Download original attachment
(PDF file)

This is an HTML version of an attachment to the Freedom of Information request 'Current, comprehensive list of gov.au domain names as recorded by the registry operator'.


 
 
 
Reference: 
FOI 22/54 IR 
Contact: 
FOI Team 
E-mail: 
xxx@xxxxxxx.xxx.xx  
C Drake 
Right to Know 
 
 
By email only: 
xxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx   
 
 
 
Dear Mr Drake 
Freedom of Information Internal Review Request – FOI 22/54 
On 25 July 2022, the Department of Finance (Finance) received your email requesting 
access under the Commonwealth Freedom of Information Act 1982 (FOI Act) to the 
following documents: 
You operate the site https://www.domainname.gov.au/about which is the gov.au domain name registration 
portal. 
This portal in turn supplies registration data to the .au registry operator (Afilias Australia Pty Ltd) who 
maintains a Master List of gov.au public domain names. 
Please supply the current Master List, preferably in machine-readable format. 
Note that F.o.I. rules require that you contact and/or negotiate with me if you encounter any hurdles with 
the above; please make sure you do this if for any reason you find it difficult to simply obtain (e.g. ask 
Afilias) and supply the above list.  Note also that historical "A-Z" sites directories once existed in 
government, however, they were never complete, and all appear to be taken down at present - I'm not 
interested in old or incomplete lists, I'm after the current Master List as maintained by the registry. 
 
Original Decision 
On 23 September 2022, Finance notified you of the original decision maker’s access refusal 
decision, made on the basis that the document is exempt in full under section 45 of the 
FOI Act.  
 
Internal review request 
On 24 September 2022, Finance received your email, in which you sought an internal 
review of Finance’s original decision on the basis of the following: 
I am writing to request an internal review of Department of Finance's handling of my FOI request 'Current, 
comprehensive list of gov.au domain names as recorded by the registry operator'. 
The Section 45 refusal is nonsense, and the response I received is in bad faith. 
 
The guideline quote: "information which has been communicated in circumstances giving rise to an 
obligation of confidence" does not apply, because I asked for a list of public domains names with the 
registrar in question is obliged to (and already has) place into the *public* DNS, shared with other 
One Canberra Avenue, Forrest ACT 2603  Internet www.finance.gov.au 
 
registrars, and by other means also made publicly available.  There's no possibility for detriment, no 
threats involved, no requirement of confidentiality over the list of names that I'm requesting (obviously - it 
can't be both public and confidential at the same time), and no chance that any of the domains in the list 
are "specifically identified" as being confidential. 
 
It further states "The Master List does not exist in a discrete form, and could be produced in response to 
your FOI request, as at 25 July 2022." which is a direct contradiction of what I was told by the registry 
(and logically impossible, since this list is used in the DNS responder of the registry, which necessarily 
and technically requires that it does exist in a discrete form).  Note also that while we know for certain the 
registry has this list in discrete form, it's highly likely that the government itself also has a copy or other 
representation of this list, or can easily produce one.  Just because an outside company has the job of 
maintaining a list from information supplied by government, doesn't mean that government itself cannot 
do the same.  I don't care where the list comes from, nor if I have to compile it myself from the records 
that originally fed the system that the registrar uses to compile theirs. 
 
Accordingly, Section 45 does not (and could never) apply: 
 
(1) the information is NOT confidential, and could never possibly be so 
 
(2) I don't care whether that information comes from a registrar or a government department (or both, like 
I suggested - you get the list from them (if you don't already have it or a copy), then give it to me - nobody 
breaches anything that way).  I suggested the registry option to you simply to make it easier for you to 
release the information to me, not as the only option available. 
 
I disagree with and contest the overly-verbose, distracting, and off-topic "Background" and request that it 
be disregarded in its entirety, not least because it suggests that a statement I made (for which I provided 
written reference: "[.au Support - Case #01239018] The “master list” of gov.au public domain names." is 
"This is inconsistent with the information that has been provided directly to Finance by Identity Digital." - 
that is FALSE.  Here, to be clear, is the exact text of their response to me:- 
 
" Hi Chris, 
 
Since you need report on gov.au domains you need to contact the registrar Department of Finance-.au. 
You can either get this report for them or if they request us to send it, we are happy to send the report to 
the registrar. But, it should be requested by the registrar's authorised contact. 
 
Should you require further assistance please do not hesitate to contact us and include the string: 
ref:_00DD0CWb4._5004G2Ri8xw:ref in the body of all future correspondence with regards to this ticket. 
To do so, you may simply reply to this message. 
 
Sincerely, 
 
Abhinav Vatsavaya 
 
.au Support 
 
  Web Portal: https://portal.afilias.info/ 
 
  Email: xxxxxxx@xxxxxxx.xxx.xx 
 
  Phone: +61-3-9945-0650 (Australia) 
 
  Phone: +1-416-619-3038 (North America) " 
 
So to make the claim that they are anything other than "happy to send the report" is an absolute lie.  If 
finance did indeed "consult with" anyone on this issue, and if they now "object" (note above how they do 
not), then any such "consultation" has clearly been done in bad faith with the intent of fabricating an 
excuse to refuse my request. 
 

 
The purpose of this letter is to provide you with notice of my internal review decision under 
the FOI Act. 
 
Internal Review Decision 
I have decided to affirm the original decision, being to find that the Master List is exempt in 
full under section 45 of the FOI Act. A copy of the original decision letter is at 
Attachment A
 
In making my decision, I have had regard to the following: 
  the terms of your original FOI request, subsequent correspondence and internal 
review request; 
  the original decision letter sent to you on 23 September 2022;  
  the content of the document that would fall within the scope of your request; 
  the Sponsorship Agreement between auDA and Finance; 
  the Registry-Registrar Agreement between Identity Digital and Finance; 
  consultation with auDA and Identity Digital and the joint submissions made by those 
parties; 
  the relevant provisions of the FOI Act;  
  relevant FOI case law (referenced throughout the original decision); and 
  the FOI Guidelines issued by the Office of the Australian Information Commissioner 
(FOI Guidelines). 
 
Exemptions 
Breach of confidence – section 45 
Section 45 of the FOI Act provides: 
(1)  A document is an exempt document if its disclosure under this Act would found an action, by a person 
(other than an agency or the Commonwealth), for breach of confidence. 
 
The FOI Guidelines provide: 
[5.158] A breach of confidence is the failure of a recipient to keep confidential, information which has 
been communicated in circumstances giving rise to an obligation of confidence. The FOI Act expressly 
preserves confidentiality where that confidentiality would be actionable at common law or in equity. 
 
The FOI Guidelines further provide: 
[5.159] To found an action for breach of confidence (which means section 45 would apply), the following 
five criteria must be satisfied in relation to the information: 
  it must be specifically identified 
  it must have the necessary quality of confidentiality 
  it must have been communicated and received on the basis of a mutual understanding of confidence 
  it must have been disclosed or threatened to be disclosed, without authority 
  unauthorised disclosure of the information has or will cause detriment. 
 
I have considered section 45 of the FOI Act, the FOI Guidelines, your reasons for the 
internal review, together with the reasons set out in Finance’s original decision letter under 
the heading ‘Breach of confidence – section 45’ from pages 5 to 9.  
 
In particular, you stated: 


 
The guideline quote: "information which has been communicated in circumstances giving rise to an 
obligation of confidence" does not apply, because I asked for a list of public domains names with the 
registrar in question is obliged to (and already has) place into the *public* DNS, shared with other 
registrars, and by other means also made publicly available.  There's no possibility for detriment, no 
threats involved, no requirement of confidentiality over the list of names that I'm requesting (obviously - it 
can't be both public and confidential at the same time), and no chance that any of the domains in the list 
are "specifically identified" as being confidential. 
  
I consider that Finance’s original decision letter, under the subheading ‘quality of 
confidence’ on pages 6-7, addresses your above statement. In particular how individual 
domain names are technically publicly accessible, however they require the user to already 
know the domain name to return results via the lookup function. Further, the aggregate of 
the domain names, being the Master List, is not publicly accessible. 
 
I consider that the five criteria listed in the FOI Guidelines at 5.159 are satisfied, for the 
same reasons as providing in Finance’s original decision letter. Given that I support the 
reasoning provided in that letter, I do not consider it necessary to repeat that information 
here. 
 
Based upon the above, I consider that the Master List is exempt in full under section 45 of 
the FOI Act. 
 
Authorised decision-maker 
I am authorised by the Secretary of Finance to grant or refuse access to documents. 
 
Review and appeal rights 
You are entitled to request an external review by the Office of the Australian Information 
Commissioner (OAIC) of my decision. The process for review and your appeal rights are set 
out at Attachment B.  
 
Yours sincerely, 
Digitally signed by Sheridan, John 
 
Date: 2022.10.19 12:22:10 +11'00'
John Sheridan 
First Assistant Secretary 
Information and Communications Technology Division 
Department of Finance 
19 October 2022 
 
 


ATTACHMENT B 
 
Freedom of Information – Your Review Rights 
 
If you disagree with a decision made by the Department of Finance (Finance) or the 
Minister for Finance (Minister) under the Freedom of Information Act 1982 (the FOI Act) 
you can have the decision reviewed. You may want to seek review if you sought certain 
documents and were not given full access, if you have been informed that there will be a 
charge for processing your request, if you have made a contention against the release of 
the documents that has not been agreed to by Finance or the Minister, or if your 
application to have your personal information amended was not accepted. There are two 
ways you can seek a review of our decision: an internal review (IR) by Finance or the 
Minister, or an external review (ER) by the Australian Information Commissioner (IC). 
 
Internal Review (IR) 
Third parties 
If, Finance or the Minister (we/our), makes a 
If you are a third party objecting to a decision 
Freedom of Information (FOI) decision that 
to grant someone else access to your 
you disagree with, you can seek a review of 
information, you must apply to the IC within 
the original decision. The review will carried 
30 calendar days of being notified of our 
out by a different decision maker, usually 
decision to release your information.  
someone at a more senior level.  
Further assistance is located here. 
 
 
You must apply for an IR within 30 calendar 
Do I have to go through the internal 
days of being notified of the decision or 
review process? 
charge, unless we agree to extend your time. 
No. You may apply directly to the OAIC for 
You should contact us if you wish to seek an 
an ER by the IC.  
extension. 
 
 
If I apply for an internal review, do I 
We are required to make an IR decision 
lose the opportunity to apply for an 
within 30 calendar days of receiving your 
external review? 
application. If we do not make an IR decision 
within this timeframe, then the original 
No. You have the same ER rights of our IR 
decision stands. 
decision as you do with our original decision. 
 
This means you can apply for an ER of the 
Review by the Australian 
original decision or of the IR decision. 
Information Commissioner (IC) 
 
Do I have to pay for an internal review 
The Office of the Australian Information 
or external review? 
Commissioner (OAIC) is an independent 
office who can undertake an ER of our 
No. Both the IR and ER are free.  
decision under the FOI Act. The IC can 
 
review access refusal decisions, access grant 
decisions, refusals to extend the period for 
applying for an IR, and IR decisions. 
 
If you are objecting to a decision to refuse 
access to a document, impose a charge, or a 
refusal to amend personal information, you 
must apply in writing to the IC within 60 
calendar days of receiving our decision. 

 
How do I apply? 
Can I appeal the Information 
 
Commissioner’s external review 
Internal review 
decision? 
To apply for an IR of the decision of either 
Yes. You can appeal the Information 
Finance or the Minister, you must send your 
Commissioner’s ER decision to the 
review in writing. We both use the same 
Administrative Appeals Tribunal (AAT).  
contact details, and you must send your 
 
review request in writing. 
There is a fee for lodging an AAT application 
 
(as at 19 October 2022 it is $1,011).  
In your written correspondence, please 
 
include the following: 
Further information is accessible here. 
 
 
  a statement that you are seeking a review 
The AAT’s number is 1800 228 333. 
of our decision; 
 
  attach a copy of the decision you are 
Complaints 
seeking a review of; and 
 
  state the reasons why you consider the 
Making a complaint to the Office of the 
original decision maker made the wrong 
Australian Information Commissioner 
decision. 
 
You may make a written complaint to the 
Email: xxx@xxxxxxx.xxx.xx 
OAIC about actions taken by us in relation to 
 
your application.  
Post:    The FOI Coordinator 
 
Legal and Assurance Branch 
Further information on lodging a complaint is 
Department of Finance 
accessible here. 
One Canberra Avenue 
 
FORREST  ACT  2603 
Investigation by the Commonwealth 
 
Ombudsman 
External review (Information 
The Ombudsman can also investigate 
Commissioner Review) 
complaints about action taken by agencies 
For an ER, you must apply to the OAIC in 
under the FOI Act. However, if the issue 
writing. The OAIC ask that you commence a 
complained about either could be, or has been, 
review by completing their online form here.  
investigated by the IC, the Ombudsman will 
 
consult with the IC to avoid the same matter 
Your application must include a copy of the 
being investigated twice. If the Ombudsman 
notice of our decision that you are objecting 
decides not to investigate the complaint, then 
to, and your contact details. You should also 
they are to transfer all relevant documents and 
set out why you are objecting to the decision. 
information to the IC. 
 
 
Email: xxxxx@xxxx.xxx.xx 
The IC can also transfer a complaint to the 
 
Ombudsman where appropriate. This could 
Post:    Office of the Australian Information 
occur where the FOI complaint is only one 
Commissioner 
part of a wider grievance about an agency’s 
GPO Box 5218 
actions. You will be notified in writing if your 
Sydney  NSW  2001 
complaint is transferred.  
 
 
The IC’s enquiries phone line is 
Complaints to the Ombudsman should be 
1300 363 992. 
made online here. 
 
 
The Ombudsman’s number is 1300 362 072.