What I gave is a gross simplification really... it takes IAFES quite a bit of time just to go through the fingerprints it does have and even then there's the step of verifying it's findings by human.

Now... should the system be able to handle duplicates? Yea... but does it?

That, is where the GM steps in. If a GM wants to throw it in I'm sure he would, but quite honestly.. if it detracts from game play, then there's no point.

I only gave an idea of why it wouldn't work that way. If the GM wants to say it does matching like that, then more power to him.

Besides, the examples you gave were all ASCII based fields, not image based like what a face recognizer would use, or fingerprints, or iris images, or DNA (which would have to have a fuzzy factor because of SURGE, Goblinization, environmental damage...)

All of which are infinitely more complex then just 4 characters that spell out "sabs", a 10 digit serial number, a 12 byte mac address and a 4 byte IP address all put together.

and the nexus and commlinks in Shadowrun are infinitely more complex than servers/computers we have today.
Your example just doesn't hold water. Especially given how quickly face recognition software works given the RAW.

For a better example, look at Google Search. That's possible today.

Checking that some has a SIN is different then doing a SIN Verification.

You are assuming infinite resources and complete access to all data. If that was true then you are correct.

On another level, if what you claim is true, then there is little point to having shadowrun.

You are of course welcome to play your SR game however you want.

Mine's a dystopian future of balkanized states, extra territorial corporations, and full of pink mohawk trenchcoated pixie technomancer company women riding unicorns mounted with autocannons. And they have fake SINs.

SINs probably employ a lot of principles of cryptography in the way the system is set up.
The system needs to be highly resilient, and resistant to tampering. The two ways of doing this that are obvious are
A.) building a steel castle filled to the brim with black ice, or
B.) have a decentralized system that is resistant to total corruption or obliteration.

The SIN is in some ways like a receipt. When you get on the bus, the bus records that you were there, but you record it too. When you buy a taco at Bob's, you both record the information. In a world of hackers and two computer crashes, your SIN is not rendered void if one piece of data is off. A checker checks against thousands of sources, a slim fraction of all that is out there to check. Your sin says you bought a Taco at Bob's, does Bob's records confirm this? Your biometric data matches your birth biometric, and your Doc Wagon contract, but does it match your biometric data in the records of the school nurse of the boarding school you went to 10 years ago? Data is EVERYWHERE. And if the checker checks and finds to many things that seem off or if it happens to check that one thing that is just plain off, then it flags your ID as false.

The government holds some of your most important data but the data is in few places and hackers can play marry hell with any government system. Because there are SO many SINs there probably are a lot of admins and a lot with user with privileges to add a new birth or death, and maybe even cancel a death. But that is just the start. Because your SIN moves with you your whole life and it needs to add up. It is a life long credit history, medical history, work history, history of residence, schooling, and a passport.

It is debatable how much of the information is on the commlink or in the SIN number but I think a fair amount is there.

I guess what I am imagining a system where both parties essentially have a bag full of keys. Each piece of data about you is like a key. Alice is a commlink with a SIN. Bob is a SIN verification device. Alice is asked questions by Bob and Alice needs to answer them. Bob has many questions that he asks. Bob also asks Alice to give bob questions. If Bob gets to many different answers to the questions that disagree with Alice's answers, then they have a problem. Bob denounces Alice a scandalous rogue and alerts lone star. Alice tells Bob to stick it up his rating two data hole. Knowledge is newyen in the shadows. I can't see how this would be a Zero knowledge proof (http://en.wikipedia.org/wiki/Zero-knowledge_proof), but maybe it does not really need to be.

Cryptography is interesting. It is not all about encrypting something with the biggest key you can find. A lot of it is about two parties exchanging data with out reveling more data than they want or being susceptible of tampering.

To me it means the player is made aware of all records about themselves, and simply chooses which ones get deleted. Only records on servers which never connect to the matrix would be safe, everything else would be deleted through direct hacking, or viruses and worms.

Right, I'm just saying the paragraphs contradict a little.

I wouldn't say you actually are aware of all records, but instead that the Erasing entity knows what you want anyway (no Criminal, no data trail, etc.); this amounts to the same thing, except you don't get a free channel of data about who's watching you. I also think the bit about 'vital to function' information takes precedence over the 'don't exist' statement, so you do keep your SIN, bank accounts, etc.

I also think it should cost more than 5 or 10 BP, because it is, again, stupidly good.

That last statement I can fully agree with. For fun I made an ghoul mage using karma gen, had sinner, erased, and spent some Karma to initiate then take masking. A little plastic surgery later, and no one will ever know I'm a cannibal, because even IF there was a record I contracted HMVV, there's not anymore.

REPENT for your ways SINners!

When you've got erased, why would you?

IAFES is an example of an automated system for matching images. It actually works by converting the image into a series of numbers, which it then uses to do fuzzy lookups, Computers get faster a lot faster than population grows, so the time it takes to do searches decreases over time.

And erased is an idiotic property to allow in a game. It would be a LOT easier to just add a few zeros to the end of your account balance in a bank rather then editing the databases of dozens of security services.

Psh, as if anything in SR makes *sense*.

Like I said, its one of those 'must have' qualities which lets you know its ever so slightly broken.

SR's desire to explain its technobabble to us has always been a perilous (ok, not really) balance with 'just go with it'. One of the first hurdles I noticed was the face recognition issue that others have also pointed out. In a world with crazy fast cross checking ability, how hard would it be to have a subprogram that goes "Hey, why don't I also check to see if this face image comes up on any other SINs we have registered". Its not slow like looking through mugshots page by page in a book.

Then you add things like specific biodata which, assuming matches your cover ID, would also be easily compared to any other SINs with that specific biodata.


Personally, I'd be inclined to downplay whats on a SIN and how much is readily available for checking if you get 'pulled over by a cop'. For example, I got stopped by a cop for jaywalking a few years back (a rookie and a sergeant, so there was NO way I was getting out of that ticket, since I was obviously a training exercise), he asked for my ID then went to go write the ticket, he also asked "You got any warrants?", I didn't but I presume even after I said no, when he went back to the car he did a quick check on my name, came back with nothing suspicious, no warrants. I imagine he also did a cursory check to see if my ID was real.

in game sense, it should be roughly the same, Mr. Troll can I see your ID? and a quick check to see if there are any flags and if the ID seems legit.

in another sense, you know how we can all get those free credit checks once per year? But more frequently and you have to pay? Or if you want to reverse lookup a phone number you can sorta do it, but you have to pay for it? Maybe its like that for SINs. Any corp cop can request and get a 'credit check' that gives them the full run down, but its like a reverse quota thing, they get pressure from the bean counters on how much it costs to keep running checks. So they are encouraged to keep things as cursory as possible.

I realize there's a disconnect in my thinking, as realistically any costs to the corp for 'credit checks' would just get passed on somewhere else to a consumer, but its kinda the principle i'm shooting for.


On the other hand I'm reminded of the scene from Minority Report after Tom Cruise gets new eyes and enters a store that does a retinal scan and says "Hello Mr Asian Dude"


I guess ultimately I'm of the opinion that SIN checks should be done for drama and story purpose as opposed to literally every couple of steps when you pass another remote sensor.

Ever see Idiocracy? That's what I usually picture for SR but with more cybertech.

"Security services?" Nah, the data of your typical SINner (not a criminal) is spread out across school systems, neighborhood associations, clubs, consumer activity, ownership records, SpaceBook, myFace, and employer records. You just have to search for it. None of that is hard to hack individually or is necessarily a "security service". Wiping the SIN from the body that issued it? That would be more difficult, but it wouldn't necessarily require hacking. It could be done by someone corrupt on the inside. "Someone corrupt on the inside", now there's a stretch for Shadowrun.

So compared to adding 0's to your cred? The stuff above should be easier for the right people.

A criminal SIN on the other hand? Depending on how many agencies it's been disseminated through (which is probably a lot with law enforcement data sharing), -that- could be a challenge.

Mesh

To get around the duplicate problem, just make sure you different SINs are from different authorities preferaply ones that don't get along.
There are hunreds of countries, hunreds of corps and dozens of free cities that you can have a SIN from that it shouldn't be to hard to not have duplicates in the same system.
And really i think that many completdly legit people actually have multiple SIN:s, one from birtcountry,one from employer and maybe ones from the country you moved into or from former employer.

When speaking about Matrix 2.0 and unlimited resources you really should read about Big O notation. Finding duplicates becomes fast quite hard even if we assume that it just takes one processor cycle per comparison. For an example finding duplicate ASCII code in database takes from O(1) to O(n^2) r it could just be O(log n), but you need to remember to thats just finding if one ASCII string has duplicate. cross checking 10Mil SIN codes to find duplicates between different databases and checking that all data is same in all instances takes time.

so when its just a on the street check, especially in a high rating area, the beat cops are probably told to keep it short unless they can bring the person in on something (once they are in holding, things can take all the time they like unless a hotshot lawyer shows up).

makes a bit of sense, if one consider a general scan something similar to a matrix wide search under the data search rules.

There are different implications about SIN depending on the questions asked.

Do you have a SIN?
Is this a real SIN?
Does this SIN really belong to to the person in front of me?
Who is the person this SIN belongs to?
Is there a SIN this biometric data belongs to?

There are different steps and requirements to answer each of these questions.

The most common in game one, the "walking around" question is the first. No dice rolls required.

Because the BBB and Unwired are vague, I handle sins abstractly most of the time. Basically I use the fake SIN's rating as a threshold. That and becuase most sin verification is automatic, i.e. not done by a person, the rating of the verifier is the only dice rolled.

This means that most stores (with rating 1 verifiers) are not going to catch a rating 1 fake sin.
An store with a rating 2 verifier will only catch rarely.
An upscale neighborhood with a rating 3 verifier will catch it most of the time.
A bank doing a background check for loan with a rating 6 verifier will catch it almost all of the time.

Well. Mostly not (33%), rarely (66%), and most of the time (100%)? Just quibbling, but I'd be worried about being caught even 33% of the time.

How many people use a Rating 1 fake?

No one, but that was his example, not mine.

I forgot to add it has to exceed the threshold-but you get the point..

Well that would mean a Rating 6 may as well be a real SIN. That's the point of a R6, I realize, but it's still a fake.

I do kinda like the idea of an auto-check to a degree, a quick and dirty, if your fake rating is higher than the scanner rating, you don't even need to roll, it fools the scanner for cursory purposes. But for story purposes, of if for some reason you've been caught doing something sneaky, an active check is required.

So do I, and I tried to posit a rating of SIN earlier in the thread with the ideae that a crappy scanner could nail a fake, but each rating of scanner only cross-checks so much so a rating 1 probably isn't going to nail a 3 or above, but a 6 has a shot at nailing anything. Data balkanization puts a 'timer' on the scanning test, so if it can't find anything after X seconds then it assumes then it's legit.

A fake SIN always passes the "Do you have a SIN?" question.

Yeah the only time I think being sneaky applies is when entering a secured facility where security personnel would check your ID. In which case the security personnel would add their skill with datasearch to the test. So in essense it becomes a Data Search + Rating of Verifier used.

Further clarification here:

Glitch or critical glitch:The verfier confirms your ID, and permanently allows you to pass it's inspection until it's next software update (which may be months or weeks away).
Less than threshold:Got away with it.

Equal to the threshold: Some questionable stuff/inconsistencies. For those not being monitored by personnel this is a pass as the system does not flag it as fake just inconsistent. A person would then ask some questions, requiring a con roll to get past.

1 net success or more: Fake sin is detected and security or attendendant is notified.

Take riding the bus or stuffer shack as an example. They know that a good perscentage of the customers are poor and sinless. Therefore many have low level fake sins (1's or 2's), so it does not make sense to question a significant number of commercial transactions that use those fake SINs. Hence why many systems are just automated.


For a secure area example, such as entering an airport and going through customs: A rating 4 scanner might be used along with the Security guard's data search of 3. Your fake SIN of 1 or 2 is more than likely hosed. The fake sin of 3 is iffy, a 4 you're probably good, 5 should be good, and a 6 is unlikely to be caught.

Thought exercise.

A PC is SINless and has not bought a fake SIN.
A PC is SINLess and has bought a fake SIN.

Which one can have a public PAN while shopping in downtown Seattle?

Bachelor #2.
Bachelor #1 will probably get harrassed by Security and asked to 'go back to the barrens'.

Either. You just steal the SIN that someone else is broadcasting. When you require people to wear a sign with their SSN and sign every document with their SSN don't be surprised if identity theft becomes a bit of a problem.

In order to do that
1) you need to hack a commlink
2) you need to make a computer+decrypt test threshhold 10 interval combat round
3) You need to copy said information to your commlink
4) you need to reencrypt the data

What you have is then effectively a rating 1 SiN.

A SIN is not just a number. It's an identification system. Broadcasting someone else's SIN will not pass any checks, because it does not match up with your biometric data (or at the very least, your face).

A rating 1+ fake SIN has biometric identification data that associates you to the number via an Identity Service / Databank / Government Identity Service.

So if you tried the above steps, it would more likely be the equivalent of throwing a waving, red flag ARO above you as you walk down the street announcing, "SIN does not match identity on file."

Mesh

You could manually edit the biometrics information stored on your commlink so it matches your basics.

It wouldn't hold up passed even the simplest scanner, but certainly for getting ARO marketing, it should work fine.

Sure, and I assume you are in that example. The point I was trying to make though is to have a Rating of any score on a fake SIN, the verification has to come from a verification source not your commlink.

Mesh

To hack someone's 'link, steal the SIN info and hack the biometrics, in essence creating a rating 1, takes an absurdly high number of successes. You'd have more luck intercepting the request and spoofing it IMO.

However, to match the biometrics on your 'link with the SIN you stole would answer the 'Do you have a SIN?' question. If there is a sin there and the biometrics link, then there's no reason to run a cross check - especially if there are 140,000 other people there at the same time doing the same things you are.

Except the hacking part.

While it will not pass any worthwhile verification test against a third party system that includes the additional information, it will in fact pass the very simple test question, "Is that a SIN?"

It wouldn't pass the "Is that the SIN of the person displaying it?" if there is a deeper verification process.

In functional ways the SIN isn't much different then the way a driver's license is used today. "Do you have a license?" is answered by waving a piece of plastic with a picture on it and a state seal(in the US). "Is this your license?" is answered by someone eyeballing the picture and the height and weight info and comparing to the person in front of them. "Is this really the person on the license?" is answered by seeking additional information, other ID, credit cards, utility bills with your name and address, your mothers sworn statement admitting your her child etc etc.

Need to broadcast an Open PAN and SIN? Go ahead and do so, as long as you got that thing that looks like a SIN to a surface glance your good. As a PC walking around in the game you're set, I'm not going to make SIN verification check dice rolls while you go have dinner with the Johnson at the downtown restaurant.

The assumption that a SIN Verification check is required each and everytime a SIN is viewed is one that breaks the game. So don't make that assumption. It's not necessary, nor is it modeled on how these systems work today, nor how they are likely to in the future.

This discussion just got skewed. What makes a SIN a SIN?

Spoofing the SIN from someone else's commlink is just as effective as making up your own. Because: You do not verify your own SIN.

Someone validating your SIN checks to see if someone else in the world will tell them the SIN is genuine and your picture matches the one on file. They don't care if you or your commlink says it's real.

So if you want a fake SIN that has a rating of 1+, it has to come from hacking a verification source or having someone on the inside insert the data. The better verifiers / validators / checkers will check a variety of databanks and services. A store might check only the least secure, cheapest (free?), verification sources available, while a cop has access to security databanks. Even a store's cursory check against someone in the above example who spoofs a SIN from someone else's commlink will see you're spoofing, because the photo on their verification source doesn't match your face.

Trying to spoof your SIN is today's equivalent of a 16 year old trying to buy beer with his mom's driver's ID. Will it work? Human error, sympathy... who knows... but probably not. Another good example would be a cop pulls you over and asks for your driver's ID. You tell him, "My name is Mesh Jones, officer. The picture on my ID is the one you're looking at. Everything's fine."

You gotta hack the verification source to create a Rating X fake SIN.

Mesh

Oh? By your logic than a teenager with a minimal fake ID wouldn't be able to buy beer.

You and I clearly know that's not the case. If I steal Joe McPatsy's license - SIN number - and tweak the biometrics - or physical statistics - to match my own, a policeman's query of 'do you have a SIN?' is met. I am Joe McPatsy, for all intents and purposes. A rating 1 SIN is a fake ID. It has my picture, my stats, but not my birthdate, name or state of birth, quite likely. Do I have it? Yes. It's there. If the cop doesn't trust it, he'll run it. If I look trustworthy, then chances are he's going to focus on someone else who doesn't.

If he's pulled me over because I'm speeding, he's likely to verify. However, he has no cause to verify my identification if I am simply trying to shop in a mall. He has no cause to pull me aside and run my ID because I'm doing nothing visibly wrong. I am there with thousands of other people - he has to look for people acting erratically, like the emo kids in the arcade, the little terrors with their uncaring parents trying to destroy the Gymboree, and the twitchy guy in the trenchcoat flashing it open at random passers-by.

This seems to be the source of contention. Do they need to verify the SIN? Just because it is there does not mean it automatically needs to be verified.

Your mistake is to equate the "fake ID" of today with the commlink you're carrying. Editing, creating a fake driver's license is the equivalent of hacking the identity/verification source in the above example NOT of editing your own commlink. Your commlink is not the verification source. It's the broadcast source so if you want to put it into today's example: It's your mouth saying you're so-and-so.

Mesh

Actually it more like you printing out your own ID badge and then going with it hanging from you neck to a place that requiers ID badges, unless there's a reason for it nobody will sheck closer once they see that "yes you infact do have an ID badge".
There's no kind of verification going on when they sheck your SIN while you walk in the street, the fact that you broadcsting a valid looking SIN is enought for the security guys unlesss you do somethink that causes them to take a loser look.

It's more, and you know it's more. Not only does it contain the basics of your SIN, it contains your account information and social profiles,among other things. If your commlink says, "My SIN is <x>," what possible reason does a LEO have to pursue it further if you are doing nothing wrong?

I'm fully cognizant that the commlink is not the verification source. My point is that it wouldn't matter. You and I both know that a Rating 1 SIN will not hold up to verification requests from anything above local bus fare - the point is that they haven't hacked the verification source which is why it's so crappy. A Rating 6 has covered nearly all the bases - it's the equivalent of a stolen SSN off a dead guy with purchasing history, false school documents inserted into the school's system, a passport issued by the Justice Department and the driver's license to reflect it.

A Rating 1, again, answers the question 'Do you have a SIN?' It will not answer the question 'Is it yours?' A LEO isn't going to ask the second question unless he has due cause to. There's been nothing in the sourcebooks that says due process of law has been suspended with corporate extraterritoriality. A citizen of the UCAS has the right to be left the hell alone by law enforcement unless he's done something wrong. They aren't going to accost him when he's trying to get to Starbuck's Fresh Roasted Cylons.

Let's break it down, because the license verification system of today is different from how SINs work:

Cop pulls you over or you try to make a purchase with a credit card.

Today:
Cop/Store asks for identification (license) -> you provide your license (it IS the verification source) -> cop/store looks at it and your face. Done.

SIN of tomorrow:
KE drone/Store queries your commlink for identification (SIN) -> comm provides SIN -> SIN is checked against verification source (which has a pic and biometric data). Done.

The problem with thinking you can broadcast someone else's SIN is that it is not the equivalent of a fake ID. It's always checked against a verifier. Rating X fake SINs always have database entries hacked or inserted so that when a check is made, it hopefully finds your fake data and sends back a positive response.

Mesh

Not entirely accurate. If you get pulled over, chances are they're going to run your ID through IFES, or however the hell you spell the acronym.

Hacking the commlink is a bad example, I admit. Thankfully it wasn't mine.

SCMODS!

Yeah, I know, but I didn't want to get into additional license verification that cops today might use. I mainly wanted to show that in 2073, it all gets sent to a verifier even for the most casual "glance".

Mesh

All right then. Let's define a Rating 1 SIN. It suggests that the biometrics server is local and holey since it's the first place everyone goes to insert infoz, yes? An aging computer somewhere in the HR department of every local corporate office?

Hacking your commlink and editing the SiN data on it seems like a perfectly valid thing to do.