[LINK] ABC News: "Get your .au address to prevent cybercrime"

Roger Clarke Roger.Clarke at xamax.com.au
Sat Sep 17 13:46:39 AEST 2022 

Australian business owners urged to shorten web addresses to avoid
cybercrime attack
ABC News
Sat 17 Sep 2022
https://www.abc.net.au/news/2022-09-17/new-domain-names-available-to-cut-cyber-crime/101446682


The venality of auDA in creating the .au domain is underlined by the
follow-on actions of the Small Business Ombudsman:
> ... businesses need to take action now to avoid their internet
identities potentially being sold to someone else ...
> "If you don't get control of the .au version of your domain name, a
cybercriminal masquerading as you could try to reach your customers."

There's also very belated recognition by the Australian Cyber Security
Centre (ACSC) of how stupid an idea this is and always was:
> [ACSC] also warned the new domain option provided another opportunity
for cybercriminals to commit fraudulent activity like business email
compromise, a specific type of phishing attack to trick people.


Another indicator is the encouragement to cyber-squat:
> The best thing for people to do is buy the .au website and sit on it
for a year. ... If after a year it all fizzles out, then you can choose
whether you need it or not".

That's after every domain-owner in the country has had the time, effort
and attention of its executives and managers, or of the sole-trader
themselves, or of volunteer-committee-members, wasted on working out
what this is all about, what it means, and what to do about it.


Instead of performing its functions, auDA has converted itself into an
exploiter of its monopoly position, to the detriment of the community
it's supposed to serve.  The sole winners from this are ISPs, lawyers,
and auDA itself.

That was all pointed out to them, multiple times, by academics, by the
primary consumer advocacy organisation, and by myself.

Their points were multiple times ignored, to the extent of entirely
omitting from their publications the criticisms the subs contained, e.g.

http://accan.org.au/files/Submissions/auDA%20Domain%20Names_Draft%20Recommendations%20Response%20Sept%202015_final.pdf

http://www.rogerclarke.com/II/Direct2LDs.html           (15 Jun 2007)
http://www.rogerclarke.com/II/Direct2LDs-2015.html       (9 Jun 2015)
http://www.rogerclarke.com/II/Direct2LDs-2015-No2.html  (30 Sep 2015)


For further evidence of the malbehaviour of the organisation, see the
email below reporting a major problem with another domain-owner-hostile
manoeuvre by the organisation.

My records show not even an ack, let alone a substantive response, let
alone constructive action, from any of the designated contact-point, the
auDA CEO or the auDA COO, who were all co-addressees.

____________

Date: Wed, 13 Jan 2021 10:44:24 +1100
From: Roger Clarke <Roger.Clarke at xamax.com.au>
To: Netregistry Support
<reply-fe9915757562027d71-828_HTML-233197128-100009088-6 at myonlinesuccess.com.au>,
Bruce.Tonkin at auda.org.au, Rosemary.Sinclair at auda.org.au

...
You wrote that:
> auDA has recently announced changes to the .AU domain eligibility
rules and identified the below domains(s) you’ve registered will be
impacted.  The new rules come into effect on the 12th April 2021.
...

I ... re-read your email, and discovered that:
-   your email refers to *UN*incorporated associations
-   you have written to an *incorporated* association (APF), and
    communicated that its domains are at risk
-   but incorporated associations are *not* at risk

I'm an experienced Chair and Secretary of associations and companies,
both for-profit and limited by guarantee, and a Visiting Professor in a
Faculty of Law.

And I was caught out by your email's wording.

So there's a very strong chance that a lot of people who've received it
are at least as confused as I was about what it means.

Please re-issue an amended email to get rid of the ambiguities:

1.  Your email should start with something like:

THIS DOES *NOT* AFFECT YOU IF THE ASSOCIATION THAT HAS THE DOMAIN-NAMES
LISTED BELOW IS ALREADY REGISTERED WITH THE A.C.N.C. OR WITH A STATE OR
TERRITORY REGISTRAR OF ASSOCIATIONS.

HOWEVER, IF THE ASSOCIATION IS *UN*INCORPORATED, IT WILL BE UNABLE TO
RENEW ANY .org.au DOMAIN NAMES UNTIL IT HAS BEEN REGISTERED EITHER WITH
A.C.N.C. OR WITH A STATE OR TERRITORY REGISTRAR.

2.  Other sentences need to be amended to avoid the false implication
that "you will need to register with the ACNC".

The correct statement is "you will need to either incorporate through a
State or Territory Registrar, or register with the ACNC".

3.  It would be helpful if you would provide at least the relevant URL
at the ACNC.  The least-worst page on the site seems to be this one:
https://www.acnc.gov.au/factsheet-unincorporated-associations-and-acnc-registration


Please acknowledge receipt of this email.

Please provide a substantive response in due course.

____________

Roger Clarke                            mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916   http://www.xamax.com.au  http://www.rogerclarke.com

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list