are simply the product of identity theft. ergo: 37 year old Chinese female, deceased but not yet reported. 17 year old male, student, hiking in the Rockies for the next 36 hours. 25 year old Caucasian female, Horizon receptionist in Seattle, currently (and expected to be for 24 hours) in medically induced coma as Jane Doe. etc. We are working on writing rules for how that.

Even a person with a criminal SIN is a step above the SINless and there is a hidden perk for the corporation or nation who issues the SIN:

He is also required to pay a fiteen percent tax on his gross income to the entity that issued his Criminal SIN.

[Sendaz]

So should there be a dual rating on Fake SINs perhaps?

The first stat is the overall rating of the SIN and how well it stands up to scrutiny (like it does now)

The second stat could be for how long the 'shelf life' of the Fake SIN lasts before the system definitely catches on that someone is double dipping with the SIN and shuts it down.
If you do not want it stopping the SIN full stop, it could also act as an interval of time before the first stat rating degrades.
So if it's a 'burn' Fake Sin with an Rating 5 but an interval of 1 day, the next day it's a 4, third day down to a 3 and so on.

So this could act as a cost modifier on the cost for a fake as you wouldn't pay as much for something that is only good for 24 hours as you would for one that can hold up potentially for months.

[Redjack]

One of the places where this really matters is the ownership mechanic and that you can't buy anything without a SIN. There is, of course, a larger question as to whether or not there needs to be any changes?

Corporations will still sell defects, knockoffs, and even excess product to the black market. When they do so and don't establish ownership, they have no responsibility of warranty, software updates, etc. This then infers that the ownership mechanic needs an adjustment to simply state that there is a lot of stuff in the barrens that simply has no owner... and never did.

I had kicked around the idea of a new type of SIN, let's call it a Consumer SIN. Tied to no nations or corporation. Issued directly by the Corporate Court to allow the SINless to participate in legitimate commerce (and all at the small cost of a 15% tax on gross income). The jury is still out. Not sure if I like this or not.

[Redjack]

So should there be a dual rating on Fake SINs perhaps?

Yes!

The second stat could be for how long the 'shelf life' of the Fake SIN lasts before the system definitely catches on that someone is double dipping with the SIN and shuts it down.
If you do not want it stopping the SIN full stop, it could also act as an interval of time before the first stat rating degrades.
So if it's a 'burn' Fake Sin with an Rating 5 but an interval of 1 day, the next day it's a 4, third day down to a 3 and so on.

So this could act as a cost modifier on the cost for a fake as you wouldn't pay as much for something that is only good for 24 hours as you would for one that can hold up potentially for months.

I realized we are really talking about stolen SINs, not fake SINs.

STOLEN SIN
SIN Rating: [1,2,3,4,5,6] [see Fake SIN Details: SR5, pg367]
SIN Depreciation: [None, 1 week, 1 day, 12 hours, 1 hour]
SIN Expiration: [N/A, 8/12/24/36/48/72/96 hours, 1/2/3/4 weeks]

Something like that?

[Sendaz]

Yes, that was what I meant.

For depreciation, I was thinking more 1 Hour, 1 Day, 1 Week, 1 Month, Indefinite or maybe it should be kept looser as some might be good for 36 plus change like for the student hiking example above.

But yes, this seems like a good way to represent how to use a stolen SIN.

Now just have to figure cost modifiers if the players are buying one from a contact/fixer sort.

[Redjack]

Just throwing out something for us to tear apart to build a cost structure from:

How about this for a base:

STOLEN SIN:
Base Cost: R1-3 = 100¥/rating; R4-6 = 250¥/rating
Base Depreciation: None
Base Expiration: 24 hours

My thoughts here are that a stolen SIN would normally not depreciate, it would simply expire at the point in time that it is noted as compromised.

How about every additional 24 hours increases base cost by 25%?

[Sendaz]

Looking at it again, maybe you are right about no depreciation for a Stolen SIN as because as soon as the hiker comes back out of the hills and starts using his SIN, the system is going to flag there is two sources of the same SIN on it's radar so to speak. Kind of like how the credit card company contacts me about suspicious activity. How fast it shuts down the SIN though would depend as it would have to sort out who was valid and who wasn't. Or maybe it just locks down both and lets the real owner contact them to sort it out.

I think depreciation could still play a factor for a true Fake SIN though. This could represent the various systems updating themselves, closing loopholes and flagging possible discrepancies that might have been used to generate the original Fake. Sort of a SOTA for SIN.

So maybe have it so Stolen SIN has Rating and Expiration while Fake SIN has Rating and Depreciation?

[Redjack]

I think depreciation could still play a factor for a true Fake SIN though. This could represent the various systems updating themselves, closing loopholes and flagging possible discrepancies that might have been used to generate the original Fake. Sort of a SOTA for SIN.

Looking at the chart on pg367 (SR5), how about this: Any Fake SIN above R3 to which a lifestyle is not attached or 10% maintenance in not paid, depreciates 1 rating point/month. Once depreciated, it costs a full 2,500¥ per rating point to restore.

Thoughts?

[Sengir]

Based on the fake SIN rules on p. 367, low-level SIN checks (the ones you would encounter at a taxi or discount store) should be extremely easy to defeat:

An R1 SIN verifier just checks whether you can provide a SIN at all, and an R1 SIN is just random data. It's the future equivalent of being asked to sign in with you name, without demanding any proof that what you wrote there is indeed your name.

At Rating 2, the verification is a "basic redundancy check on the number and vital statistics" but without any verification of external data, and the according SINs don't contain any such data. "Using Forgery" (p. 145) says you can't create "data-based" stuff, but since an R2 SIN does not have external data, it should still fall without in the scope of using Forgery.


I really like those new rules, it's just that price of fake SINs does not match: Rating 1 fakes should be something street-savvy characters make up on the fly and everybody else gets a dime a dozen, and a Rating 2 SIN should still be easily in the reach of a character with the capability for some number crunching or a hundred bucks to spare.



But since this grew out of a Matrix thread, here's a real tough one: Fluff implies that SINs work over the Matrix, where biometric checks obviously do not work, unless the other side believes that the image of a fingerprint you sent over is really scanned from your finger. Digital certificates and stuff would also be a very weak protection, since encryption in SR is fundamentally broken. So, how to handle anything more discerning than the equivalent of an "Of course I'm over 18" button?

[Draco18s]

Based on the fake SIN rules on p. 367, low-level SIN checks should be extremely easy to defeat

Quite, which is why I never liked the SIN check rules. Even a R6 fake could be detected something like 60% of the time by a R6 checker...because dice.

Fake ID's rating in dice as an opposed test against the verifications system's rating in dice. With ties going to the verification system.

R1 vs. R1: the fake SIN wins 21% of the time, due to the ties when both dice roll blank.

[Sengir]

Quite, which is why I never liked the SIN check rules. Even a R6 fake could be detected something like 60% of the time by a R6 checker...because dice.

Fake ID's rating in dice as an opposed test against the verifications system's rating in dice. With ties going to the verification system.

R1 vs. R1: the fake SIN wins 21% of the time, due to the ties when both dice roll blank.

The new SIN rules in 5th are what most people already houseruled: Roll scanner's ratingx2 with the SIN rating as threshold, which drops the chance of cracking an R6 to single digits.

[Draco18s]

The new SIN rules in 5th are what most people already houseruled: Roll scanner's ratingx2 with the SIN rating as threshold, which drops the chance of cracking an R6 to single digits.

Ah. Of course. I've looked at SR5 through a telescope, so I didn't have those rules on hand.

[Redjack]

since an R2 SIN does not have external data, it should still fall without in the scope of using Forgery.

That seems plausible.

that price of fake SINs does not match: Rating 1 fakes should be something street-savvy characters make up on the fly and everybody else gets a dime a dozen, and a Rating 2 SIN should still be easily in the reach of a character with the capability for some number crunching or a hundred bucks to spare.

My Shadowrun group was put off by the increase in price increases in SINs.

since encryption in SR is fundamentally broken.

We noticed last night that "encryption" has been relegated to simply a firewall enhancement in SR5. Protected and archives now fill the space that one would think of for encryption. I guess where I'm going with this is that for the system to work, SINs have to have some level of security. I think we've expressed a vulnerability with fake and stolen SINs, but need to consider that the continual checks and cross checks make the system as a whole functional.

[Cain]

I think the problem needs to be approached from a different angle.

The first issue is that Fake SINs are mandatory. You can't legally buy anything, not even food, without some sort of fake SIN., But even low level ones cost, and you can blow through them very quickly. I'm thinking of introducing a "Rating 0" fake SIN: easy to get a hold of, but won't stand up to any sort of serious check. You man need some sort of limit on how many you can have at once, though.

The next is the ridiculous frequency of SIN checks. One of the examples in the SR4.5 book has a SIN being checked dozens of times as you walk down the mall. My solution for that was to simply ignore all casual checks-- if you have a fake SIN of any level, you automatically pass. It's only on a detailed check that you have to worry. When combined with the Rating 0 idea, this means you can easily get something good enough to pay for a slurpee at the stuffer shack, but it won't hold if a cop or security guard runs your ID.

Next is how easy it is to break a fake SIN. The SR5 rules are an improvement: it's Device x 2, vs a Threshold of the SIN. Since it's not an opposed test, there's less chance of a bad roll breaking a good SIN. Still, the odds are very high that a basic SIN check will blow an equal rating SIN. I would suggest dropping the test dice to just Device for standard security checks, and add Data Search for in-depth ones: the checkpoint guards won't have the time or skill to do a lot of digging, but if you're sitting on your heels at the police station, they're going to be trying a lot harder.

Finally is the response to discovering a SIN is fake. The SR5 book leaves it entirely to GM discretion, which makes sense, but some guidance would have been much more helpful. The only suggested response is to call the authorities, which might lead some to think the only proper response is to call in a SWAT team and end the runner with a hail of lead. A listing of possible responses would be better. I'm partial to the Denver Missions rule: if you failed a SIN check, you were detained and harassed for an hour or so, then you paid a small bribe and could go on your way. Just some ideas as to how you could respond, that would make it much better.

[Smash]

One of the places where this really matters is the ownership mechanic and that you can't buy anything without a SIN. There is, of course, a larger question as to whether or not there needs to be any changes?

Corporations will still sell defects, knockoffs, and even excess product to the black market. When they do so and don't establish ownership, they have no responsibility of warranty, software updates, etc. This then infers that the ownership mechanic needs an adjustment to simply state that there is a lot of stuff in the barrens that simply has no owner... and never did.

I had kicked around the idea of a new type of SIN, let's call it a Consumer SIN. Tied to no nations or corporation. Issued directly by the Corporate Court to allow the SINless to participate in legitimate commerce (and all at the small cost of a 15% tax on gross income). The jury is still out. Not sure if I like this or not.

This feel like one of those cases where the Dystopia of Shadowrun is being lost.

Being SINless is supposed to suck! You live in the barrens or worse are locked up in some archology somewhere and issues a criminal SIN. You don't participate in the normal economy, you participate in an underground economy driven through scavenging and crime. At best you might get a job somewhere working for some prick who's taking full advantage of your situation.

This is by design. The Corps like this because it gives them an exploitable resource for cheap labor or hassle free experimentation subjects.

As for SINS in general they need to become less complicated, not more. The way licensing works in this game is ridiculous. It all needs to be rolled into one thing, whether it be the SIN or the lifestyle.

Also, SINS as they currently stand are burned way too easily. As a rating 6 SIN is the best you can get it really needs to be nigh on bullet proof, especially given the cost.

[Smash]

The next is the ridiculous frequency of SIN checks. One of the examples in the SR4.5 book has a SIN being checked dozens of times as you walk down the mall. My solution for that was to simply ignore all casual checks-- if you have a fake SIN of any level, you automatically pass. It's only on a detailed check that you have to worry. When combined with the Rating 0 idea, this means you can easily get something good enough to pay for a slurpee at the stuffer shack, but it won't hold if a cop or security guard runs your ID.

Agree mostly, but not with the rating 0 SIN. You are meant to be able to survive without one, it's just hard and doesn't involve needing to go to malls. I agree that the SIN checking has gone overboard in the setting. Short of going to a high lifestyle area it just shouldn't happen unless Knight Errant have some cause to do it manually.

Next is how easy it is to break a fake SIN. The SR5 rules are an improvement: it's Device x 2, vs a Threshold of the SIN. Since it's not an opposed test, there's less chance of a bad roll breaking a good SIN. Still, the odds are very high that a basic SIN check will blow an equal rating SIN. I would suggest dropping the test dice to just Device for standard security checks, and add Data Search for in-depth ones: the checkpoint guards won't have the time or skill to do a lot of digging, but if you're sitting on your heels at the police station, they're going to be trying a lot harder.

Pretty much agree with this as well. I also think scanner ratings need to be fleshed out more. Most checks should be done with low level scanners, even the cops should be using them. Government buildings, courts etc should be the only places rating 4+ ones should ever be used.

[Redjack]

This feel like one of those cases where the Dystopia of Shadowrun is being lost.

Agreed. That's why a consumer SIN or as Cain appears to call it a r0 SIN, didn't go any further for me.

[Cain]

This feel like one of those cases where the Dystopia of Shadowrun is being lost.

Being SINless is supposed to suck! You live in the barrens or worse are locked up in some archology somewhere and issues a criminal SIN. You don't participate in the normal economy, you participate in an underground economy driven through scavenging and crime. At best you might get a job somewhere working for some prick who's taking full advantage of your situation.

Yes, but playing a game should not suck.

Shdowrunners fall into the adventurer mentality: they're not Average Joes, they're something else. So, they get a small degree of plot immunity: no runner has to worry about a common cold, or random bank errors, or parking tickets. They get to ignore the everyday stuff.

Rating 0 SINs work on that principle. Shadowrunners are supposed to be survivors, professional deniable assets who protect their identity. It's reasonable to assume they have stored, or have access to, a few backup identities that aren't well fleshed out. It's not much, not enough to withstand any dedicated check, but it is good enough to get across town to your safehouse without being flagged for driving without a license.

[Sengir]

My Shadowrun group was put off by the increase in price increases in SINs.

On the top end, I think the prices are OK. High-rated scanners guard places where the proles are not supposed to enter, if a way to get past those checks was within reach of the poor, the dystopia would suffer again.

On the low end, even the prices from 4th seem a bit high. 2000 ¥ for an alphanumeric string containing a roughly matching height and age, without even the need to forge a physical document?

We noticed last night that "encryption" has been relegated to simply a firewall enhancement in SR5. Protected and archives now fill the space that one would think of for encryption. I guess where I'm going with this is that for the system to work, SINs have to have some level of security. I think we've expressed a vulnerability with fake and stolen SINs, but need to consider that the continual checks and cross checks make the system as a whole functional.

What I was getting at is how checking a SIN online would even work: The best thing they could do would be an R1 check, i.e. you sending some random number. Whether the size and sex of that number match would already be impossible to verify, unless you send a photo and they believe it's you...

[Kyrel]

What I was getting at is how checking a SIN online would even work: The best thing they could do would be an R1 check, i.e. you sending some random number. Whether the size and sex of that number match would already be impossible to verify, unless you send a photo and they believe it's you...

Wouldn't that depend on just how the checking system is created? A Rating 1 system might only check that you have something that corresponds with a SIN number with the correct amount of digits and something that resembles correct data, but who's to say that a Rating 6 system doesn't include both a camera for visual comparison of the picture in the SIN, as well as a check of other biometric data like a handprint, retinal scan, and possibly a skin sample, all of which is then cross checked against half a dozen databases from various systems and databases? Also, another question is just how much information is stored on a SIN? And how much of it is checked by a given Rating X system? Your SIN might include various forms of historic information about you, meaning school history, criminal history, biometric information etc. Your fake SIN might well include all of the information, but if you crosscheck the different databases related to the various types of information, are all the things going to match up? Or is the system going to get a result that tells it that the person that went to school where your SIN says is a 66 year old male elf, while the person who got the parking ticket associated with your sin belong to a 21 year old male troll, and the medical data associated with your SIN belongs to a 32 year old male human who lives in Hong Kong for the moment? Even if you can't check that the person holding the SIN have the same biometric data that the SIN says, that doesn't mean that you can't discover other discrepancies through electronic means alone.

[Cain]

What I was getting at is how checking a SIN online would even work: The best thing they could do would be an R1 check, i.e. you sending some random number. Whether the size and sex of that number match would already be impossible to verify, unless you send a photo and they believe it's you...

If you want to go realistic: it's the start of the month, so I'm paying all my bills. I just got new internet, so I had to put in my credit card info to pay online. They had never seen my card before, but apparently, the first time I put it in, I mistyped it. The system turned red in a few places, said I had put in an invalid card number. Now, this was all *before* I actually clicked on "pay now", so apparently not only did the computer run a check before I approved the payment, it ran it against every possible credit card, and discovered that the mistyped one didn't belong to me, or possibly anyone else.

Now, SINs in Shadowrun contain a lot of information baked in: your date of birth, name, sex, place of birth, that sort of thing. Apparently, that's all encoded into your number, kind of like how the office of issue is encoded into your SSN. Washington State does a similar thing with driver's license numbers; if you read it, you can figure out their birthdate and sex. So, if you send some random number, anyone who knows what to look for will know it's a fake. And the return information will likely not only include a name, but your sex, metatype, and a picture. Even on a R1 check, if you're a male dwarf, and the SIN is written for a female troll go-go dancer, the picture will give it away.

[binarywraith]

Actually, it's because there's an algorithm that each major card issuer (Visa/Discover/Mastercard/AmEx) uses to generate their card numbers, and a single digit off is usually not going to create a valid card number. This is also why a given form can often tell you which type of card you're using by number alone.

[Cain]

Actually, it's because there's an algorithm that each major card issuer (Visa/Discover/Mastercard/AmEx) uses to generate their card numbers, and a single digit off is usually not going to create a valid card number. This is also why a given form can often tell you which type of card you're using by number alone.

Same thing, though. A SIN is supposed to include your birth date, name, etc. It's part of the algorithm in generating it in the first place. So, a random string of numbers isn't going to come back as a valid SIN.

[Bertramn]

I am thinking of a system which takes the SIN mechanic to the extreme.

Does Paranoia have something one could use?
Or do you guys know of any other RPG systems which handle this identity issue?

My pet thought project, Shadowrun 2100, could use an elaborate mechanic for something like that.

[Sengir]

Wouldn't that depend on just how the checking system is created? A Rating 1 system might only check that you have something that corresponds with a SIN number with the correct amount of digits and something that resembles correct data, but who's to say that a Rating 6 system doesn't include both a camera for visual comparison of the picture in the SIN, as well as a check of other biometric data like a handprint, retinal scan, and possibly a skin sample, all of which is then cross checked against half a dozen databases from various systems and databases?

Fluff implies that SINs work over the Matrix, where biometric checks obviously do not work, unless the other side believes that the image of a fingerprint you sent over is really scanned from your finger. Digital certificates and stuff would also be a very weak protection, since encryption in SR is fundamentally broken. So, how to handle anything more discerning than the equivalent of an "Of course I'm over 18" button?

@Cain

Same thing, though. A SIN is supposed to include your birth date, name, etc. It's part of the algorithm in generating it in the first place. So, a random string of numbers isn't going to come back as a valid SIN.

On an R1 scanner it might, since that kind of check only tests if you can provide any number that looks like a SIN. An R2 scanner does a "basic redundancy check", which I assume means something like a Cyclic Redundancy Check, or the Mod 10 checksum used for card numbers

A problem with that is that the description implies that a SIN which has a correct checksum (presumably already at R1, because otherwise it would not encode random height and sex but nothing at all) would always get past an R2 scanner...