Australian domain administrator auDA wants police to be trained in how the internet works and who’s responsible for the different components of service delivery, in part to reduce the number of misdirected questions being received.
The administrator said in a parliamentary submission [pdf] that with the exception of “a small number of specialist areas” in the Australian Federal Police, “there does not appear to be a deep understanding within law enforcement bodies, as to the internet ecosystem.”
“This lack of clarity extends to a lack of awareness about the roles and responsibilities of the various actors in the ecosystem, including telecommunications companies, internet service providers, web hosting companies, email service providers, cloud computing operators, domain name system (DNS) operators, registrars and web developers,” it said.
“There is also a low level of understanding about the different top-level domains (TLDs).
“auDA is able to assist with enquiries related solely to domain names ending in .au. auDA is not responsible for the administration of other TLDs and is unable to respond to enquiries related to them.”
The domain administrator suggested that police agencies receive “targeted training on the internet ecosystem and the actors within it”.
This, it suggested, “would enhance the detection and investigation of cybercrime by ensuring that requests for assistance are directed to the most appropriate entity.”
International information exchange
auDA also urged careful consideration by Australia on whether to agree to new international rules around turning over domain registration information to foreign police and investigators.
The so-called “second additional protocol to the Budapest Convention on Cybercrime” would allow such requests.
auDA said it currently directs foreign police agencies to check the public .au WHOIS tool for information, and that requests for additional information are routed via the Australian Federal Police.
The Australian domain administrator said that if Australia joined the treaty, its preference would be for the AFP to be the first point of contact for registration information requests.
“auDA would be pleased to engage in any consultation processes relating to these treaties at the appropriate time, however, we take this opportunity to recommend that should Australia accede to the additional protocol, any requests from a foreign authority for non-public .au domain registration information should come via an appropriate Australian authority, such as the AFP,” it said.
“While we recognise that timeliness is critical during cybercrime investigations, and that mutual legal assistance treaties can have significant limitations in this regard, we consider that any potential risks associated with providing non-public information to foreign governments should not be borne by private companies.”
About Author
