Australian government seeks advice on management of .au domain

The government wants to ensure the management framework of auDA remains fit-for-purpose.
Written by Tas Bindi, Contributor on

The Australian Department of Communications and the Arts has released its discussion paper on the appropriate framework for the management of the .au domain before the direct registration policy is implemented, and is seeking feedback by December 18, 2017.

Minister for Communications Mitch Fifield announced on October 17, 2017 that the department would be conducting a review to ensure the management framework of the .au Domain Administration (auDA) -- the not-for-profit policy authority and industry self-regulatory body for the .au domain space -- remains fit-for-purpose.

As such, the Department of Communications and the Arts is seeking recommendations in three key areas: The most appropriate framework for the management of the .au top level domain; how to ensure that government and community expectations inform auDA's operation and decision-making; and mitigation strategies to address future risks to the security and stability of .au.

When the Australian government endorsed the auDA in 2000 as the appropriate entity to administer the .au domain, it outlined a number of "terms of endorsement", including that the auDA operates within the provisions of its company constitution; recognises that the internet naming system is a public resource; operates as a fully self-funding and not-for-profit organisation; be inclusive of and accountable to all members of the internet community; adopt open, transparent, and consultative processes; promote competition, fair trading, and provisions for consumer protection and support; establish appropriate dispute resolution mechanisms; and represent Australian internet industry interests in the internet domain name system at national and international fora.

However, there have been significant changes to the digital landscape since auDA was established, and the Domain Name System (DNS) environment is also different from when the Internet Corporation for Assigned Names and Numbers (ICANN) delegated management of the .au country code top-level domain to auDA in 2001, the discussion paper notes.

The .au country code top-level domain is an "increasingly important piece of Australian infrastructure", according to the department, given 37 percent of Australian businesses received orders via the internet for the 12 months ended June 30, 2016, with these transactions worth an estimated AU$321 billion. Additionally, more than half of Australia's population, 13.7 million, are internet subscribers.

There are significantly more choices available to Australian consumers, organisations, and businesses that are considering registering a website, going from just a handful generic top-level domains (TLDs) such as .com, .net, and .org, to more than 1,200 generic TLDs, the discussion paper states.

Due to Australia's increasing reliance on the internet, and the increasing scale and complexity of cyber attacks, the communications department said appropriate strategies and frameworks need to be established to ensure the .au country code top-level domain is secure and that risks are effectively managed by auDA.

"auDA has established mitigation strategies for responding to attacks against the .au domain including implementing the Domain Name System Security Extensions (DNSSEC) -- which protects against attacks by digitally signing data to provide an assurance of its integrity -- and introducing its Information Security Standard -- to assist registrars to manage and improve the security and resiliency of their business, .au registrants and the .au DNS more broadly," the discussion paper acknowledges.

"auDA has also established a security and stability advisory committee."

The communications department is still, however, seeking suggestions on what emerging risks auDA will face in relation to the security and stability of the .au domain; what would be best practice for DNS administration; whether auDA maintains appropriate mitigation strategies; what additional mitigation strategies should be considered and how should they be assessed; what is the optimal mix of capabilities to expand auDA's cybersecurity preparedness; and how auDA should engage with the government in its management of risks.

When it comes to auDA's roles and responsibilities, the department wants advice on what should be its primary roles and responsibilities; whether the current terms of endorsement are appropriate guiding principles for a .au country code top-level domain manager; whether the terms of endorsement reflect community expectations for the management of the .au country code top-level domain; and what trends and developments could affect the auDA's roles and responsibilities in the future.

In relation to governance and management, the communications department is also seeking recommendations on what best practice approaches and processes should be considered regarding the auDA's corporate governance; what good corporate governance for auDA should look like and whether reform of existing auDA corporate governance arrangements should be considered; whether the current board arrangements support auDA in effectively delivering its roles and responsibilities; and whether reform of existing board arrangements should be considered.

The communications department is additionally looking to find out who are auDA's stakeholders; whether auDA's stakeholder engagement processes are effective, and if not, how should it engage with stakeholders; and whether a transparency and accountability framework is effective.

When it comes to membership, questions such as whether auDA's current membership structure is reflective of the range of stakeholders that rely on, or interact with, the .au domain, and whether the membership structure supports the auDA in delivering its roles and responsibilities, are also outlined in the discussion paper.

The auDA in early October said it was seeking feedback on how best to implement policy for the registration of domain names directly before the dot in .au, which auDA's board had approved in April 2016.

Chair of the Policy Review Panel John Swinson told ZDNet at the time that there are a number of issues that need careful consideration such as whether priority should be given to existing domain name holders and how that priority should be determined.

He said the existing approach of "first come, first served" might not be appropriate when implementing the new policy.

"The basic rule about domain names is ... if you want a domain name, you see if no-one else has got it, and if no-one else has got it then you're entitled to register that domain name and use it, provided you're not infringing someone's intellectual property," Swinson told ZDNet in October.

"When you bring in something new like .au direct registration, you need consider how are existing domain name owners impacted by this new domain name [policy] in Australia.

"Let's say there's johnspizza.com.au and someone else owns johnspizza.net.au, who gets johnspizza.au in that circumstance? Or, let's say you had a Mona Vale golf club domain name, a Mona Vale garden service domain, and a Mona Vale public school domain. Who's entitled out of those to get monavale.au?"

Swinson additionally said auDA is looking to better understand whether people should be allowed to register certain domain names such as "court.au" or "police.au".

"We might want to reserve some [domain names] for future use in, for example, the law enforcement space," he said.

Whether some words or alternate spellings of existing words should be completely prohibited such as "au.au", "com.au", and "comm.au" is also a consideration to potentially reduce the likelihood of confusion.

auDA had also assessed how the UK and New Zealand have implemented a similar policy, Swinson said, but was looking to find out whether there is a more efficient way to do so in Australia.

"I think we can learn by what other people have done and do it better in Australia. That's what I'd like to see," he added.

Recent Coverage

Big data and machine learning algorithms could increase risk of collusion: ACCC

New provisions that have been added to the Competition and Consumer Act will enable the ACCC to address future machine-powered anti-competitive conduct, chair Rod Sims has said.

Australian IoT tick is to certify a device can be secure, not that it is: IoTAA

Since there is no such thing as an always secure device, Internet of Things Alliance Australia has said a certification tick will ensure a device can be secure if used in recommended ways.

Australian government sets up email address for confidential IT complaints

The IT industry can confidentially email the government about its grievances.

Australian startup prepares former military personnel to fill the IT skills shortage (TechRepublic)

Sydney-based Tom Moore returned to the daily grind from serving in Afghanistan, and after a poor transition process, founded a company that aims to change the way the veteran workforce is perceived by...

Editorial standards