This is a discussion about workable interpretations of SIN rules. In the previous thread, we discussed several things:

STOLEN SIN:
Base Depreciation: None
Base Expiration: 24 hours (Every additional 24 hours increases base cost by 25%)
Base Cost: R1-3 = 100¥/rating; R4-6 = 250¥/rating

FAKE SIN
Base Depreciation: Any Fake SIN above R3 to which a lifestyle is not attached or 10% maintenance in not paid, depreciates 1 rating point/month.

Please do NOT attempt to dictate to us that your interpretation is somehow fact or that you have omnipotence as to the mind or thoughts of the developers. I appreciate a discussion, not being dictated to.

So the check of a fake SIN is taking the rating of the device checking the SIN x2 with a threshold of the SIN rating. Hits less than the rating = no issues. Hits equal to the rating = something odd. Hits greater than the rating = fake SIN detected. So a device R1 will always be fooled by SIN R3+ and a device R2 will always be fooled by a fake SIN R5+.

My challenge is always multifaceted:
- I don't want the game to be overly burdened with bookkeeping.
- I don't want an interpretation of the rules that becomes too complicated to navigate in normal game play or that causes the table to digress into rules debates.
- I do want an interpretation that gives a person that gritty feel of living in a society where the higher the rating of the neighborhood, the more big brother comes into play... but runners can still run.

Areas that I'm interested in how people play (note, I'm not asking how you would play, but how you do play.) some of the following:
- Do you perform random SIN checks frequently in high rating neighborhoods?
- SINless moving from Z to E to C to A zones. Do you enforce players having/checking SINs? Do you wall off Z zones or are the barriers one of the mind?
- In campaigns, how rigid are you in characters managing their SINs? Do you burn their SINs semi-frequently? Do you manipulate the cost of fake SINs vs the book? Do you instead treat SINs mostly as background fluff for runners?

'R1 Do you have a SIN?'

That grinds my gears to no end!
A Rating 1 system according to that description only checks whether a SIN is there,
there should be no checking the databases for details.
But still it has a 1/9 chance of recognizing a rating 1 fake SIN as false,
and a 4/9 chance of finding something fishy about the SIN, and probably alerting authorities.
Also it has a 1/9 chance of recognizing something fishy about a rating 2 fake SIN.

When I play, and my players have a fake SIN, I do not hassle them about everyday stuff.
If one were to play a SINless that would be a little different.
Making a SIN check every time the character enters the street is just ridiculous,
as it would mean that low rating fake SINs are useless, basically.
Walking down the street with a rating 1 fake SIN means 5/9 chance of getting into trouble,
every time a drone checks your SIN, which might be never, or twice in a hundred metres.
And that is going under the assumption that all the checks have a rating of 1.

The characters manage their everyday SINs with a minimum of effort,
since those are not what the game is about.
If they are to infiltrate a Corp Arcology however, they need the SINs of Arcology inhabitants,
to not seem out of place, so there they need to invest a lot of resources into getting the SINs,
and they probably need to drop them right after.

And why should they invest more care into the SINs?
The rules are too simplistic for that anyway.

Agreed. If you have a fake SIN that has ever passed any other check AND the text truly represents the check, then yes. Role-playing over roll-playing.

In that spirit and by extension, I would presume that to role-play SINs (and again as opposed to roll-playing them) that if a character wanders around a AA or AAA neighborhood with a SIN of less than R4, they should expect to be found out with a fake just from the sheer number of cursory checks by random security.

I dislike the text on R3 SIN "obviously fake". I would have preferred it was written something more akin to "supporting data, no biometrics, conflicts in external data". That gives a GM wiggle room when we role-play with the description.
======================
The next thing that bugs me is the price increase from SR4 to SR5 on SINs. 2,500¥ for an electronic identity that is nothing more that a valid data code. Assuming that the two primary mechanics for creating good, unique data values [salt & check digits] still hold true, once that is in the wild (well known), its in the wild. The seems to make a R1 SIN worth far less than 2,500¥.

Step up to a R2. The forger then adds basic (but no supporting) data to the electronic identity file and he/she charges you 5,000¥. Again, this does seem excessive.

R3 & 7,500¥ - The forger now has created a fake digital identity that appears to match the buyer and has started seeding supporting data on the matrix. Assuming we've already discontinued use of the "obviously" from the description, that still a pretty expensive hack for what we've been given. At this point, the team decker should consider a side job in creating fake SINs as it appears pretty lucrative, even it the fixer takes 30% commission on sales.

R4 & 10,000¥ - Same as R3.

R5 & 12,500¥ - Now the forger is starter to earn their money,

R6 & 15,000¥ - "complete and entirely believable history" I would say this SIN is now worth the money and then some. An availability of 18 is reasonable, given the amount of custom work to be done here.

One check per SIN for a Standard Situation makes a lot of sense.
That way the tension of being found out only comes into play each time you use a new SIN for the first time in public.

'Drek! My SIN was hot man! That chiphead set me up with the SIN of a child who had died two days ago. It was all over the trid!'

________________________________________________________________________________



I like your description of an R3 SIN more as well.

Most of the SIN rules should be role-played in my opinion.
If you have a Rating 6 SIN in an AAA environment (research lab or similar),
it will not do you any good, since being a legal citizen does not give you permission to set foot in a MCT Arcology,
or their research department, or their secret lab 3 floors down.
Your rating 6 joeshmoe-SIN will not do you any better here than no SIN at all,
the alarms WILL go off, because you are registered as an intruder.

I mentioned this in the other thread as well.
Connecting certain privileges and authorizations to the SIN should be a system a bit more complex than the license system currently in place.
(Which basically just adds SINs onto your SINs)

This forces the players to do proper legwork for specific jobs.
SINs are extremely specific gear in that respect.

Faces could, in my opinion, use their skills to seem less suspicious, thus warranting less SIN checks from other persons.
A fast-talk roll and the Star Cop will probably believe your little story.


_____________________________________________________


Perhaps the price on SINs should start relatively low, for the worst ones, but go up exponentially after that.
After all, as we established in the other thread, the SIN data is on a server protected by the corporate court, into which hacking is almost impossible.

By this logic though, I do not understand what the difference between a rating 6 fake SIN, and a real one is.
If it is perfect, it includes pictures of you, as well as your DNA...
That discussion is ongoing though, and since it is only fluff description, it does not matter that much.

Also, balancing the availability is key, in my opinion, to make the rules work with the fluff.
Low level SINs should be relatively easy to get, since you basically only need to copy one, to have one,
or copy one from a dead person, in theory at least.
High level SINs should be extremely hard to get, as you pointed out,
since they are so much attuned to you as a person, that it would take a long time to find one.
No one will just be having one 'laying around', which just happens to match your size, built, race, gender, ethnicity, looks and so forth.

Also, I would expect high level SIN dealers to be well connected within the lower rungs of the Corporate Court structure,
since they need to somehow insert the forged data into the system there.
________________________________________________________________________________


Also, since it was only mentioned in the other thread,
Sendaz idea of the SIN shelf life makes loads of sense.
After the SIN has been in the system for a while, the SIN data gets passively cross-referenced over time,
and the longer this goes on, the more contradictions passively occur to the system,
until a breaking-point, where the system then recognizes it as a forgery.

Agreed. I do like the thought that a SIN less than R4 simply entering into a AA or AAA zone should expect trouble simple from the passive checks.
Thanks!
Agreed. My examples of the AA/AAA neighborhoods is just that: the neighborhoods.
I would imagine passive checks by multitudes of security drones (and perhaps even store fronts) that would cause a runner to expect to have their cover blown if it wasn't up to snuff

But I think the license mechanic provides a simple mechanic that doesn't bog the game down in bookkeeping. I am interested to hear more details on your thoughts here.

Only the Central Registry

And I feel that registration in the Central Registry is probably about the only difference in a real SIN and a Fake SIN. In the opening post I talked about stolen SINs, as we had discussed in the other thread. Fake SINs and real SINs are well established in the game. The one missing variant is the selling of real SINs by corrupt officials and clerks in the SIN registry office. I understand that unfettered access to this could be unbalancing, but still something that bears, at least basic, talking about.

That is kinda the idea I have with degrading SINs, but really the opposite. My idea was degrading due to not being used enough. Thinking about this, I could see the following narrative:

SINs are checked and cross-referenced all the time by various systems, all day long, but only rarely against the central registry. What happens when a long term, fake SIN is finally checked against the central registry? It is determined to be a fake and that is communicated back out across the grid to the various systems. This also presents a new way to screw with the opposition...
"Sir, you are under arrest. Your SIN is a fake."
"What?! I am a natural born citizen of ________. This is an outrage! I'll sue!!"
"You have the right to remain silent. Please use it."
Like a vicitim of identity theft today, now you are months clearing the records that show your SIN as fake. Thousands in legal bills. etc. Maybe it breaks you and you do become SINless.

Well I expressed myself poorly here, as I do not think making a rule for the specifics of the authorizations of a SIN makes sense, as in the way they are used.
This could be done with half a paragraph of regulating fluff text, since the concept behind someone with a high-ranking Evo-SIN not getting into an MCT research lab is clear.
It could totally suffice to just have that information as a GM.
That kind of spelled out fluff text does not really exist though, yet...

The rules I am really thinking of is a list of example authorizations and privileges, which could be attached to a SIN
(Evo wageslave from arcology XYZ; city sewer maintenance worker; Lone Star secretary; etc., basically anything that reflects you having the right to be somewhere and do something),
and how each of these influences the availability rating, and the price of the SIN.

Licenses might still have their place,
but they are basically something you attach to a SIN after you got it, so something you do 'as a citizen'.
You spent a lot of Nuyen and time on getting the right SIN for the job, but it does not have Licenses for your gear?
Well, you gotta spend some more dough, and your SIN might get checked.



Ok. I am not up to date on the other thread, it got a little too convoluted there to keep track when you are not involved.

However, I do not think that making identity theft of high-ranking persons easy, or just regular hard even, is a good thing.
These guys are well connected, they are IN the corporate court.
If it was easy to just steal their identity, they would be doing it to each other all the time.



Great, makes sense.
_________________

Also, on the 'One Check per SIN'-rule. You could just get lucky and the drones of a closed neighborhood with neighborhood watch and everything accept your SIN.
Just think of the possibilities...
This may be highly unlikely, but if you got lucky on the one check, it basically means that the SIN you have is better than expected,
or at least good enough to fool this neighborhood, while it may not fool the next.
This is a situation where laying low, and not arousing suspicion is extremely important,
since you do not want to risk a thorough check by the Star for example.

The SIN and scanner Ratings indeed do not match, so I would suggest changing the verification table a bit. Also, it seems weird that only an R6 SIN has a valid fingerprint, so let's tune the SINs a bit, too:

First of all, what is a SIN?
It's an alphanumeric string which serves as a key for your data at the global SIN registry (GSR). But just like ID numbers of today the number is not completely random, but also encodes the bearer's date and place of birth, issuing authority, date when issued, as well as sex and metatype. Sex reassignment or goblinization are supposed to not invalidate a SIN (since the plan was for a lifelong ID), but in reality such inconsistencies provide a welcome excuse to bounce off filthy trogs. While jurisdictions allow re-issuing a SIN to match physical changes, the administrative fees charged are considerable, trapping people who cannot get a job for having the "wrong" SIN in a vicious cycle. [I felt the need for adding a bit of wanton dystopia ]

How does a SIN get verified?
Basic verification is done with the number itself. Since the data encoded there is rather general, the bearer's biometrics may additionally be checked with the Global SIN Registry (GSR). In that case, the verification device sends the SIN plus the bearer's biometrics to the GSR, the GSR compares the biometrics to the ones stored for that SIN, and reports back whether they match. The important part here is that this is the only kind of query the GSR allows, it will not perform reverse lookups ("which SIN matches these biometrics") and will never transmit the stored data -- officially to protect privacy and curb abuse, more realistically because the powers which run the GSR know that such queries would quickly uncover tons of their own dirty laundry.
Apart from biometrics, the GSR also stores all past verifications of a particular SIN to form a profile of the bearer's life. Higher-rated scans will asks the registry to perform an internal evaluation of this profile for inconsistencies -- but again, the GSR keeps the profile data to itself under all circumstances and only reports back a thumbs up or down.

FAKE SIN DETAILS

• R1 Random anybody, age, nationality, and sex may not match; no supporting data
• R2 Rough match; sex matches, age and nationality “pretty close,” no supporting data
• R3 Good match; sex, age, and nationality match; the number exists in the GSR
• R4 Encoded data matches; standard biometrics (photo, size, fingerprint) in the GSR
• R5 Encoded data matches; standard biometrics; GSR also has logs of previous verifications without glaring errors (booze purchase two days after birth and on the other side of the globe)
• R6 Alternate life. All statistics match; full suite biometrics including DNA; complete and entirely believable history

• R1 CRC check, does the number fit the official SIN algorithm?
• R2 Properties encoded in the SIN are checked against the person presenting that SIN
• R3 A simple query to the GSR whether they know this number (and it's not tagged as deceased)
• R4 Simple biometrics check with the GSR
• R5 Consistency check of profile data
• R6 All possible verification; multiple biometric samples must match; profile data extensively verified and possibly cross-checked against external databases

Finally, change the test for verifying a SIN to Device Rating x 2 [Device Rating] (SIN Rating).

The result is that a SIN of a given rating has all the information a scanner of the same rating can possibly look for, which is reflected by the fact that a scanner cannot directly crack a SIN of the same rating and at most find something which may be odd. If the SIN is better than the scanner, you don't need to bother with rolling at all, it will just work. However, if you are trying to get past the scanner with a SIN which does not have all the stuff that scanner can look for, you are pushing your luck and need to roll.

PS: As far as prices go, what RJ said. On the top end it sounds like a good deal, on the bottom end 5k for a few numbers are a joke

I like that principle.
The less rolling, the faster it goes,
now we just need in-game jargon for a few different fake SIN ratings, as you did with R6.

I'm think I'm disconnected from you here. A "real" person gets a SIN at birth, so none of that other stuff comes until later. A fake SIN architecture, to me, then needs to mirror that technology/process to be a good fake.
The licenses, to me, represent not just licenses could be all sorts of add-ons, certifications, etc, in addition to licensing: Business license, employment credentials, firearms license & registration, club membership. Each one of those things takes time to craft, and are crafted at different quality. That is what the license mechanic is to me and why it makes sense to be separate.

I quit the other thread so this was from earlier on. I don't come here to argue and there are a few posters damn close to a warning for trolling or baiting. It seems disingenuous to me to be involved in the argument and then suspend people from the board so I withdrew.

I would say, "They are registered with the Corporate Court", but I understand your point.
And that is the point of a very short usable lifespan for a stolen SIN. In conversations with my table (players/GMs at my table), we like the realistic nature of a short term identity theft, with the understanding the jig could be up any time so use it quick and get out.

Oh... I had not even considered the limit. That also gives way to customized or high quality gear that could get say a +1 limit, without say allowing a R3 device to blow out a R6 SIN on a lucky roll. I like that a lot.

If then number exists in the GSR, it really isn't a fake SIN at that point, is it?

What I meant is that a License just does not cut it in most cases, if you want to infiltrate a research facility for example.

If you have an R6 SIN, which marks you as someone who is not from the same Corp, you will be treated as an intruder.
What would a License change here? Or even a couple of Licenses.
'Great, you have a diploma in theoretical physics, and you are legally allowed to carry a Tuger Superhawk, I don't care, you do not work here, fuck off!'
The background, which is anchored in your SIN, that you need to not seem incredibly suspicious in that environment,
is too extensive for Licenses to cover.

Maybe my idea of authorizations and privileges can not be limited to the SINs, if I really stop and think about it,
but it is something distinct from Licenses still.
Let us call it a background in this case, which a Decker links to your SIN, and inserts into the database of the Arcology you want to infiltrate.
This technically has nothing directly to do with your SIN as such, that's what I meant that it is to a degree seperate to the SIN, but it is still connected.

Having this kind of background could require a certain minimum SIN level,
though I think having a low SIN rating is already difficult enough to handle in that situation, so that kind of rule would be redundant.
______________________________________________________

I conclude to 3 SIN values, of which the Shelf Life one is optional, since it could just be tied to the rating.

1. Rating, which entails all we have talked about:
Extensiveness of the data associated with the SIN -> Difficulty of coming through SIN checks, etc.

Now my new one:
2. Background, which determines the environment you can move in without arousing suspicion.
If you just bought a regular Rating 6 SIN with Background 0 for example,
you could walk down the street any day. You can enter protected neighborhoods no problem, shopping malls, shops, restaurants, museums, etc.
The moment however you enter a crime-scene, or a corporate facility with restricted access, you are boned.

If you possess the required 'security clearance' though, you could pass no problem.

Some Licenses could be included in this Background score,
but the ability to enter a restricted research lab is something a License has nothing to do with.

It could though, hospitals must be submitting applications for SIN with every birth and from there they just assume the child's life will add onto the files and other agencies must be able to do something similar.
So our SIN faker guy is inserting a submission to the database, maybe even backdating things. Illegitimate children of a corp exec who get adopted into the family or some such, thus explaining why they got added at an older age and not at birth.

So if the R3 gets ran, it comes up with all the starting data (birth date which it automatically extrapolates into age so the bouncer at the door of the club doesn't have to do math ) , sex, metatype and nationality.
The rest is just a blank slate which would flag attention if they were looking at it, but the R3 check is just verifying the original info is good.

You need an R4 device checking to notice that there is no adult prints/photos/stats like weight and size.



I like the addition of the limit to the Device Test, right there you have eliminated a lot of the random/illogical burning of your SIN by a fluke on a low end device.

Finally runners can eat at StufferShack with peace of mind, if not belly, knowing they won't burn their high class SIN over a Nuke'em Dog.

Edit:As for the 2.5K- 5K pricetag on the low end, it does seem steep so it should come down quite a bit, especially since they are not really adding anything to the system until R3.
R1-R2 is the electronic equivalent of making a fake ID to convince the goon at the nightclub door you are old enough to get in but would mean you are screwed if you get pulled over by the cops for a DUI.
That said R6 maybe should be a bit spendier as 15K for basically a new life is pretty cheap, assuming we are using Sengir SIN Solution (or SIN Optional Rule 3S) for scanning means it definitely is much more likely to stand up to scrutiny.

Although a good forger could be making more money changing ownerships on all the cars the Sedanrunners™ are boosting.
Just teasing, please don't shoot me.

Nice work Sengir, I like it a lot.
Do you have a pricing scheme in mind for all that?

The data was still inserted illegitimately, and in case of the cheaper ones that insertion is even pretty obvious

But thanks for the roses

But I think the point he is making, is that if the data in the database is on par with a real SIN,
which a Rating 6 SIN almost is, it really is not possible to find a distinction.
It really is not though even in our new little RAW we have within this thread.

A Rating 6 Check can still find some minor detail in the SIN, which does not add up.
Like when in Highlander handwriting is the same over a couple of hundred years.
__________________________________________________________________

Sendaz, your idea about inserting fake birthing notices from a hospital is ingenious.

Got me thinking of some archetypes for the SIN ratings.

R1: 'Ok ok, I get it chummer, you want a SIN, but you do not want to pay for one. I get it. Here you go man, but don't you go anywhere they are gonna scan your age or some other drek, this is literally just a number.'
R2: 'Yo, I am done with that SIN you ordered. How old were you again? I hope in your thirties, anyway, you were born in New York, i'll send you the details. I hacked into a morgue in Bellebue and prevented them from flagging this gals SIN as deceased. Have fun chummer.'
R3: 'You want a SIN? Well you can thank whatever god you pray to man, because I started slipping in false birth notices into the system 36 years ago. Damn crash cost me a fortune! Let me look up your details."
__________________________________________________________________

My Background value could be seen in a parallel way to connection ratings, going up to 12.

For example:
You want to be known by the system as a Taxi Driver? Background 1. You want to be known by the system as a cop? Background 3.
Specialized Corporate Scientist with access to restricted levels of the Arcology: Background 5

Sengir, love it!


One way you might think about it:
If you take a SIN and apply a one-way function, the function will spit out a biographical data string consisting of a birth date + place of birth + whatever. This function is computationally cheap if you're going from a SIN and trying to get the bio string, but, it's computationally expensive to try to start from a string and get a valid SIN. (SIN issuing authorities have specially constructed hardware/software systems to make this reasonably easy for them.)

Now, coming up with a valid SIN is easier the fewer constraints you place on the bio string. So, "I need something that will hash to some numbers that might be a date, then some numbers that represent a latitude/longitude." is a lot easier to pull off than, "I need a SIN that will hash to a date where the year is 2048, and a latitude/longitude in the UCAS".

So, even cheap SINs are kinda pricey, and, you get what you pay for.

Though, under your system, high rating fake SINs might be underpriced. A Rating 6 fake SIN takes a lot of the sting out of being SINless. So, pricing will probably still need to be reworked.

Very cool idea. The only problem I see is that encryption in SR is fundamentally broken, which would (AFAIK) drag hash functions down with it. On the other hand, you could argue that the same way breaking encryption is handwaved, you can also handwave the continued existence of hash functions...



Per SR5 RAW, the chance of an R6 scanner cracking a SIN of equal rating is 6.6%, so doing away with that possibility wouldn't really be a big change. And my view of the SR world is that somebody who has 15,000 ¥ to spare should have a relatively peaceful life -- it's about haves vs. have-nots, if you are among the former life is (relatively) good.

An alternate costing could be 500 x Rating(squared) to spread out the cost a bit.

R1 is 500
R2 is 2000
R3 is 4500
R4 is 8000
R5 is 12500
R6 is 18000

That isn't horrible.

Great conversation! This is what I had hoped for in the other thread.

A. Here are the things I am personally sold on:
1. R3 SIN description "obviously fake" becomes "supporting data, no biometrics, conflicts in external data"
2. Test for verifying a SIN: Device Rating x 2 [Device Rating] (SIN Rating). Positive qualities on test gear or user could provide a +1 limit.
3.

B. Here are the things I am interested in, but not yet sold on:
I still think the license mechanic solves this with more flexibility, but appreciate the continued dialog.

I'm still working through this in my brain, but I think I like the following for base facts (in my game) for SINs:
1. A fake SIN is one that does not exist in the Global SIN Registry (GSR). A real SIN does.
2. The term SIN means multiple things:
- A. First and foremost, SIN is an attribute, the huge string value that is used to link all manner of data to a specific person. Like a perfectly unique name.
- B. Secondly, the term SIN is used to reference the data file loaded on a comlink (only one SIN can be loaded at a time) that contains the SIN attribute as well as a bunch of additional data like sex, race, birthdate, issuing authority, biometrics, etc.
3. A SIN are rarely actually checked against the GSR. Checking a fake SIN would automatically determine that to be a fake. This might be because the Corporate Court charges a fee for each check. Cheaper methods of checking therefor represent the various SIN verification details of devices. Supporting data represent other data sources like: Tax payments, various purchase tracking data bases, etc.

Still thinking this through, but it is a good start for conversation, given some of the previous thoughts.

But then how does an R6 check pass?

As the top of the detection range (by definition all possible verification remember) it probably is only used in certain circumstances, but it would be the most likely to actually consult the GSR then as part of its exhaustive checking to ensure you are who you say you are wouldn't it?

I prefer to play it this way.

SINs are constantly checked in the back ground (GM random tests when he sees fit)

The GSR IS ALWAYS connected and the database interrogated,

And fake SINs were real SINs at some point, or have been duplicated etc.
Unless the forger hacked the GSR, ... ULTRAVIOLET 12 system?? I think not.

The rating of a fake / stolen determines the probability that this check is made against good or correct data.
I.e. The traffic scanner at the barrens border was put in place 10 years ago, and hasnt been upgraded since.
It only has the capacity to quickly check against three database fields before the subject vanishes.

The full body scanner at SEA TAC. However, is brand new top of the line, but even so, a rating 1 fake SIN still has a (very very very low) chance that it checks the information that might actually pass muster.

So rating 1 SIN vs rating 1 scanner, is always a pass as this basic device only has the capacity or permission to access cursory information, which is usually present.

And by the same logic a rating 6 scanner "CAN or MAY" access multiple fields like biometrics.
Making the probability of detection exponentially higher.

So even the most rudimentary SIN fake is loaded with data, you just risk whether its the right data.

I think that is the best way to handle it as well.
With this approach one eliminates the strange distinction between numbers that are in the system,
and numbers that are not, but are still recognized by the system as valid.
_____

The biggest problem I see here anyway, is a dubious definition of SIN.
It just is not well enough explained to really work with by RAW in any halfway precise way.

What keeps me from just looking at the SINs of people around me and copying one?
Sure, it might not be a good match, but maybe it might, since I can choose whose SIN i display.
Why should I pay money for that? I can do it myself in a couple of simple actions.
Or is there a yet unmentioned mechanic that keeps me from displaying just any SIN,
or which keeps me from seeing the SINs other people are willingly displaying?



I explained the way in which I think that the Licensing system is too simplistic for the complexity the SIN system requires by fluff,
specifically for the purpose of 'forged papers', in the circumstance of infiltration situations,
which I undermined with hypothetical in-game situations.

Making it any clearer is impossible for me, since you do not mention where our disagreement lies.

As silly as it seems, I simply just didn't think about having all fake SINs use a valid (or once valid) SIN. Rereading this, and thinking about a SIN as meaning in one case a number and in another an identity, this makes sense.

Actually Bertramn, I think that Fake Licenses might cover the added cost if you are attempting to be in the wrong place at the wrong time.



Otherwise, you could vary the Availability a point or two if your players ask after more specific backgrounds for their fake SINs/Licenses.

Here's the way I run it in my games. I'm positive it's not by the book, but it works for me.

1. Any fake SIN will auto-succeed on a casual check. So, when you walk down the mall or across the street, you don't have to worry about random checks. I dislike random encounters, so my preference here is to avoid accidental diversions. I don't want my entire plot derailed just because a scanner got a lucky roll.

2. Related to 1, You only roll on a targeted check. Someone has to stop you and deliberately run your SIN before you have to worry. That said, this can happen frequently, like at checkpoints or secured entrances. If you manage to avoid being targeted, and instead go past an automated system that scans everyone, you pass.

3. Denver Rules are in Effect. Denver is a city loaded with border checkpoints, and I believe it was impossible to go through most of the Missions without passing at least two border crossings. That said, the Denver rule was that if you failed your SIN check, the border guards would detain you for a bit, harass you for an hour or three, then you could bribe then 500 nuyen or so and they'd let you go with a warning. So, if it's a routine check that still requires a targeted scan, even if you fail the penalty is merely a delay and a small bribe.

Again: this is what I've found works best for me. YMMV and all that-- these are my house rules, and definitely not RAW. However, I do think this is a good way to handle SINs, because it reduces the amount of rolling, and eliminates random checks from destroying a fake SIN, and turn a runner going for coffee into #1 Most Wanted.

Missed something, sorry.



I'm pretty liberal about things. For one, I assume any runner with a Middle or better lifestyle is smart enough to rotate fake SINs on a regular basis. I just mention it to them every time they pay Lifestyle, and tell them they can change the names on their fake SINs. The rating stays the same, though. If a SIN is burnt, it's lost, and they have to replace it a book cost. But changing the name-- trading in John Smith, Fake SIN rating 2, for Johann Schmidt (fake SIN rating 2) is just cosmetic. I'll assume they handled it automatically, and they "keep" a rating 2 fake SIN until it's burnt.

Runners with lower Lifestyles don't get this discount. Little harsh, but you have to get some benefit from a higher lifestyle, right?

As I said before, I can see the way Licenses can be used to make the background of the fake SIN you are using more believable, I can, but the kind of fake background I am talking about is one where it requires data-manipulation in the database of the facility you intend to infiltrate,
or databases in general, which are separated from the central SIN registry.

My hypothetical in-game situation -> You want to infiltrate an MCT-Arcology:
For you to not immediately raise suspicion in the Arcology, you need to display a SIN which the internal MCT system can distinguish from a legal civilian who does not work for MCT, or in that Arcology for that matter.
The MCT system has a registry of the people that work inside the Arcology, so it has a list of people that are allowed to be in there.
For this system to recognize you as a legal denizen, your SIN needs to be inserted into the Arcology staff registry.

It is all about forging data, to receive access.

A similar service might get you officially recognized as Knight Errant employees, with all the benefits this entails.
In this case, an entry in the Knight Errant database of the city needs to be made.

While this is a nice opportunity for your hacker to shine, there should be rules and prices for this service.
This might need to be combined with the Licenses in the end as well by the way.

I hope I have made myself a little clearer.

We have always handled such things as part of the legwork phase in our games.
We wanted to insert a Data Specialist into an MCT work environment. So we obtained ID (Fake ID Rating 6, Enhanced), hacked the foreign office to send transfer orders to the Hong Kong office for a Data Security Specialist (complete with historical background information) and then he just showed up for work from the airfield, just transferring in (passing all the required security and physical checks prior to being assigned a work pod. Worked wonders. Granted, the run was a long term insertion and we had built to this point over the course of about 18 months or so, but we needed internal access to the system for the final legwork on the ZZ we were aiming to infiltrate. Worked in the Tower for 2 weeks doing all manner of Security for the Tower Host. While I was thus engaged, I would run some private (and hidden) inquiries (using OTHER people's credentials - you would be amazed what people leave lying around the office), all the while collecting data on the ZZ and its defenses.

It was a fun infiltration. Took a lot to set it up, but it paid off in spades.

That is pretty ingenious, I gotta admit.

My point is though, that more stuff about Identity, and Security ID, as well as Background and such,
needs to be spelled out more clearly than it is.
The other SIN thread did not evolve into a debate of that magnitude, and with trenches dug that firmly,
for no reason. It is because the fluff is not clear, as it is written.

________________

By the way, if we assume that every forged SIN is a SIN which already existed in the system...
There will be SINs that are being used twice at the same time, once by the original owner,
and the other time by you.
What happens when you add a forged License to that SIN then?
Does the original owner just notice it after a while and go like:
'Well... I can not remember getting a diploma in theoretical physics,
or the authorization to use Magic in public for that matter...
I am not even a mage.'

Well, sorta. In my home games, I've seen lots of players figure ways around this.

If you can convince the system you belong there, you won't have a problem. That doesn't mean you need to insert a fake SIN, though. Spoofing one might work, which gives the decker something to do. Another trick is for the Face to convince a guard that your commlink isn't working, and get a temporary badge issued.

For one of my SR5 characters, his M.O. is to track down and mug the janitors. He steals their commlinks, and broadcasts their SIN to get into the building. It won't hold up under a detailed check-- I once stole the ID of a female dwarf, and my character is a human in a cowboy hat-- but it's enough to fool a low-rating system.

But how does "regular" SIN check work, then?

I have rethought things since this was written, but let me explain where I was and I'll explain where I am.

This is still valid and still works. Kinda like where a person refers to their computer case as the hard drive when its all those components, but you know what they mean.
Originally, my thought was (comparing to SR5, pg368):
Verification R1: Just check that it looks like a SIN in number format only. Ergo, 2-A looks legit, but no external checks.
Verification R2: Check to see that the SIN data (ergo 2-B) looks valid, but again no external checks.
Verification R3: Check external known/subscribed external databases for presence of SIN. No serious validity checks.
Verification R4: Check SIN against facial recognition input. (Is the SIN holder an older female troll of Chinese ancestry?) Is there biometric data on the SIN?
Verification R5: R4 + Check that SIN picture and other details match person presenting SIN AND finger prints or retinal.
Verification R6: The person presenting the SIN must match all the details on the SIN file. Also, those details are randomly checked against external databases for data conflicts.

After some thought and conversations about using real, registered SIN numbers for fake SINs and the fact that in the everything connected age of 2075, checks against the GSR should be easy to perform, I think I'll modify my definitions of fake SINs to be:
1. A fake SIN has a number in the GSR not in use by someone else, currently. ergo: It was inserted into the GSR by an authorized person (hospital worker, corporate records clerk, etc) illegally or it belonged to someone now dead, though the death has not have been properly reported. A valid SIN number that is used by a runner, unknown to its current owner is referred to as a stolen SIN.

Verification checks of those fake SINs then are modified to the following:
Verification R1: SIN number in the GSR = TRUE.
R2-R6 from above still hold true.

Now my outstanding question comes to be: What data from a SIN file, besides the SIN number, is or needs to be in the GSR?

I guess that bears a resemblance to today and any online records you hold ?

obvious basic fields like name and DOB.
state of origin, metahumanity, DNA scan, blood type and any health issues noted at doctors appointments.
magical nature and corporate allegiance (if sponsored by a corp for education etc.)

you can always ADD more data for Legal SIN people, I mean, why not .. you have nothing to fear right ?
upload or link credit history and your work history, travel records etc.

the SIN then becomes C.V. a living breathing record of your accomplishments.

OR for the more privacy minded folk, it has the pure basics that you need to pass validation. and nothing else .. in fact you have "people" actively trying to reduce your footprint in case of attack.

_

I guess legal SINs would need to be rated as well ... otherwise you'd have the proletariat able to get into pretty much anywhere ?
and no corp exec wants THAT to happen ..

or is that where licences come in ?
A sec licence
AA sec
AAA sec etc.

keep the masses segregated

As I just looked around for the answers, I noticed several things about SINs in SR5:


I guess there is no question as to what's in the SIN at the GSR.

The SIN itself carries some information, like birthdate, gender, etc. So, you could verify some stuff without checking the registry.

This is how I would envisage it too,

Low level scanners check for the "presence" of data in the base fields

mid level scanners check the presence of more data AND the validity of some of the fields against the GSR

Top level scanners CROSS check the presence and validity of more fields and possibly more databases to make sure the information is correct

Lvl 1 SIN = equivalent of a visual passport check

Lvl 3 SIN = equivalent of a roadside police license/registration check

Lvl 6+ SIN = Interpol database search against CIA/FBI records for a known offender

Agreed. Basically, the higher rating the check, the more details it tries to match. So, for a burrito at Stuffer Shack, it will just try and identify if the SIN is valid and if there's enough money to buy it. If you try to buy a car, expect to give biometrics and a genetic sample.

What keeps me from just looking at the SINs of people around me and copying one?

I would imagine some level of security (this is my opinion not RAW though)

take your Visa card,

YOU see - 1234-4567-7890-0123

the stuffer shack sees ***-****-7890-0123

the police scanner sees ***-4567-7890-0123

Your average joe that pings your comm in AR sees ****-****-****-0123 .. or actually it only sees Munchkin_kitty-Lover-23

Nothing, really. It's the levels of verification that matter.

Let's say you get my bank account number. There's a lot you can do with it, you can read my statements, for one. But what would happen if you tried to withdraw money? You couldn't to it at the ATM, without my card and my PIN. You couldn't at the bank, without supporting ID and/or a signature. So, even though you have this information, you can't do anything with it.

I always assumed a R1 check was basically a PIN. Minimum confirmation, like checking your license when you try and buy alcohol: they only give it a quick look, make sure there's no glaring inconsistencies. So, if you clone the SIN to a lady troll, they'll notice. Higher checks use more verification points, so they're even more likely to catch a quick fake like that.

Cain: Here to offer a counterpoint, Jeremy Clarkson.

Once again, this is the kind of topic where the answer depends a lot on the kind of setting you want.
If you want runners to be outcast with no chance of blending in for long in society, you can't have long-lived fake SINs. You need them to be cheap, expandable and quite easily defeated. SINs will be the social equivalent of maglock pass, and there will be little to no bookkeeping.
If you want runners to be able to fully interact with the SINner world, you need to have fake SINs that can stand a daily usage. In that case, the SINs will be mostly a way to manage the runner's identities and a way to "punish" a runner who made a mistake/didn't stay below the radar.

The first will work wonder in a pink mohawk setting, the second will be better for a black trenchcoat setting.

You can't have one good rule that will fit all. You could have both short and long-lived SINs in the same setting, but then you don't know what you're playing anymore and you'll have one half of the table that will happily pull out the rocket launcher in a AAA neighborhood, instantly destroying the carefully planned and detail secret identiites of the other half, and this won't end well.

Actually, there's many places that do similar things. McDonalds doesn't run PINs for purchases under $25, so if someone stole my card, they could get $24.99 worth of imitation food several times a day.

Still, it generally takes more than just the account number to get you. Usually you need more, like a debit card or some form of verification.

I would think that nothing really stops someone from copying the SIN number, like finding out an SSN. I play it that creating a SIN file (for loading on your comlink) using that SIN number is where the "creating a fake SIN" comes into play.

One possible idea for more secure SINs:

A "SIN" consists of a public/private key pair, used as part of an asymmetric key encryption system. What you broadcast (to whatever extent this is required) is your public key, and a frequently updated simple timestamped geolocation tag that's been encrypted using your private key.

If something is encrypted using your private key, it can be decrypted using your public key. So, it's very easy for someone to verify that you really have both parts.

But, as long as no one gets your private key, they can't believably walk around pretending to be you.

Unless you or your players are CS majors, this is basically just technobabble, but maybe it works as plausible sounding technobabble?

Wouldn't that be closer to using a Stolen SIN since you are using an already active SIN for yourself?

Plus I suspect Bertramm is implying why would you pay 2500+ for what amounts to copying some other guys SIN and using it for yourself however briefly.