home home news news columns columns features features

<-- Back to society

What’s in a SIN?

by Chris Siebenmann

There are three things to a SIN: the person, one or more ‘SIN sticks’ (ala credsticks), and the SIN’s network information, which is theoretically identical to what’s on the stick.

In my world, there are two and a half parts to SIN verification. First is a verification of your ‘key’ to the SIN; this ranges from typing in a secret number at the Stuffer Shack to a DNA analysis when you’re signing papers to buy that downtown condo. This stage matches the information from you against what’s on your SIN stick.

Next is verifying the SIN stick itself. SIN sticks are digitally signed and can be checked without needing network access; cheap places just do this. In practice, people and equipment to sign SIN sticks are too widespread, and any valuable transaction will do some sort of network verification. Either the SIN stick and the network can handshake a password/signature, or you can read out every important piece of information from the SIN stick and compare it against the information in the network. Normally one does the former; it’s a lot faster (and reading all the SIN’s data may require uncommon authorization). Sometimes all the verification that’s done is that the SIN number actually exists (this is very fast and cheap).

The SIN database is indexed by a number, your SIN number. While one can attempt to search the database on, say, retinal prints, this is a manual procedure that’s not often done. Since the database is distributed, it’s also very slow, and can involve inter-region politics. It’s known that the data capture techniques do have errors and thus there are legitimate (but rare) cases of compare-identical ID information like retinal prints.

Not all SIN sticks carry data for all ways of verifying your identity; the network version normally does, but may not either (if, say, you bank at a cheap bank). Large verifications fall back on the network versions; if your network version doesn’t have the information either, it fails.

So, you can forge a SIN in a number of ways:

  • A SIN stick that’s properly signed but has no network presence, or a bogus network presence. Good at the Stuffer Shack and other places like that. Cheap.
  • Have a SIN with only basic identification methods. Retinal verification is quick, somewhat error-prone, and good up to a couple thousand newyen; one also rarely leaves retinal prints at the scene of a crime. Most people don’t need more than this.
  • Break the SIN/network password algorithm and create a SIN stick that lies at that point; the result is bogus network ID information, but valid ID on the stick. The choice of paranoid people, but expensive. Fails if someone decides to run a data-by-data readout and verify.
  • Have a perfectly valid SIN, and hope that you never leave traces that people will try a search on. If you go this route, get a SIN from a region that dislikes yours; politics will hinder any cross-region searches, and any local searches will turn up blank.

It helps to think of bureaucracies in Shadowrun as venal, corrupt, and exploitable. Be nimble; as a gamemaster, craft a world where your players can be nimble, even if the result is less than perfect security. It’s more fun.