Almost. Read on.

A protection technology would be a way to validate a fake SIN vs. a stolen SIN. In the case of a fake SIN, you have the private key and you have circulated your public key. In the case of a stolen SIN, the user's private key has been compromised and you are using it until it is found out, flagged, and the legitimate user gets a new key-pair issued.

On principal I think it sounds good enough for a little hand waving and game on.

By RAW, but that RAW does not make sense. If the biometrics bound to a SIN are shared with law enforcement, runners wouldn't make it far and fake SINs would be impossible.


@Bogert:

Unfortunately not, because encryption in SR is broken and thus the difference between private and public keys is one minute tops.

But what's the real harm if your SIN gets copied? For applications where identity matters, the biometrics of the bearer would be checked and just your number would be useless.

Only if you make the assumption that EVERY piece of scanning equipment rating 1-infinity, actively scans the Biometrics, cross references on the GSR and provokes a valid response.

What we have thus far discussed is that at differing levels the technology is either rudimental in its checking by design or by age.
a rating 1-2 scanner on the barrens border crossing has to contend with 1000's of checks .. so it only checks for the presence of photo, DOB and Security area code
it only flags an alert if the photo does not match facial recognition, the data is missing and obviously fake, or the person bearing it is trying to get into a VIP transit reserved for someone with higher AAA standing.

the level 4 scanner at Corp HQ
scans for retinal check, and much more information that a forger has to complete more data entries and try harder to make it look legitimate.
But still not 100% matching to the holder. (still a chance of failure)

So to repeat,
if you assume that the GSR holds 100% of the information available on a valid SIN
or
a FAKE one has 100% of the data fields present (but not necessarily correct or legal)

Then the rating of the SIN then represents the logical probability that a single database field is VALIDATED by an agent and not the chance it is actually correct.

Then you find that the Fake/stolen SINs become appropriately priced for higher ratings. as the forger goes to extraordinary lengths to improve the validity of the Biometrics and other data.

TL;DR - it's not all about having ALL the data matching your physicality, it's about how much of a risk you want to take that the fields will actually be checked.

I'm not talking about scanners. If the SIN database is freely available for law enforcement, LS can just parse the data and figure out that Mr Joe Goodguy apparently has 20 side identities...oh, and his genetic profile matches the blood left at a recent robbery, how convenient.

You're right it breaks the RAW if you subscribe to the GSR being one central, well defined database that is 100% efficient and always correct, Judge Dredd style.

so the only conclusion I can come to, is that there's some other considerations that have to be true for the system to work in our runners favour :

1) It's possibly not one singular SIN database, I think it has been mentioned that governments each hold their own versions and that data does not "freely" cross borders

2) that the assumption that LoneStar (An outsourced corporate division, remember) has Free and Easy access to this citizen database for the purpose of ... well .. whatever they like, is not one that fits with the setting?
I really really really doubt they can match data that quickly without the usual red tape and blue collar politics that goes on across current Law enforcement and "Other" agencies.

3) that, if a runner (SINless) were to leave blood at the scene that is linked to several Fake/Stolen SINs then he has made a massive error in judgement and is actually quite due a Darwin award.

I prefer to think that the database is built around the SIN (number) as the pivotal record and that holds the Biometric data.
That a fake SIN of any rating holds "some" Biometric data .. but not necessarily YOUR data...
nor complete data (based on a partial print, enough to fool a scanner and pass visual checks, but not sufficient to tie you to a crime scene 100%)

By this account though, I guess the only fake SINs that have YOUR DNA or fingerprint records on them are the most expensive, and you treat them almost as well as if they were real.

Anything else is a burner one that has some dead guys Biometrics and you take the risk that if you are stopped and questioned that the biometric is not validated by the law.

I prefer to believe that while data might cross borders it is considered "suspect/truth unverified" until that individual is encountered at their "national/corporate" borders.

So in other words, we the UCAS will believe that Jose Varga of Aztlan is whom he claims to be until we prove otherwise by some method we/the UCAS trusts. And that this outlook is held by most of the countries/corporations of the 6th World.

Look at the parts RJ quoted: The individual database authorities sell their data, so LS can just shop around. Certainly money well spent from their POV, for runners it would be a nightmare.

Which means it's time to invokes the law of self-sustaining core canon: If something would logically mean that shadowrunners can't exist (and corps would have to stop commiting crimes which make Kane look like a choirboy), it can't be considered canon even though it technically might be.



That would assume a fingerprint reader compares less features than analyzed at a crime scene print. Why would it, considering it gets a high-res image of your perfectly positioned finger?

But this touches upon another important point: Back when the idea of SINs was developed, biometric verification systems were exotic scifi devices promising ultimate safety. Today, they are consumer electronics and have turned out to be less secure than a PIN pad in many regards. Yet the SIN rules still treat fingerprints as the high end of verification possibilities...

I'm not disagreeing with you at all, and would like to get it to a point where the mechanic does not utterly twang our suspenders of disbelief.

For that we need to make a few assumptions that may or may not work with RAW or canon. Otherwise we're going back into circles again.

Cool, I work in sales, and every hour, day, week of my existence I am presented a new database of clients
the majority of my time is spent wading through the mire of duplicates, missing data, aged data and downright made up stuff!
"No, Mr. Bojangles Funkyboogaloosmyth is no longer at this address... is this a sales call ??!"

I can't imagine things have gotten any better in 60 odd years .. in fact I can guess the amount of bilge data has increased exponentially.

Yeah, I'm not saying I have all the answers, but I reckon we can massage the facts a little to fit them as best we can

So, lets take the crime scene example .. LS have a bunch of biometric data at the scene (Blood, DNA, prints and whatever else)

and we have our Runner, J M Beadle esq. who has 4 SINs related to his data but is NOT a legal SINner. (for the purpose of this example)

So the star plug their data into the GSR, and the DNA hits jackpot on first go!
links to a Mr. Bogus, Mr Franks, M. Boopity Davies and a Miss Jessica Rabbit.

The finger prints though don't match any of these (J M Beadle couldn't afford high enough Rating SINs to get his prints linked)
(and this is assuming that MY imagining of a SIN holds true in that for each rating the runner provides more and more valid fields to pass better checks)

and the Blood type is different for all of these people.

Then they get a call from Aztechnology
"Oi, Coppers ... Lay off Miss Jessica Rabbit .. she's one of ours!"

and the rest are listed as Died at birth or in a nasty car accident last week... the investigation grinds to a halt and J M Beadle is in the clear ...
UNTIL he tries to use one of those SINs again!
Then the red flags go up and he's doomed as a dodo! (and rightly so, the guys a douche!)

so you are absolutely correct in the procedures the LS follow and that the SINs are in one go Burned

And hopefully my concept holds up to scrutiny that even after half a century, inter agency and pan-governmental databases and protocols are essentially paid lip service to, at best.

Yeah, otherwise if it's this perfect world where corps all work together hand in hand singing kum-by-yah .. then Runners cannot exist.

I was also thinking with gene therapy and the like that people might not only have modified, but changing DNA.

I like this thought. Poor wageslave gets a national born SIN or even a corp SIN, but perhaps not all registries require biometrics. Perhaps there is an added fee to have biometrics registered with your SIN...?

I like the concepts that just throw some grey into the SIN match up.

So, in a world where the software file (ergo: the SIN file) is suspect and biometrics are suspect and encryption I could see the system working a three factor authentication: What you have, what you are, and what you know. I have my SIN file {SIN broadcast by comlink}, here are my biometrics {fingerprint, blood sample, hair}, and here is my current identity pass phrase {"Soylent Green is people", "Open the pod bays doors please, Hal."}. Fullproof? No, but in a world where nothing is, you do the best you can.

One thing I always questioned is the mentioning of biometric/DNA in a comlink and places like the spell Sterilize. Perhaps that deserves *its own thread*...

That's actually what a SIN is for: to organize and track the humongous amounts of data each person generates each day. So, even though data has increased, the organizational system has gotten better as well. At the very least, it's a zero-sum game; it's also very likely that since everyone has a unique identifier, there's even less chance of duplicate entries getting by.

I spy a Horizon PR adept !
"The system is perfect, everyone is safe.... There is nothing to fear!"

Here was me, thinking that the SIN was created as a control measure a la 1984
Ministry of truth.

So, my players understand that the system is foolproof, but, we know better !... Right?

...........

In honesty, i cannot imagine a world where the computer is 100% ... Even in the distributed computational world.
I get my enjoyment from the belief that the machine is fundamentally flawed in its own assumption of accuracy.

But, that said.
If it is perfect, mechanically how much data do you link to your fake/stolen ID ?

What rating does a REAL SIN have? And is there possibility of data entry error leaving a person in limbo, a la The Terminal?

I don't think that means what you think it means. Indexing of data and even storing a massive amount of indexed data does not preclude cross-indexed data, falsified data, and deletion of data. In fact, the more copies of the "same" data there are the more the data becomes a mess of differing details. I find it would be impossible to GM a game where the system works with the perfection you espouse in each post about SINs. I trust you will not be rehashing the same arguments that got the last thread locked? Just so we're clear: You won't get this thread locked. Interpret that as you will.

Exactly.
Exactly. This imperfection is where my players do their digital identity magic.

I was wondering the same. Can a real SIN be issued without biometric/DNA data? I could see corps/countries allowing this to allow their espionage operatives to work or to protect that very data of high value targets (executives, etc)

*sigh* Everyone keeps reading something into my statements that's not there.

Where did I ever claim the system was perfect?

The reason I keep bringing it up is because people are postulating that, based on current technology, the situation in 2070 must be worse than it is today with regards to sorting and finding data. A SIN changes that back in the opposite direction-- it makes the job much easier. Not *perfect*, but easier, certainly enough that we're likely looking at an equivalent to today, or even less private.

If the system were perfect, shadowrunners couldn't exist. It can be brutally efficient, though.


SR5 does say that biometrics are there, it's just how good those biometrics are that's the problem.



Apparently, you have to have something on file for the biometrics, kind of like you need something in certain fields of an online application. At low ratings, they don't check it, so if you put in Fluffy the Cat's DNA instead, no one will notice until you face a higher rating check.

Well, that is the point of this thread



...or until she ever gets a new SIN. Retroactively tying all identities together would be bad enough, but we're talking about all SINs past, present and future.


What I image is more like the ABM treaty: All sides agree to keep an open flank to convince the others they are not planning an attack. The GSR contains the dirty laundry of every corp, therefore none of them can afford a leak. And if one of them should abuse the database (for example by performing a reverse lookup of a DNA sample), the others can react by exposing every last bit of dirty laundry on the offender contained within the data.

Cain posted an interesting snippet in the last thread (only just caught up on that, sorry)
there's some good points that validate most of what we have been saying so far


Bolded piece for emphasis.

I wanted to recap the original thought train, more for my own benefit

point 1 - the burden is on the GM (in the boots of law enforcement) to call for specific occasions where a check is in order
i.e. A crime has been committed that links to one of your fake SINs, or you are moving through an area that is acceptable to assume your ID does not carry the appropriate level of data to validate you.
Not an auto fail, though, this would just call for tests.

Point 2 - the consensus seems clear that (for the most part) data control has improved on present day, BUT there is in counterpoint, more aggressive political wrangling over which CORP holds the current dataset and if there are grey areas purposely or mistakenly left in the GSR

Point 3 - I think is adequately in play, 1984 is alive and well in 2053+ but not so much that you are being stopped Every 5 minutes for another routine check!
Follow the common sense rules and it's generally an auto pass .... get stuck in AAA with a SIN that links to chicken blood DNA ... you are gonna end up plucked !


These all look pretty accurate, Rating three has been noted for the "Obviously fake" line that I think needs an addendum such as Obviously fake under close scrutiny or to an expert!
at which point you are probably already in the back of a Lonestar one-way transport for some interesting talks.

again, nothing out of the ordinary here ...
I must admit .. I have not read any of this data so am happy to have to a very similar conclusion on my own (Yes, I gave myself a cookie!)

My last question on law enforcement and Biometrics.
if you are SINless (a runner usually) and your fakes are linked to the Biometrics of a chicken, a dead guy and a wage-slave from Yamatetsu etc.

what do the LS or KE do with the case? other than file it for when they find DNA at the next scene.

I mean .. you have ALL the good and decent people on the list of SINs but assume most of the naughty people .. actually aren't on any list at all !

I guess this explains the Shoot SINless on sight attitude, but other than that, is there an assault on precinct 13 style splat book that looks at this from the opposite end of the spectrum ?

I wrote this without realizing we'd already answered this question earlier in the thread:



Which for a fake SIN, may just be this:

Ok. I really feel at this point, we talked through everything not currently being discussed in either the licenses thread or the Disguises, Biometrics and DNA thread. Did I miss anything unresolved?

Yeah, data balkanization is a core tenet of the setting. The problem is that RAW says corps and countries are actively selling their SIN data, which subverts the whole thing. And if you ever had a legit SIN, you'll never be a shadowrunner.


As noted before, the ratings of SINs and scanners do not really match. An R3 scanner does nothing but a CRC check, which even an R1 SIN will pass (without valid CRC it wouldn't be a "random anybody" but "random stream of numbers"). And biometric checks are only done at R5, despite fingerprints or facial recognition being the perfect candidates for a quick streetside check.


...of course, if only the highest rated SINs have biometrics and only the best scanners look for it, this question is solved rather neatly.

But at any rate, it should not be "impossible" biometrics or DNA patterns. If can be a random fingerprint and composite image, but if you put a chicken print and a grainy b/w photo into the database, it would be noticed by internal consistency checks.

Question:

How do you identify and differentiate “nationality”? Isn’t the world of Shadowrun somewhat a global world, where a Caucasia can be Japanese nationality and or Japanese corporation affiliated? Or do they mean ethnicity?

I guess they mean how good the nationality (or issuing authority) match the identity in general: If your SIN says Japanese officer friendly might just strike up a conversation with you, too bad if you don't know a thing about the country and language...

@Redjack

It's hard for me to know what parts of your posts refer to your interpretation of the book and which parts refer to how you think the rules should be changed. A few details in my view are different from how you've written them.

The information can be divided into three levels.

1) Basic information: This is a small number of vital statistics baked into the number itself. A verification system can get this information through the number alone. It does not need to be a long number, and does not need a data file to accompany it. It is kept as a file itself. Name, DoB (thus age), birthplace, issuer (nationality), and sex are mentioned in the book.

2) Supporting information: This is historical data that can be algorithmically checked to varying degrees. It is located in myriad places that the SIN verification system is able to access (like credit bureaus, but for all sorts of data). Better verification systems have better algorithms and access to better data. The best systems can "externally verify" it at random. I'm thinking that means randomly selecting a database record of something like a purchase and then electronically querying the store itself to see if the store's records match.

3) Biometric information: This is kept in two secure places: a database maintained by the issuer and GSINR. DNA, retinal scan, and fingerprints are mentioned in the book. The book says that national SINs have biometric data on file, and another copy with GSINR, which shares it with law enforcement. It says that corporate limited SINs are in the GSINR and shared with law enforcement, but doesn't explicitly mention the biometrics. It says that corporate born SINs can be verified through GSINR, but have no attached info. (This seems to me like a dead giveaway that a person is corporate born.)

The book says that Criminal SINs and Corporate Limited SINs have information on a person's awakening somewhere. As the number doesn't change, it would be in supporting info, or as a flag along with the biometric info. Since the number doesn't change, it won't be able to handle awakening (or name changes) after the number was issued.

The book says that nations (not corporations) sell personal data (not biometrics), and that SINners get a lot of spam (soyham) (a hidden gem for reading this boring post).

*walks in and dusts off the counter*

Saw this on the other forum and thought parts of it were interesting enough to invoke a bit of necrothreading here.




One thing I thought was a nice mechanic was the degrading SINs which we were bouncing ideas about earlier in this thread.

Interesting, I like that.

The permit categories are a cool idea, number but produces sufficiently different restrictions. Category II seems a bit superfluous though, how many Ares Predators does the average runner own?

Personally I view SINs very simplistic. Each Corp/Country isn't going to share what they don't have to.
So for Day to day life if a runner has a rating 4+ SIN they'll be good but if they use it during a run then it may get burnt which leads to my second view.
If they want to break into or use some social engineering to do some work on Aztechnologies then they will want to spend the Nuyen on a damn good Fake SIN w/ License to match the needs saying they belong and leave their day to day SIN at home.

Then they will want to keep 1 or 2 spare just in case their SIN get's burnt or if they need to bolt and go to ground.