First: Does a SIN have genetic information on it? Retinal? Fingerprint most likely...

Second: What if this information is checked against the person using it? Say my runner is crossing into PCC territroy with their ultra strict border patrol. He's not concerned because he's got a very good fake SIN (rating 6). Turns out border patrol hasn't met its quota for the month for busting baddies so it's being extra thorough. They decide to check out mister Gunbunny's info against the real thing. What happens? Does he

A) Get busted because the info on the SIN doesn't match his real characteristics (retina, fingerprints, DNA, whatever)?

B) Get by because his SIN reflects his REAL info?

If your actual DNA, etc. is on your fake SINs then they would prove each other false, wouldn't they? But if those SINs didn't hold that info then they would be flagged as fake once anybody checked.

Maybe a better example would be going to a certified doctor for something mundane like VD ( ). If your genetic information and SIN were checked at anytime during that checkup or treatment than it would have to match or else. But then you can't have more than one fake SIN or else that crucial info would match between SINs and you're busted.

I am overanalyzing things or is this a valid concern? How do you think SINs work? Differently than mine?

Okay, so only Criminal SINs hold that specific of information. That makes sense. Otherwise it wouldn't .

IIRC genetic fingerprint or even genetic samples are NOT part of the SIN (some corps prevented this, you might guess which ones ... yes, one start's with an A ... and yes, another with an S ...) ... except for Criminal SINs.

Almost every other aspect of your personality is : size, metatype, retina scan, fingerprints, bloodtype, voice samples ... credit history, purchases, places you were living, education ...

When your SIN is checked, the question is how thorough they are (that is, the rating of the SIN scanner).
For each rating of the check, the Scanner validates your SIN with one Host, and for every rating minus one, it scans for one biometric characteristic.

So a R1 SIN Scanner on the bus or commuter will only check with your bank if your account exists and contains money - this is enough of a verification for riding a bus. Examination doesn't take any noticeable time.

A R3 Scanner will probably check with your bank, your employer and your health-care provider and check your apperance and fingerprints - this is pretty common when entering corporate teritory or government buildings. Examination might take a second or two (~one combat turn)

A R5 Scanner will check more thoroughly, requiring a drop of blood (for verifying bloodtype) and usually asks a few questions that are veryfied against your personal history ('what was your first car ?', 'which elementary school ?', etc). They are usually used when crossing a border or boarding a plane. This kind of check takes a few minutes.

R6 Scanners are only rarely used, usually only when security is very important. Checking on a bank account in one of the corporate banks, visiting a shareholder meeting, running for a government position ...
On such a check, all your SIN is run through comparison, and it better not come up empty ... it will take at least half an hour, and might take much longer.

'Hope this answers your questions.

It seems unlikely to me with the way things have been going in Britain and the US, that a SIN wouldn't contain your genetic profile. The technology is already there. Why did some corps block this?

I recall in the very first Shadowrun novel (Never Deal with a Dragon), that Sam's character got a fake SIN and the fixer (Cog?) talked about implanting credit histories in various stores, faking family records and previous residences. I remember it was very definitely the absolute works. I suppose that would correspond to a fairly high-rated fake SIN.

It seems rather hinky that SINs aren't all stored in a database(or 'bases) and cross-referenced. What would be the reasoning behind not doing so?

To add genetics to SIN, you'd have to collect genetic samples, which would then have to be analyzed and stored or destroyed. This has a lot of disadvantege, as it would be the only part of a SIN that could not (easily) be stored as pure data. And it would require a very VERY high security (just think of the possibilities ...)

Why some corps opposed it : well, imagine having someone tell Lofwyr they'd need a genetic sample of him for the CorpCourt Records ...
Or try the same with the heads of Aztechnology ...
Or ... how about the Princes in Tir ? or the other Tir ?
Or even Mr. Knight
No, I guess they really didn't want THAT.
And, of course, it would hinder Corp BlackOps ... a lot.

And the basics of what's in a SIN are based on CorpCourt standarts.
Some Countries or Corps may require more data, like genetics, but most require only the data set by the standard.

Edit : SINs ARE stored in a central library at the Corporate Court Registry as well as with the Country/Corp that issued it. Bits are always cross-referenced with all other copies and updated with new purchases and developments.
This is why it is so damn difficult to set up a good fake - it takes weeks over weeks and some man- or computer-power to do it, and some more to make sure it doesn't develop any holes within the first few weeks.

Yes, but what about storing and cross-referencing other info like retina scanning that takes only a few seconds or fingerprints that are the same way?

Ahh, I think I understand what you're asking ... took some time :slap forehead:

Yes, any of the sources that are checked normally stores the full information, not only those relating to it. So you bank has you fingerprints, retina scan, credit history as does any employer you ever had or any hospital you ever visited.
This is why a scanner usually does not need to check with all possible hosts.
It only checks with multiple sources to make sure it doesn't get fooled by a hacker ... and, yes, it may as well ask the Stuffer Shack you bought your softdrink five minutes ago ... in fact it will from time to time.

If any errors show up or too many querries come up blank, the Scanner will then raise an alarm ... or question you indepth first in case there was a technical fuckup.

High Rating checks still take time as they are not only run against the online records, but usually through at least one off-line backup, and with Rating 6, all your file needs to be varyfied against off-line backups and in-house records.

So what good is a fake SIN if your biometric data doesn't match? Or is part of the fake SIN process laying your info onto a SIN that it wouldn't otherwise be associated with.

ALSO

If you have the negative quality Citizen SINner and you get a fake SIN, would you then have matching sets of biometric data that would raise flags in the CC's database?

1. Working your biometric data into the files is part of making the SIN.

2. Yes, this can actually happen - though not very often, as Corps and Governments use fake SINs, too, for their Intel and BlackOps personal. These problems normally arise when you use a fake SIN in a check and it gets flagged as Questionable or True Fake - in that case a full search is ran for all SINs matching in Biometric Data, and flagged as Questinable.
Any SIN flagged that way will get a thorough investigation ...

im not sure that the datatrail of a sin have every been fully defined.

i dont see why a dna profile would NOT be there for non-criminal sins.
in SR3, a high end credstick demanded a dna profile to work.
and its just a matter of getting a blood sample whenever said sin is created and be done with it...

but the end of the story is that a sin is just a way of "confirming" who you claim to be.

so if you state that your name is so and so, the cops check your sin and see the same name showing up, and the same fingerprints, retina pattern and whatever else they feel like checking, then in the eyes of the system you are the person you claim to be.

what seems to happen when a scanner check to see the validity of said sin, is that it looks up the normal expected pattern of bank withdrawls and other sin related activity. a higher rating scanner basicly have access to more databases, more databases equals higher resolution, higher resolution equals that artifacts (like say no sin activity before 2069, and the person is supposed to be 30+ years old in 2070) are more likely to stand out.

if someone have any familiarity with a public key infrastructure you may well say that a sin is a key sertificate, supposedly signed by a known trusted athority.

you claim to be mister x, the sin contains the phycial characteristics of mister x and they match yours, the UCAS goverment have supposedly issued said sin, therefor the UCAS should be able to verify the validity of said sin...

yeah, basically i figure you can have biometric data attached to multiple SINs becuase it's not "here's my biometric data, now scan every database in the world to get my identity", it is instead "here's my SIN, now check if the biometric data in the SIN matches mine".

IOW, it works because it takes too much time to scan the entire world's records of biometric data, so they just look up the SIN file and compare the biometric data it says you're supposed to have with the biometric data of the person whose SIN it is supposed to be.

and of course, this assumes that biometric data is required... it may not always be...

even the humble photograph can be seen as a kind of biometric data...

Im talking about the time inbetween checks at the border, at the doctor, on the bus, etc. Here's how I imagine SINs and their databases:

The UCAS has a dedicated server with all citizen and criminal SINs on file. Each one contains a copy of relivant info (Biological data like retinas and DNA and Technical data like credit histories and travel histories) along with where that Info came from and how to get in touch with various sources to confirm that info (i.e. Your doctor or his hospital or the government agency in charge collecting biological data like DNA and storing samples and redundant copies).
So what you've got there in each SIN in the database is a summary of who you are and a list of officals and relavent databases that are used to double check this information.

Low rating SINs (1-3) have a summary of who you are just like any SIN and the neccesary double-checking references listed but some of those references don't have corroborating info, have incomplete entries, or just try referencing to other people's data. This is most likely due to incompetent hackers or a particuarily tough-to-crack database (like where ever criminal histories or DNA are stored). The sloppy work will also probably give it away to roving IC and Agents in the Database.

Higher rating SINs (4-6) have most of those bases covered. False information placed in databases are hard to decern from the real thing and every reference listed has information present. It's not perfect, however. There's always a hole or two, they're just less visable.

In order for the UCAS to prevent the use of Fake SINs by criminals and in general fiel clerks or Agent Clerks should be deployed to fact check. Everyday SIN and their references will be checked to make sure that information is up to date and accurate (not to mention even there). The manpower required for such an effort can't be that much. Actual human clerks would be rare and Agents would be used more often than not. Database checking by Agents would be held during low traffic hours (when there aren't as many people crossing borders or conducting official business) to ensure that Response isn't sucked up by fact-checking Agents.

This is the government we're talking about here, they have to resources for this kind of thing. If you want to chalk it up to "we don't get enough funding because taxes aren't spent wisely blah blah blah" then okay, but busting fake SINs should still happen sometimes and not only during transactions. Checking SINs with other countires would be likely impossible. Is busting, say, multiple Fake UCAS SINs that far fetched, though? Why wouldn't it work like I outlined above?

I think the one of many possible answers to this question is, "How much information leaves the game of SR actually playable?" And the answer to this question depends in part on the type of campaign and setting. YMMV.

Given the decentralized nature of computing in SR4, I am inclined to speculate there is no longer such a thing as a clearly defined SIN. It might be possible that even real SINs can have errors due to inconsistancies in databases. Once you permit the possibility for false positives, the idea of fake SINs becomes much more viable in terms of cohesive fiction.

Another thing to take into account on this line of thinking is the Crash of '65 and the subsequent lag time getting the Matrix 2.0 up to running speed. That leaves plenty of room for holes, errors, and inconsistancies even in real SINs, and thus, as Red said, makes fake SINs more plausible.

I seem to recall that fake SINs were uncommon things for runners to have in previous editions, but now they are pretty much obligitory. They've come down in price and are likely to get queried a lot more, wirelessly. If you don't have one you'll likely get picked up by the 'star for walking down the street.

This raises the question for me about those poor folk that don't have the money for comlinks and such. They can't be transmitting a SIN wthout one and will thus be SINless. I guess the SINless underclasses have no real prospect of improving their station as they can't leave their neighbourhoods (where the Star don't go) without getting picked up and roundly abused. Of course that does emphasise the imbalance of the sixth age rather well.

What about Technomancers? I imagine they have to buy at least a poor quality comlink to go about their daily lives, unless they can transmit a SIN or SIN-like data. Of course at this stage we're discussing the supernatural, at which point logic ceases to function.

I'll stop rambling now and let the thread get back on topic.

IMHO a SIN is like a passport in some ways, but it can be queried remotely. A security officer doesn't even need to stop you and ask you for it, he just scans for the signal that ought to be there. There's prolly some check sum or other security feature that makes a SIN hard to fake (like the holograms and funky printing stuff on a passport). The major difficulty is planting all the back-up data, birth records, bank records and stuff that may be used to verify your SIN. The rating of a SIN is a combination of how good the encoding is, such that is looks like a SIN, and how good the back-up information is so that if a query is sent it comes back as true. Whether a SIN contains your biometric data or not depends on how good the SIN is. For example, it is possible to buy a passport to allow you to pretend to be someone else, but you may not look like the picture in it. To insert your own picture would be harder and cost you more to commission from a third party and someone checking it might determine that the passport had been tampered with. An alternative way of getting a passport (or in the case of SR, SIN) would be to apply using a legal citizen's details, perhaps someone who has died recently. The background check by the passport authorities might not turn up the fact that this individual was dead, and boom! perfect fake ID, made from genuine materials with your biometric data (picture). Although, this relies on bypassing the passport authorities security checks.

I'm offering this up as a suggestion that the SIN system in SR4 is abstracted out to the extent that no mention is made of how a SIN is acquired, nor how it is tested. A fake SIN either passes the tests or it fails. If it fails, it is up to the GM to decide on any flavour text such as "they did a retinal scan, and your data did not match" or "the encoding on your SIN was detected as a fraud" or "X corp did not acknowledge you as an employee" or "Mr. Callhoun appears to be dead".

I think you're pretty much right on how you think a fake SIN works and about the degree of abstractation, so I'll just take a shot at the first part of your post :

Fake SINs were never uncommon, even in SR2 and SR3. Any character in my groups usually had two or three, but none was pretty rare (plot device ) - even in groups I played with at conventions, most players usually had quite a choice for answering 'who am I gonna be today ?'

Commlinks : well, you don't NEED one, it just makes life easier ... well, at least it is that way in B, C and partly A destricts - you usually can pay wireless or use credsticks or money, and the same is true for ID.
In AA+ areas ... um ... well, forget not owning a commlink, but it is mandatory anyway. Yes, you have to broadcast your SIN there so security knows you're no threat - this is what they get paid for.
In D and Z-zones ... well ... screw Commlinks. They work as well as the old matrix did ... that is ... sometimes, maybe, feeling lucky ? ... that kind of 'works'.
And no law has you own a Commlink - only some Security Measures might

Technomancers : see above. If they want to transmit an ID ... well, yes, they might need a commlink (or a way to plug a credstick into their brains) - but they'll need a commlink anyway to store data - or use some on-line provider for storage-space. If they use this option, they can just copy their SIN information into such a storage and transmit if from there using their brains. Fine, too. Just a little bit more risky ... or less risky, depending on the situation.

Don't forget that most items in 2070, including your clothes, have wireless capability. Doesn't seem like a stretch to just broadcast my SIN on query via my shoes.

Maybe it was just the games I played in. Although I recall fake SINs of any quality being too expensive to buy at character generation.

I like the summary about which zones you need comlinks in I guess if you left home without it in a B zone say, you might get picked up by the Star and questioned. If they don't find anything dodgy on your person they might believe you about just going to the store for some milk, that's what etiquette is for, right?

As for technomancers, I'm unsure how they could do it without a comlink. But then, like I said before, we're out of the bounds of logic at this juncture.

My original question focused (or intended to) on checking SINs and Fake SINs against each other to avoid fraud and whether or not this should be a problem for runners.

If information on two good Fake SINs that you own match each other, then would roving Clerk Agents catch the inconsistency? Wouldn't you get a call from authorities who want you to come in and verify such information? What if one of your Fake SINs get busted for some reason? Wouldn't picking up a new one with the same neccesary identification be a dead giveaway?

"I just commited grand larceny and have reason to believe that my Fake SIN was compromised in the process. Gee darn, that sucks. No worries, I'll get a new one! In fact, I'll get one just as good as my last one (rating 6). There's nothing like being able to walk through customs, get your eyes scanned and have that info match my Fake SIN. No alarms or angry security guards, ain't that just nifty? Oh, wait. Doesn't that OLD fake SIN I used to use (rating 6) have that eye scan info on it as well? Hmmm, I wonder if that'll be a problem? Nah, the Crash 2.0 has left EVERY computer system completely unreliable and such a glaring inconsistency could never be caught in the age of infinite data storage and faster-than-anything-we've-seen-before processing speeds. There's no way an organized governmental agency whose job it is to check these sort of things would catch such a problem! I'm in the clear "

Really? Saying something like "the corps did it" is more reasonable than "the computer systems can't handle that"

I appreciate everyone's input and don't intend to offend anyone by the sarcastic example above.

If your're in drek as deep as that, I'd recomend cosmetic surgery (including fingerprints) and a new pair of (cyber-)eyes for a new retina print ... oh, and I'd think about vacating to a new 'plex and use a new handle.

Because, yes, if you're in that deep, you can nearly be sure that all your Fake SINs go to hell - at least all that are registered with the same Country/Corp ... and probably those "issued" by friendly Countries/Corps, too.

As I said earlier, there are no routine scans for fakes (no need to frighten your own blackops guys, right ?), but if one SIN of yours is busted, they'll probably look for more - well they don't if they are lazy or bribed, or you are unimportant enough.
Terrorists/Shadowrunners rarely are 'unimportant enough'.

I know this isn't about exactly how much data is in a fake SIN, but a great idea for fake SINs is to get SINs from countries that at opposed to each other. War, hatred, whatever. Thwy'll have harder chances verifying if the data is exact due to information exchange not always being 100%. Also, if you have six SINs for example, and each of them has your genetic makeup, fingerprints, etc, and all are for different countries, then they would only likely pull up their local SIN. Unless, you were to hack the terminal. ;P

This idea came to me when I was watching the Highlander TV show. How can someone live forever, but never leave a trace when police, public people, everyone knows who he is.

However, in their defense, they had an organization dedicated to hiding them, as well as the fact that they could go live in the middle of nowhere for a while. But todasy with DNA, RNA, fingerprints, etc.

Black Ops agents using Fake SINs would be fine to check into. If queries into the authenticity of said SINs were sent back to the SINs repoisitory such queries would be redirected to special clerks who are there to cover for the Black Ops agents.

For that matter if the UCAS uses a Black Ops agent they can create Fake SINs better than any shadowrunner could get his hands on and be sure that either the data provided is flawless or that anyone checking into a flase-positive during , let's say, a border crossing would be covered by the SIN agency.

"WHat's that? Joe Spysworth's info doesn't check out? What exactly is the problem? Retina scan, eh? DNA too? Well let me talk to my superior, I'll call you right back."
----1 hour and a little data propagation later----
"Hi, this is Jill DataClerk from the UCAS SIN registry. Yes, i've double checked his information and it seems as if you must be mistaken. Please double check. Yes I'll hold.............It's correct now? Isn't that just hinky? Oh well, Deus and all that, you understand. Have a nice day and don't hesitate to call back if you have any further difficulties."

It's the government, please.

@drraagh ooh! ooh! I know this one!
If you try to give someone a blood transfusion and it's not in the same blood group as them then bad stuff happens, and they frequently die. You've heard of blood groups A, B, AB and O right? Someone with the rare blood group AB can accept blood from all the other groups, someone with the (more common) bloodgroup O can donate blood to all the groups, A and B are restricted to their own bloodgroup and O. Then there are a bunch of other blood factors like the rhesus factor which complicate matters. But the important antigens are A and B (O is just an absence of A and B).

Thing is, these antigens are on your red blood cells, which are quite special since they have no DNA. Not having a nucleus leaves more room for haemaglobin for oxygen transport. You need white blood cells (also known as Leukocytes) to obtain a DNA fingerprint. So unless you collect some foreign white blood cells in your blood sample for DNA profiling you'll get the original host DNA profile. If a significant number of white blood cells was introduced you're quite likely to find a chimera, that is a profile made up from both DNAs. (As an interesting aside chimeras are more common than you would think, with some people having quite different DNA fingerprints from tissue to tissue due to alterations in foetal DNA or even the fusing of seperately fertilised eggs and such like).

When you change someones bone marrow you no longer need to worry about blood group, since you'll be changing all their red blood cells anyway. You do have to worry about MHC receptors, however. The Major Histocompatability Complex (MHC you see. Clever huh?) is found on all your cells (except red blood cells) and is the means by which white blood cells recognise self from non-self. The MHC will also express samples of proteins made within the cell. If the white blood cells fail to recognise the protein it must be foreign, suggesting that there is a virus, bacterium or similar within the cell. I probably haven't made myself very clear, but the gist is this: To receive a successful bone marrow transplant you need to share the MHC with the donor. For this degree of similarity your genetic code needs to be pretty similar, and since a DNA fingerprint doesn't match up your entire genome, just certain variable loci, you'll probably wind up with the same genetic fingerprint.

In response to the comment about ritual magic, I'd point you toward the RAW which states that to cast ritual magic you need a spotter watching the target. If someone seeking you out wants to cast ritual magic on you they need to find you first. As for material links, I think they took that out of SR4.

Okay, while there is a lot of info here I don't feel like my question has been answered fully.
ES Sparky said it best when he asked:

Half (three-quarters) the problem is that any Country/Corp will not usually share the data stored in it's SIN registry with other Countires/Corps. Second, the only central SIN Registry is operated by the Corporate Court (who will not run any 'unncessary' checks as a matter of policy). This usually prevents you from finding out if someone in your Country/Corp's registry is also registered elsewhere. So, if you're smart and your different SINs have different nationalities (e.g. UCAS, CalFree, SSC, CAS for someone living in Seattle) there's little risk ... well, about none ... that your other SINs will be compromised if one is. That would only happen if two or more parties cooperated in hunting you ("who did you screw over to to warrent THAT ? Get away from me ... hey, I don't know you at all ... no clue who you are, really ... Phone Prank! Phone Prank! <click>").

If you have a number of different SINs with the same entity, you usually should take some precautions : different sets of fake fingerprints and retina modifications (cyber or contact lenses), masks (yeah, oldfashioned disguise), voice modulation ... enough effort that there really IS a difference in the data. If not, well, yes, then you could fall prey to a random check.

Now, how much effort would such a check be ?
Let's take a small-sized country or AAA Corp with 10 million entries.
It would take 50,000,005,000,000 comparisons to complete it.
So a computer rated in Tera FLOPS (pretty much any mainframe in 2070) with enough running memory (pretty much any mainframe in 2070) could do the taks in a few seconds.
Even checking the registry of a highly populated country would not take more than a day ... probably about an hour.

So, yes, any GM could use this to enforce the players take precautions. Not necessarily a good idea for a newbie group (so it's not in Core Rules), but a good idea to prevent an experienced one from getting lazy.
In 2050, processing power and memory were still an issue, but since the 60s ... yeah, 'running out of excuses
No, seriously, yes, you can make it an issue, but make sure your players know it and can prepare for it - or you can simply assume that they take all the necessary precautions and let it slip.