This Friday (3 July) is the deadline for responses to the Australian Government's open consultation on verifiable credentials policy. We submitted our response today, and ticked the box declaring that we're happy for it to be shared publicly. So we decided to upload the response here. The concluding paragraphs of our cover letter are: "Done well, we see trustworthy verifiable credentials as a catalyst for increased trust in Government agencies, strong economic growth and significant productivity gains, as well as protecting the privacy and security of people, organisations and infrastructure. Done badly, verifiable credentials risk delivering no genuine socio-economic value. Worse still they could be considered (and could become) an instrument of a surveillance state. So let's do them well." The consultation papers are here:https://lnkd.in/gRTUb6wy #digitaltrust
Sezoo
IT Services and IT Consulting
Melbourne, Victoria 542 followers
Radically improving trust in digital interactions for the benefit of all
About us
Sezoo was launched in 2021, building on 4 years of investment, passion and successful client engagements in the area of digital trust. Our mission is to radically improve trust in digital interactions for the benefit of all. We do this by providing advisory and consulting services to organisations and businesses to enhance the trust people have in their online services and products. We provide expert services to help our clients realise benefits in three key areas: 1) Increased trust for their organisation and their customers 2) Reduced risk for their organisation and their customers 3) Trustworthy interactions and experiences What we do We work with organisations ranging from start-ups to major internationals, State and Federal governments, and international standards development bodies. The work we do includes: - Strategy development in digital trust technologies such as digital identity and verifiable credentials - Multi-participant and multi-organisation strategy and execution workshops - Proof of concepts and pilots digital identity and verifiable credentials for sectors ranging from Higher Education to Defence, Entertainment, Finance, and Retail - Business Case development for multi-million dollar government initiatives on decentralised trust models - Executive and Ministerial papers on emerging digital trust technology and its potential for delivering socio-economic benefits for all - Government Research grant exploration on the application of emerging technologies - International collaboration on open-standards and open-source initiatives with organisations such as the Linux Foundation and UN Working with our clients, our engagements scale from lunch time executive briefing sessions, to multi-day and multi-week workshops, to multi-month engagements. If you’d like us to help your organisation, please reach out on contact@sezoo.digital.
- Website
-
https://sezoo.digital
External link for Sezoo
- Industry
- IT Services and IT Consulting
- Company size
- 2-10 employees
- Headquarters
- Melbourne, Victoria
- Type
- Privately Held
- Founded
- 2021
Locations
-
Primary
Get directions
460 Collins Street
Melbourne, Victoria 3000, AU
Employees at Sezoo
Updates
-
Well we went there again. A year after our first foray into Government fraud, waste and trust we've returned to look at a very worthy, and very complex, socio-economic programme in Australia, NDIS. Knowing our limits, we've made observations and recommendations in the area we know best - digital trust. We wish the best for the achievement of the scheme's original objectives and outcomes for all beneficiaries. Along the way we've developed what we think could be a very useful model to help discuss and understand Government welfare schemes and their impact on trust in general. Like all models, it is a simplification and hence it is 'wrong'. But we think it, and our recommendations, could be useful. What do you think?
-
We believe that trustworthy digital credentials (including trustworthy digital ID) are national Critical Infrastructure and should be used to reduce risk and increase resilience in times of increasing uncertainty and threat. In December 2025 the Australian Government sought public consultation on proposed changes to the Critical Infrastructure Risk Management Program Rules for high-risk asset classes. In our response, we argued that trustworthy digital credentials are a foundation of all critical infrastructure and hence should be included as a “fifth element” of the existing Critical Infrastructure Risk Management Model. We see the issuance, management and verification of trustworthy credentials as a common requirement across each of the four presented pillars (Cyber, Personnel, Supply Chain, Physical), critical in supporting the resilience of interactions and trust between those involved (organisations, individuals, software and systems) during normal operation and in response to failures. Further, we believe that the Australian Government’s investments in Digital ID infrastructure (the Digital ID Act, AGDIS, ongoing work on verifiable credentials etc.) can be used to provide a legally bound foundation for higher trust, lower risk and more resilient authentication that can reduce the cost and burden of existing checks in normal operation, let alone when outages and failures occur. This also increases the return on investment in Digital ID solutions, infrastructure and governance by Australia. On the topic of Supply Chain Hazards, we believe that the Australian Government should look at the work of the UN and the UN/CEFACT projects on supply chain transparency and trust at scale. These initiatives are establishing open, royalty free, global standards that follow a “protocol not platform” approach to maximise trust, minimise cost, and maximise the return on existing investments in platforms and infrastructure. Our complete response can be viewed below.
-
Thought we'd share a little "walk the talk" digital trust experience we gained by rebuilding our website during late 2025 and early 2026. Our website design was created by the nice people at Creative Approach back in 2021, and we still like it. You should look them up if you're interested in digital marketing and design. By the time 2025 came around, we realized that needed to do something about the WordPress version that our content was using (it was well behind the most recent version), and this came to a head at the end of the year when one of the main website features failed. So for the last few weeks we've been exploring how we might port the design and content to the platform we've been working on with our projects at UNECE-UN/CEFACT - a GitLab hosted repository with a Docusaurus rendered static website. And with a little expertly guided and challenged "vibe" help from our AI mentor - we built it. And it works, well. While websites aren't our usual focus, as a company focusing on digital trust it would be "incongruent" to have an insecure site. A key objective in exploring options was to create a more secure site with strong cryptographic content protection. And while nothing is or remains perfect, that's what we now have. Our newly hosted site scores A+ on the Mozilla Observatory scoring and is, from a structural point of view at least, far more secure than our previous approach. Critically, it also gives more of the cryptographic keys, and responsibilities, to the founders. Achieving digital trust, being trustworthy, demands a holistic approach to everything that you do. This means being authenticate and verifiable to your customers and business partners, as much as it means being able to verify your customers and your business partners. How does your site score?
-
-
Sezoo reposted this
Does a human-in-the-loop (HITL) make something more, or less, trustworthy? Is remote onboarding more risky than physically present? Academic research on the impact of HITL on risk may surprise. This isn’t “just” academic. Right now the FprCEN/TS 18098 standard is being debated in Europe and the result will determine whether Europeans will need to be present at an issuer’s premises to get their EUID in their EUID Wallet. This will impact all countries participating in eIDAS, as well as others that are aligning, or want to align, with eIDAS. There will be ripples: if the EU makes presence mandatory, then others that decide to adopt these standards MUST comply. This is a type of “human in the loop” decision. The argument for HITL is that humans with machines do it better than machines alone (“machine” is shorthand for any digital system that makes or proposes decisions). Humans have empathy and context and “get” the complexity of the situation. The counter-argument is no, not always, and no. No - humans don’t (necessarily) do it better, have empathy (in a positive sense) for the applicant, or “get” the complexity. Humans can be fallible, biased, nudged, and even bribed and coerced. HITL can be rational, sensible, and “humane”. It can reflect cultural norms and expectations. It can be the right thing to do, but that might not be because of risk or assurance levels. HITL is a hot topic in digital wallets and credentials. Others are waiting. Here are a sample: Onboarding: How we manage “issuance” (or endorsement). What checks do we perform on what sources and how? Binding: How do we make sure that only the person (or agent) that the credential is issued to can authentically use the credential? How can we uniquely, securely and privately link the person/agent to the credential so that others can’t steal the credential or masquerade as its holder? ReAssurance: Should we periodically demand a re-check? No system is perfect, mistakes are possible in issuance, something may happened since, so do we need a random, time-based, or risk based recheck, perhaps using different sources? Monitoring: Do we need to monitor patterns of use to identify anomalies and protect users and systems from abuse? Can we do this without eroding privacy? Persistence and currency: How do we support updates to changeable information and the appropriate persistence of information. Can digital credentials have the same persistence and right to present as a historical fact. How do we do all this with security, privacy and respect for the rights of all? How do we prevent digital credentials from being less resilient, more fragile, and more risky in their use than their physical counterparts? Designing for a meaningful “Level of Assurance” needs both upfront and ongoing analysis, and “for every complex problem there is an answer that is clear, simple and wrong.” If you want good answers, ask good questions. Ask Sezoo #digitaltrust
-
TRUST - the critical catalyst for Australia’s increasing productivity The Sezoo mission statement is to “Radically improve trust in digital interactions for the benefit of all”. While this is clearly focused on social-good, it applies just as much to business and socio-economic productivity. We hold that trustworthy digital interactions are an economic enabler as well as a harm preventer. On 5 August 2025, the Productivity Commission of Australia released an Interim Report, entitled “Harnessing data and digital technology”. Consultation response was encouraged. This is Sezoo’s response to the consultation request that ends today (15 September 2025). If you'd like to talk to Sezoo about the technologies or considerations that can achieve more trustworthy digital interactions, reach out to John Phillips or Jo Spencer.
-
"Tell us once" is offered by the Australian Government as a “quick win” from last week’s economic roundtable. However, it offers neither speed, nor victory. The vision is attractive, that, as citizens, we only need to tell any government agency something once - such as a change of address or personal or family situation change - for all agencies to know the update. But behind this shiny vision lurks a murky reality. To make this work, all government departments need to be aware of all possible change scenarios, be able to share data about people with other departments, and be prepared to interpret and apply the changes consistently. This requires changes to legislature, policies, operating procedures, services and technology. We have laws that prevent the sharing of data between government departments. Positive and negative reasons support these laws: the positive reasons include protection of privacy from government "function creep" where data provided for one purpose is used for another. The negative reasons include inter-departmental competition for resources and a lack of trust. Even if there are good reasons and good intentions behind the idea, implementing it will be tricky in terms of legislative changes, complex in terms of citizen services, and diabolical in terms of system changes. The real issue here is that "tell me once" is “solving for the wrong problem”. There is a better way to achieve the vision of a single and accurate view of the citizen: let the citizen be the single source of truth about themselves. Make it easy for citizens to prove things about themselves that the government has the right to know whenever they need to prove them. How might we do this? Combine the "MyID" concept of authentic, verifiable digital identification with a citizen held secure wallet/app, and make it easy for the citizen to receive, manage and present verifiable data about themselves whenever they need to do so. If government agencies can ask for what they need when they need it from a MyID interaction, they can verify the data that citizens have presented and update their records as required. The reason “tell me once” is a vote winning phrase is that, too often, (re)telling now is full of the wrong kind of friction. Much like “reusable KYC” for banks, “tell me once” for governments sounds good, but isn’t. Making it easier for people to prove what they have to, when they have to, means that the information received is current and relevant. Only what is necessary to be shared is shared, and only what is necessary to be kept, is kept. Using “tell me once” as a battle cry to untangle the government spaghetti will not be a “quick win” for anyone. Make it easier for me to tell you, then asking me the same question again won’t be a chore, it will be a privacy, security and trust enhancing right. #digitaltrust #trustworthygovernment https://lnkd.in/gtT3rC2G
-
#nontransferablelogins protect companies and employees. If you can't share your login, you can't be socially engineered to share your login.
Another "social engineering attack", another reason we all need non transferable logins. https://lnkd.in/gvP243Df
-
In March this year, Sezoo and Far Phase provided feedback to the ACMA on the proposed Telecommunications (SMS Sender ID Register) Industry Standard 2025. As Australian experts in telecommunications and digital trust, we fully support the ACMA's initiative and appreciate the incorporation of some of our feedback concerning international senders. However, in this second round of consultation we still have significant concerns regarding the registry's onboarding and operation, its reliance on Certified Telcos (CTs), the ongoing risk of SMS message injection, and potential inconsistencies in receiver experience. We believe the current approach places substantial operational and liability burdens on telcos, potentially limiting the registry's effectiveness. Key issues include the ACMA's recent changes to classify messaging platforms (EMSPs) as "Telcos" and to delegate onboarding and registry access to CTs for organizations without ABNs. We've highlighted the critical need for clear guidance for CTs on identification and verification processes to prevent varied implementations, duplicated effort, increased costs, and inconsistency. To address this, we've proposed leveraging the GLEIF Legal Entity Identifier (LEI) framework for verifiable registration and cryptographic attribution. We also have major concerns about the premature implementation of the registry and its potential adverse effects on SMS traffic and services, particularly from international partners. We believe the rollout planning, demands on telcos, and operational implications require deeper understanding. We recommend a more thorough level of planning and impact assessment to ensure a level playing field for telcos and to implement solutions without introducing risk, fraud, or inappropriate outcomes. We are confident that our observations and recommendations will enhance trust in the registry and its use, delivering better outcomes for all participants in the short and long term. We welcome further discussion with the ACMA. The link to the Sezoo LinkedIn post from the first consultation is here (https://lnkd.in/gqeVmefw). Sezoo #SMS #Telecommunications #DigitalTrust #ACMA #IndustryStandard #SenderIDRegister #Australia #CyberSecurity #FraudPrevention