IT Network Documentation - IPv4/v6 Public Facing addresses

Ben Fairless made this Freedom of Information request to Attorney-General's Department

The request was refused by Attorney-General's Department.

From: Ben Fairless

Delivered

Dear Attorney-General's Department,

I am writing to you to request information pertaining to your Information Technology infrastructure.

Namely, I am after records detailing the IPv4 (and if relevant,
IPv6) addresses used to access the public internet from within your network.

To clarify, these are the public facing addresses of your private network. I am only requesting addresses that are used to access the general public internet.

In addition, if it is such that a particular IP address serves a
particular area within your department (for example, one IP address is used for Media Relations, while another is used for Ministerial Communications), I also request access to this information.

To assist you in locating this information, I suggest it would be found in network documentation, or at the very least in configuration files of your
router and firewall equipment.

Please do not hesitate to reply if you require clarification to
fulfil this request.

I look forward to your response.

Yours faithfully,

Ben Fairless

Link to this

From: FOI Requests
Attorney-General's Department

Thank you for your email. This is an automated response to advise you that
your email has been received by the Attorney-General's Department's FOI
Coordinator.

 

If you wish to lodge a request for access to documents under the Freedom
of Information Act 1982 (FOI Act), please ensure that your request is in
writing, states that it is an application for the purposes of the FOI Act
and provides sufficient detail describing the documents you wish to
access. The FOI Coordinator will acknowledge your request within 14 days.

 

 

Kind Regards

 

Freedom of Information and Privacy Section.

 

show quoted sections

Privacy Collection Notice

When you make a request for documents or an inquiry about privacy matters,
the Attorney-General’s Department will only collect your personal
information where it is reasonably necessary for, or directly related to,
our functions under the Freedom of Information Act 1982 or the Privacy Act
1988. We may collect your name, email address and telephone number so that
we can contact you about your request under the Freedom of Information Act
for access to documents or access to, or correction of, personal
information; or a complaint you have made or your request for access to,
or correction of, personal information under the Privacy Act. If your
request concerns your personal information, we will collect the minimum
amount of evidence necessary to verify your identity. The handling of your
personal information is protected by the Privacy Act 1988 and our privacy
policy is available at http://www.ag.gov.au/Pages/Privacystatem....
If you have an enquiry or complaint about your privacy, please contact the
Privacy Contact Officer on 02 6141 2660 or via e-mail [email address].

--------------------------------------------------------------------------

Link to this

From: FOI Requests
Attorney-General's Department

UNCLASSIFIED

4/9792

 

17 July 2014

 

 

Mr Ben Fairless

Sent via email to: [1][FOI #685 email]

 

Dear [2]Mr Fairless

Freedom of Information Request no. FOI14-139

 

I refer to your request for access to documents relating to the
Department’s Information Technology infrastructure under the Freedom of
Information Act 1982. I have taken your request to be for:

records detailing the IPv4 (and if relevant,IPv6) addresses used to access
the public internet from within your network.

 

To clarify, these are the public facing addresses of your private network.
I am only requesting addresses that are used to access the general public
internet.

 

In addition, if it is such that a particular IP address serves a
particular area within your department (for example, one IP address is
used for Media Relations, while another is used for Ministerial
Communications), I also request access to this information.

If you disagree with our interpretation of your request, please let me
know as soon as possible.

We received your request on 16 July 2014 and the 30 day statutory period
for processing your request commenced from the day after that date. You
should therefore expect a decision from us by 15 August 2014. The period
of 30 days may be extended if we need to consult third parties or for
other reasons. We will advise you if this happens.

It is the usual practice of the Department to not release the names and
contact details of junior officers of the Department and other government
agencies, where that personal information is contained in documents within
scope of a request.  The names and contact details of senior officers will
generally be released.  We will take it that you agree to the removal of
junior officers’ personal information unless you advise that you would
like us to consider releasing that information as part of the documents
you have requested.

Please note that information released under the FOI Act may later be
published online on our disclosure log
[3]http://www.ag.gov.au/RightsAndProtection...,
subject to certain exceptions. (For example, personal information will not
be published where this would be unreasonable.)

We will contact you using the email address you provided. Please advise if
you would prefer us to use an alternative means of contact. If you have
any questions, please contact the FOI Section by email [4][AGD request email].

 

Kind Regards

 

FOI Contact Officer

 

show quoted sections

Privacy Collection Notice

When you make a request for documents or an inquiry about privacy matters,
the Attorney-General s Department will only collect your personal
information where it is reasonably necessary for, or directly related to,
our functions under the Freedom of Information Act 1982 or the Privacy Act
1988. We may collect your name, email address and telephone number so that
we can contact you about your request under the Freedom of Information Act
for access to documents or access to, or correction of, personal
information; or a complaint you have made or your request for access to,
or correction of, personal information under the Privacy Act. If your
request concerns your personal information, we will collect the minimum
amount of evidence necessary to verify your identity. The handling of your
personal information is protected by the Privacy Act 1988 and our privacy
policy is available at http://www.ag.gov.au/Pages/Privacystatem....
If you have an enquiry or complaint about your privacy, please contact the
Privacy Contact Officer on 02 6141 2660 or via e-mail [email address].

--------------------------------------------------------------------------

References

Visible links
1. mailto:[FOI #685 email]
2. mailto:[email address]
3. http://www.ag.gov.au/RightsAndProtection...
4. file:///tmp/[AGD request email]

Link to this

From: FOI Requests
Attorney-General's Department

UNCLASSIFIED

14/9792

 

29 July 2014

 

 

Mr Ben Fairless

Sent via email to: [1][FOI #685 email]

 

Dear Mr Fairless

 

Freedom of Information Request no. FOI14-139

 

I refer to your request for access to documents relating to the
Department’s Information Technology infrastructure under the Freedom of
Information Act 1982. Specifically, you sought access to:

 

records detailing the IPv4 (and if relevant,IPv6) addresses used to access
the public internet from within your network.

 

To clarify, these are the public facing addresses of your private network.
I am only requesting addresses that are used to access the general public
internet.

 

In addition, if it is such that a particular IP address serves a
particular area within your department (for example, one IP address is
used for Media Relations, while another is used for Ministerial
Communications), I also request access to this information.

 

The ag.gov.au domain has the IPv4 address of 115.178.104.79 and IPv6
address of 2403:d500::4f. 

 

The domain is used for posting information relating to the work of the
department and you can submit enquiries to many areas of the department
using the web forms available.

 

Can you please advise if this is the information you are seeking? If so,
would you consider withdrawing your FOI request?

 

Kind regards

 

FOI Contact Officer

Freedom of Information and Privacy Section | Office of Corporate Counsel

Attorney-General's Department | 3 - 5 National Circuit, Barton ACT 2600
*: [2][AGD request email]

 

show quoted sections

Privacy Collection Notice

When you make a request for documents or an inquiry about privacy matters,
the Attorney-General’s Department will only collect your personal
information where it is reasonably necessary for, or directly related to,
our functions under the Freedom of Information Act 1982 or the Privacy Act
1988. We may collect your name, email address and telephone number so that
we can contact you about your request under the Freedom of Information Act
for access to documents or access to, or correction of, personal
information; or a complaint you have made or your request for access to,
or correction of, personal information under the Privacy Act. If your
request concerns your personal information, we will collect the minimum
amount of evidence necessary to verify your identity. The handling of your
personal information is protected by the Privacy Act 1988 and our privacy
policy is available at http://www.ag.gov.au/Pages/Privacystatem....
If you have an enquiry or complaint about your privacy, please contact the
Privacy Contact Officer on 02 6141 2660 or via e-mail [email address].

--------------------------------------------------------------------------

References

Visible links
1. mailto:[FOI #685 email]
2. mailto:[AGD request email]

Link to this

From: Ben Fairless

Delivered

Dear FOI Contact Officer,

Thanks for coming back to me with those, however I'm afraid its not what I'm after. I'll try and rephrase the information I'm seeking below.

I'm looking for the IP addresses that Departmental employees (such as yourself) use, split down into various areas of the Department (for example, you may use a different public IP to Ministerial relations). I'm not interested in your internal IP addresses, just the public IP address that you present when you attempt to access, for example, http://www.righttoknow.org.au.

I trust that helps you understand the information I'm looking for. If you would prefer to answer my question outside of FOI, I have no objection.

Thanks,

Ben Fairless

Link to this

From: FOI Requests
Attorney-General's Department

Thank you for your email. This is an automated response to advise you that
your email has been received by the Attorney-General's Department's FOI
Coordinator.

 

If you wish to lodge a request for access to documents under the Freedom
of Information Act 1982 (FOI Act), please ensure that your request is in
writing, states that it is an application for the purposes of the FOI Act
and provides sufficient detail describing the documents you wish to
access. The FOI Coordinator will acknowledge your request within 14 days.

 

 

Kind Regards

 

Freedom of Information and Privacy Section.

 

show quoted sections

Privacy Collection Notice

When you make a request for documents or an inquiry about privacy matters,
the Attorney-General’s Department will only collect your personal
information where it is reasonably necessary for, or directly related to,
our functions under the Freedom of Information Act 1982 or the Privacy Act
1988. We may collect your name, email address and telephone number so that
we can contact you about your request under the Freedom of Information Act
for access to documents or access to, or correction of, personal
information; or a complaint you have made or your request for access to,
or correction of, personal information under the Privacy Act. If your
request concerns your personal information, we will collect the minimum
amount of evidence necessary to verify your identity. The handling of your
personal information is protected by the Privacy Act 1988 and our privacy
policy is available at http://www.ag.gov.au/Pages/Privacystatem....
If you have an enquiry or complaint about your privacy, please contact the
Privacy Contact Officer on 02 6141 2660 or via e-mail [email address].

--------------------------------------------------------------------------

Link to this

From: FOI Requests
Attorney-General's Department


Attachment Signed decision letter Freedom of Info t FOI14139 Ben Fairless Ri....pdf
1.4M Download View as HTML

Attachment Schedule of documents FOI14 139 Mr Ben Fairless Right to Know Austr....pdf
161K Download View as HTML


UNCLASSIFIED

Dear Mr Fairless

Freedom of Information Request no. FOI14/139

 

I refer to your request for access to documents relating to the
Department’s Information Technology infrastructure under the Freedom of
Information Act 1982. Specifically, you sought access to:

 

records detailing the IPv4 (and if relevant,IPv6) addresses used to access
the public internet from within your network.

 

To clarify, these are the public facing addresses of your private network.
I am only requesting addresses that are used to access the general public
internet.

 

In addition, if it is such that a particular IP address serves a
particular area within your department (for example, one IP address is
used for Media Relations, while another is used for Ministerial
Communications), I also request access to this information.

 

Please find attached a copy of the decision in this matter.

 

Regards

Jo

 

FOI Contact Officer

Freedom of Information and Privacy Section | Office of Corporate Counsel

Attorney-General's Department | 3 - 5 National Circuit, Barton ACT 2600
*: [1][AGD request email]

 

show quoted sections

Privacy Collection Notice

When you make a request for documents or an inquiry about privacy matters,
the Attorney-General’s Department will only collect your personal
information where it is reasonably necessary for, or directly related to,
our functions under the Freedom of Information Act 1982 or the Privacy Act
1988. We may collect your name, email address and telephone number so that
we can contact you about your request under the Freedom of Information Act
for access to documents or access to, or correction of, personal
information; or a complaint you have made or your request for access to,
or correction of, personal information under the Privacy Act. If your
request concerns your personal information, we will collect the minimum
amount of evidence necessary to verify your identity. The handling of your
personal information is protected by the Privacy Act 1988 and our privacy
policy is available at http://www.ag.gov.au/Pages/Privacystatem....
If you have an enquiry or complaint about your privacy, please contact the
Privacy Contact Officer on 02 6141 2660 or via e-mail [email address].

--------------------------------------------------------------------------

References

Visible links
1. mailto:[AGD request email]

Link to this

Ben Fairless left an annotation ()

I've spoken with the FOI Officer and asked if I can discuss the matter informally with the Decision Maker prior to proceeding to Internal Review.

Link to this

From: FOI Requests
Attorney-General's Department

UNCLASSIFIED

Good afternoon Mr Fairless

 

Further to our phone conversation yesterday, I have discussed your request
with the decision maker in this matter.

 

The decision maker is of the view that, because of the inherent
sensitivity of the information you are requesting, it would not be
possible to re-phrase your request in such a way as to enable you to gain
access to the information sought. The decision maker remains of the view
that the information you have requested is exempt under ss 33 (national
security) and 47E (operations of agencies) of the FOI Act and that the
remainder of the document is outside the scope of your request (s 22).

 

If you disagree with the decision, it is open to you to apply for internal
review.

 

In addition, I note your request today for a copy of the word version of
the decision. As a word version of the decision would be unsigned, we have
decided to decline your request. However, if you are having difficulty
viewing the decision letter, we are happy to post you out a copy of the
signed letter.

 

Regards

Jo

 

FOI Contact Officer

Freedom of Information and Privacy Section | Office of Corporate Counsel

Attorney-General's Department | 3 - 5 National Circuit, Barton ACT 2600
*: [1][AGD request email]

 

show quoted sections

Privacy Collection Notice

When you make a request for documents or an inquiry about privacy matters,
the Attorney-General’s Department will only collect your personal
information where it is reasonably necessary for, or directly related to,
our functions under the Freedom of Information Act 1982 or the Privacy Act
1988. We may collect your name, email address and telephone number so that
we can contact you about your request under the Freedom of Information Act
for access to documents or access to, or correction of, personal
information; or a complaint you have made or your request for access to,
or correction of, personal information under the Privacy Act. If your
request concerns your personal information, we will collect the minimum
amount of evidence necessary to verify your identity. The handling of your
personal information is protected by the Privacy Act 1988 and our privacy
policy is available at http://www.ag.gov.au/Pages/Privacystatem....
If you have an enquiry or complaint about your privacy, please contact the
Privacy Contact Officer on 02 6141 2660 or via e-mail [email address].

--------------------------------------------------------------------------

References

Visible links
1. mailto:[AGD request email]

Link to this

From: Ben Fairless

Delivered

Dear Attorney-General's Department,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Attorney-General's Department's handling of my FOI request 'IT Network Documentation - IPv4/v6 Public Facing addresses'.

It is my contention that the decision maker has erred in the processing of my application. I shall attempt to detail why her decision is incorrect.

s.33 Exemption - "National Security"
==========================================
The Department incorrectly alleges that the release of a single IP address "constitutes a potential threat to the security of Commonwealth networks and communication systems". It then goes onto claim a s.33 exemption.

The decision maker has assumed that the information I am requesting is inherently secret. This is not the case. The IP address that I am requesting would be provided to every website that anyone in the Department visits. Therefore, it could be easily found out if a website owner was able to link a Departmental employee to an IP address (which isn't a mean feat if you look at websites such as Google).

In any case, simply because there is enhanced risk to Commonwealth Networks does not imply that the security of the Commonwealth as a whole is compromised.

The Department has (or should have) services that mitigate against DDoS attacks. In addition, regardless if the the IP address is disclosed or not, DDoS attacks are still possible.

I therefore contend that the release of the information will not affect the security of the Commonwealth.

s.47E Exemption - Public Interest Exemption
==============================================
The decision maker states that the disclosure of the IP address I seek would "enable methods used by the Department to conduct sensitive research" to be revealed.

I disagree with the Department's contention. Every time the Department accesses the internet, this IP address is provided to the website they access. Furthermore, the IP address is also left if the Department was to edit articles on, for example Wikipedia.

The Department also claims that the release of the information would have a substantial adverse affect on the proper and efficient conduct of the Department's IT Operations. It bases this claim that the Department could potentially see an increase in DDoS attacks. I contend that it is the responsibility of the Departments IT Teams to mitigate and defend against DDoS attacks, regardless as to their frequency, and this would not have a "substantial" effect, as this would appear to be the responsibility of this team.

If the Department continues to claim that there is a s.47E exemption, I would ask the Department to consider the below public interest factors:

s.11B(3)(b) - inform debate on a matter of public importance
------------------------
The purpose (whilst not relevant to my FOI request) could be to create a service that notifies the Public when the Department updates articles on public websites (such as Wikipedia).

If the Department was, for example, to update an article which relates to Data Retention on Wikipedia to include items which favor the Government's position, that would of interest to the Public and would inform public debate about Government actions.

s.11B(3)(c) - promote effective oversight of public expenditure
------------------------
Providing this information for the type of service described above could show when Departmental employees are wasting time, and therefore Taxpayer money.

If, as has been seen in other cases, several updates were made to an article about "The Voice (Australia Series 3)" then the public could be interested in why Taxpayer money is spent on employees updating articles which have no relevance to their position. This would encourage the Department to use Taxpayer funds in a reasonable manner, and encourage staff not to waste their time (and, therefore, taxpayer money) on websites not related to their role.

Consideration of s.11(B) - Irrelevant factors in Public Interest Exemptions
==============================================
The department suggests that the disclosure of the information will prejudice the effectiveness of the research it conducts on behalf of Government. The Department does not go into great detail about how this would happen. That said, I could see that the Commonwealth could well be embarrassed if the Attorney-General's Department was tasked with research in the field of Data Retention, or was tasked to covertly update public sources of information.

It is not a far stretch to assume that "enable methods used by the Department to conduct sensitive research" means that the Department doesn't want the Public to know what they have been asked to research as it could cause Embarrassment.

Summary
===========
For the above reasons, I contend that s.33 and s.47E have been applied incorrectly to this request. I therefore request an internal review and ask that the Department release the information, as it is in the public interest.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/i...

Yours faithfully,

Ben Fairless

Link to this

From: Ben Fairless

Delivered

Dear Jo,

I didn't see your email regarding access to the decision letter in MS Word format until after I had sent my request for Internal Review.

I have made a new request (https://www.righttoknow.org.au/request/f... for the decision letter in MS Word format, relying on s20(2) of the Freedom of Information Act. Right to Know generates a new email address per request, so it would be appreciated if you used the correct email address for the correct request.

Thanks,

Ben Fairless

Link to this

From: FOI Requests
Attorney-General's Department

UNCLASSIFIED

14/9792

 

8 August 2014

 

 

Mr Ben Fairless

Sent via email: [1][FOI #685 email]

 

Dear Mr Fairless

Freedom of Information Request no. FOI14/139

 

I refer to your application under the Freedom of Information Act 1982 for
internal review of the decision of the Department, notified to you on 6
August 2014. 

We received your application on 7 August 2014 and the 30 day statutory
period for completing the internal review commenced from the day after
that date. You should therefore expect a decision from us by 8 September
2014.

Please note that information released under the FOI Act may later be
published online on our disclosure log
[2]http://www.ag.gov.au/RightsAndProtection...,
subject to certain exceptions. (For example, personal information will not
be published where this would be unreasonable.)

We will contact you using the email address you provided. Please advise if
you would prefer us to use an alternative means of contact. If you have
any questions, please contact Joannah Burley, FOI case manager, on 02 6141
6666 or by email [3][AGD request email].

Regards

Jo

 

 

FOI Contact Officer

Freedom of Information and Privacy Section | Office of Corporate Counsel

Attorney-General's Department | 3 - 5 National Circuit, Barton ACT 2600
*: [4][AGD request email]

 

show quoted sections

Privacy Collection Notice

When you make a request for documents or an inquiry about privacy matters,
the Attorney-General s Department will only collect your personal
information where it is reasonably necessary for, or directly related to,
our functions under the Freedom of Information Act 1982 or the Privacy Act
1988. We may collect your name, email address and telephone number so that
we can contact you about your request under the Freedom of Information Act
for access to documents or access to, or correction of, personal
information; or a complaint you have made or your request for access to,
or correction of, personal information under the Privacy Act. If your
request concerns your personal information, we will collect the minimum
amount of evidence necessary to verify your identity. The handling of your
personal information is protected by the Privacy Act 1988 and our privacy
policy is available at http://www.ag.gov.au/Pages/Privacystatem....
If you have an enquiry or complaint about your privacy, please contact the
Privacy Contact Officer on 02 6141 2660 or via e-mail [email address].

--------------------------------------------------------------------------

References

Visible links
1. mailto:[FOI #685 email]
2. http://www.ag.gov.au/RightsAndProtection...
3. file:///C:\Users\brownfr\AppData\Local\Hewlett-Packard\HP%20TRIM\TEMP\HPTRIM.712\[AGD request email]
4. mailto:[AGD request email]

Link to this

From: FOI Requests
Attorney-General's Department


Attachment Signed decision letter Internal Review FOI14139 Mr Ben Fairless Ri....pdf
1.1M Download View as HTML

Attachment Schedule of documents Internal review FOI14 139 Mr Ben Fairless Ri....pdf
160K Download View as HTML


UNCLASSIFIED

Dear Mr Fairless

Freedom of Information Request no. FOI14/139

 

I refer to your request for internal review of a decision of the
Department on 6 August 2014 to refuse access to documents relating to the
Department’s Information Technology infrastructure under the Freedom of
Information Act 1982. Specifically, you sought access to:

 

records detailing the IPv4 (and if relevant,IPv6) addresses used to access
the public internet from within your network.

 

To clarify, these are the public facing addresses of your private network.
I am only requesting addresses that are used to access the general public
internet.

 

In addition, if it is such that a particular IP address serves a
particular area within your department (for example, one IP address is
used for Media Relations, while another is used for Ministerial
Communications), I also request access to this information.

 

Please find attached a copy of the internal review decision in this
matter.

 

Regards

Jo

 

 

FOI Contact Officer

Freedom of Information and Privacy Section | Office of Corporate Counsel

Attorney-General's Department | 3 - 5 National Circuit, Barton ACT 2600
*: [1][AGD request email]

 

show quoted sections

Privacy Collection Notice

When you make a request for documents or an inquiry about privacy matters,
the Attorney-General’s Department will only collect your personal
information where it is reasonably necessary for, or directly related to,
our functions under the Freedom of Information Act 1982 or the Privacy Act
1988. We may collect your name, email address and telephone number so that
we can contact you about your request under the Freedom of Information Act
for access to documents or access to, or correction of, personal
information; or a complaint you have made or your request for access to,
or correction of, personal information under the Privacy Act. If your
request concerns your personal information, we will collect the minimum
amount of evidence necessary to verify your identity. The handling of your
personal information is protected by the Privacy Act 1988 and our privacy
policy is available at http://www.ag.gov.au/Pages/Privacystatem....
If you have an enquiry or complaint about your privacy, please contact the
Privacy Contact Officer on 02 6141 2660 or via e-mail [email address].

--------------------------------------------------------------------------

References

Visible links
1. mailto:[AGD request email]

Link to this

Things to do with this request

Anyone:
Attorney-General's Department only: