This is an HTML version of an attachment to the Freedom of Information request 'IT Network Documentation - IPv4/v6 Public Facing addresses'.

22 August 2014 
Mr Ben Fairless 
Sent via email:   
Our Ref:  FOI1415/5.13 
Dear Mr Fairless, 
FOI Application – IT Infrastructure Information - Decision 
I am writing in relation to your request made under the Freedom of Information Act, 1982 (the FOI Act), seeking 
access to information relating to NBN Co’s IT infrastructure. 
The Statement of Reasons (Attached) outlines the specific terms of the FOI request, the decision-maker’s findings 
and the access decision. For your reference, the FOI decision is subject to review under sections 53A and 54 of the 
FOI Act. The Office of the Australian Information Commissioner’s FOI Fact Sheet 12 – Your review rights is attached 
for your information and may be found at the following link. 
If you have any questions, need to discuss your FOI application or require any other information relating to this 
matter, please feel free to contact the writer on Tel. (02) 89185670 or via email on 
Yvette Deerness 
A/GM Legal Counsel 
FOI, Privacy and Knowledge Management 
cc. Justin Forsell, Chief Legal Counsel, NBN Co
(02) 9926 1900 
(02) 9926 1901 
NBN Co Limited   ACN 136 533 741   © NBN Co 2013 

Mr Ben Fairless 
Application Chronology and Terms of Request 
1.  On 17 July 2014, NBN Co received an email from Mr Ben Fairless of the “Right to Know” website (Applicant), in which he 
made an application under the Freedom of Information Act, 1982 (FOI Act or Act) for the following: 
Records detailing the IPv4 (and if relevant, IPv6) addresses used to access the public internet from within your network. To 
clarify, these are the public facing addresses of your private network. I am only requesting addresses that are used to 

access the general public internet. In addition, if it is such that a particular IP address serves a particular area within your 
department (for example, one IP address is used for Media Relations, while another is used for Ministerial 
Communications), I also request access to this information. 
2.  On 24 July 2014, NBN Co staff acknowledged receipt of the Applicant’s application as required by section 15 of the Act and 
informed the Applicant that a determination would be due on 15 August 2014, subject to any suspension of the processing 
period due to requests for charges or third party consultations. 
3.  On 29 July 2014, the Applicant sent an email to NBN Co requesting that the Application be treated as a request for 
administrative access. 
4.  On 8 August 2014, NBN Co sent the Applicant a request for an advance deposit, in accordance with subsection  29(1) of 
the Act. In the same correspondence the Applicant was advised it had been decided that the Application could not be 
processed under administrative access procedures, as it was not the sort of information that the company would release on 
a regular basis. In a subsequent teleconference, the Applicant spoke to NBN Co staff and made contentions regarding the 
processing fees and questioning the amount of decision-making time. NBN Co staff confirmed that the decision-making 
time was required. 
5.  On 11 August 2014, the Applicant had paid the advance deposit. 
6.  On 22 August 2014, I forwarded this decision to the Applicant.    
Summary of Access Decision 
7.  Under section 3(1)(b) of the FOI Act, the public has a right to seek access to “documents”, rather than discrete bits of 
information. Notwithstanding this point, section 17 of the FOI Act enables Government authorities to provide applicants with 
information, where such information is not available in a discrete written form and where the information is “ordinarily 
available to the agency for retrieving or collating stored information”. Following receipt of the Applicant’s request, NBN Co 
staff undertook relevant searches and advised that the information requested was not available in a discreet form however, 
(02) 9926 1900 
(02) 9926 1901 
NBN Co Limited   ACN 136 533 741   © NBN Co 2013  

it was possible to create an appropriate document containing the information falling within the scope of the Application (IP 
Address Information). 
8.  As an FOI decision maker, it is open to me to consider whether the information falls within the terms of section 7(3A) of the 
FOI Act – NBN Co’s commercial activities exemption (CAE) – and is, therefore, not subject to the operation of the Act. 
General background information regarding NBN Co’s FOI processes and the principles underpinning NBN Co’s commercial 
activities exemption may be found at the following link. It is my decision that the IP Address Information falls within the 
9.  It is also my decision that section 33(a)(i) of the Act (National Security)  applies to the IP Address Information, and the 
disclosure of the IP Address Information would, or could reasonably be expected to, cause damage to the security of the 
10.  Other potential exemptions could apply to the IP Address Information either in whole or in part. In my opinion, it is 
unnecessary to consider these exemptions as the IP Address Information is already exempt from the operation of the FOI 
Act as per the CAE and section 33(a)(i) of the Act. 
Reasons for FOI Decision 

Application of the FOI Act - Commercial Activities Exemption 
11.  As outlined above, I refer you to a summary explanation regarding NBN Co’s CAE, found at the following link. It is my 
decision that the IP Address Information falls within the CAE and as such is not subject to the operation of the FOI Act. I 
base my decision on the following conclusions: 
  There could be a direct correlation between making the IP Address Information available and the ability to 
aggregate information regarding NBN Co’s IT infrastructure. This in turn could increase the risk of targeted denial 
of services attacks on NBN Co. 
  Denial of service attacks impact the NBN Co’s IT systems, which in turn could slow down the rollout of the 
national broadband network. Slowing down the rollout could undermine NBN Co’s ability to maximise returns for 
our Shareholder Ministers and, ultimately, the return on investment for Australian taxpayers. 
  An increased exposure for NBN Co to denial of service attacks could, in turn, increase the efforts and resources 
NBN Co will need to put into defensive security measures. This would undoubtedly increase NBN Co’s security 
costs which again could undermine NBN Co’s ability to maximise returns for our Shareholder Minsters and, the 
Australian taxpayer.  
General Exemption – Affecting the Security of the Commonwealth 

12.  Section 33 (a) (i) of the FOI Act exempts documents from disclosure if such disclosure could damage the security of the 
Commonwealth. An extract of the relevant section below for reference: 
              33 Documents affecting national security, defence or international relations 

A document is an exempt document if disclosure of the document under this Act: 
(a) would, or could reasonably be expected to, cause damage to: 

the security of the Commonwealth; … 

13.  I am of the opinion that the IP Address Information falls within the section 33(a) (i) exemption. In reaching my decision, 
guidance was sought from the Attorney General’s Department and I also referred to advice provided by NBN Co’s security 
experts. Drawing on the points made in relation to the CAE exemption above,  particularly the point that there could be a 
direct correlation between making the IP Address Information available and the ability to aggregate information regarding 
not only NBN Co’s IT infrastructure, but the IT infrastructure across multiple Commonwealth government agencies. This in 
turn could increase the risk posed of a targeted denial service attack on NBN Co. Likewise, such release could increase the 
risk of a targeted denial of service attack on multiple government agencies. For these reasons it is my decision that the IP 
Information is exempt because disclosure either would, or could reasonably be expected to, cause damage to the security 
of the Commonwealth. 
 Other Exemptions  
14.  I am of the view that other exemptions under the FOI Act could apply to the disclosure of the IP Address Information, 
including the section 47E(d) public interest conditional exception, i.e  would, or could reasonably be expected to, have a 
substantial adverse effect on the proper and efficient conduct of the operation of an agency [i.e NBN Co]
.  However, it is my 
opinion that it is unnecessary to consider such exceptions in light of my view that the IP Address Information is already 
exempt as per CAE and section 33 (a) (i) of the Act. 
Processing Charges 
15.  NBN Co staff spent approximately half an hour in sourcing the relevant information. In addition, I spent approximately eight 
hours in drafting and finalising this FOI decision, as well as completing relevant correspondence and undertaking 
discussions with experts in our business regarding the IP Address Information. 
16.  It is NBN Co’s general policy to charge applicants for FOI processing time. In its Submission to the OAIC Charges Review, 
NBN Co outlined its support of fees and charges and their importance to the FOI scheme. In the Advance Deposit Request 
sent to the Applicant in early August, estimated processing charges of $67.50 were detailed. The Applicant paid the 
advance deposit of $20 leaving a final amount owing of $47.50. It is my decision to waive the remaining amount. This fee 
waiver is permitted by Regulation 3 of the Freedom of Information (Charges) Regulations 1982, which provides decision-
makers with a general discretion to impose or not impose a charge, or impose a reduced charge for the processing of an 
FOI request. 
Right of Review 
17.  If you are dissatisfied with this decision, you have certain rights of review. Details regarding your rights of review and 
appeal are outlined in the covering letter, provided with this Statement of Reasons.