Australia’s 18-year old framework for managing domain names is no longer fit for purpose, a review of .au Domain Administration (auDA) has determined.

“Significant and urgent reforms” will now be made after the government accepted all 29 recommendations of a scathing review into the 18-year old framework.

Managed by the Department of Communications and the Arts, the review was announced in October 2017 to update the domain management policies established when the .au Domain Administration (auDA) was established in 2000.

The review’s terms of reference included auDA roles and responsibilities, governance and management, stakeholder engagement, and future risks to the security and stability of the .au country-code top-level domain (ccTLD).

An explosion of Internet usage has seen the number of domains soar over time, with around 3 million second-level domains within the .au ccTLD.

That makes Australia’s domain name space the ninth most-populous in the world.

However, growth has declined sharply in recent years, and challenges arising in the form of competition from mobile apps and “increasingly more diverse and innovative” attacks on websites and DNS infrastructure, have had an effect.

In the face of these threats, the final report heaped criticism on auDA’s current membership and corporate governance model – which, the report noted, “is impeding auDA’s decision making and is contributing to ongoing organisational instability.”

A key issue was a lack of probity around the appointment of directors, many of whom are appointed from within the membership “with little regard to the skills required to effectively govern a modern domain administrator”.

This finding echoes recent calls by ACS President Yohan Ramasundara for greater representation of technical skills on company boards.

Internal battles over .au

Conflict within auDA has recently escalated after the board decided to change Australian domain names to the top-level .au space, which is currently only used by a few organisations including the CSIRO.

auDA member Jim Stewart – who warned in a review submission that direct .au registration would cost millions and “damage the .com.au brand possibly irreparably” – earlier this month iTWire reported, joined members Joshua Rowe and Paul Szyndler to lobby the organisation’s 319 members for a special general meeting and no-confidence vote in CEO Cameron Boardman.

In his 150-day report delivered earlier this month, auDA independent chair Chris Leptos wrote that “a number of practices” of former auDA directors “warranted referral to the Victoria Police”.

These events occurred just days before the auDA review was handed down but presage recommendations that are, the report said, designed to “improve stakeholder engagement, transparency and accountability, and to promote trust and confidence in the .au domain name”.

That confidence has been shaky for some time, said telecommunications consultant Paul Budde.

“Unlike other associations, which in general have less money going through the organisation, it’s quite a lucrative business,” said telecommunications consultant Paul Budde, noting “a bit of greed, power struggles, and a lack of transparency. auDA is too focused on the people that are in charge.”

“This has been going on for a long time, and needs a change. The industry should be able to sort this out themselves – but unfortunately, you need a stick. It’s in the interests of everyone that this gets clean and transparent.”

Government may withdraw auDA support

The updated terms of endorsement (ToE) reflect “changes to the digital landscape…. and provide the auDA with the mandate to make the necessary reforms to its governance arrangement,” Minister for Communications and the Arts Senator the Hon Mitch Fifield said in a statement.

The new ToE set down a range of mandates for auDA, including the need to “ensure stable, secure and reliable operation” of the .au country-code top-level domain (ccTLD); respond quickly to issues around DNS security; maintain a governance structure including a mix of technical and corporate board skills, and an independent process for assuring the suitability of board candidates; to develop a comprehensive stakeholder engagement plan; to maintain an effective reporting framework that includes quarterly performance and work-priority updates to the Department; and more.

Acceptance of the ToE by auDA could see “a clear pathway for reform” within 3 months, and full reform implemented within 24 months, the report said. However, it noted that the changes would require “significant constitutional reform” and that it was “unclear” to what extent the reforms were supported by auDA’s “interventionist membership based concerned about the direction of the organisation”.

The report flags the possibility of reassigning domain-name management to an alternative third-party provider, should the necessary constitutional reform prove too problematic.

The ToE allows the government to independently review auDA’s reporting processes at any time, and requires auDA to develop a strategy for “an orderly transition to an alternative domain administrator” if the government withdraws its formal endorsement of the organisation, which was given after the government was brought into the evolving domain administration in 1999.

Afilias Australia, Leptos noted, is finalising transition plans and upgrading its infrastructure to improve reliability and speed after being chosen by auDA in December to manage the .au ccTLD from July 1. Afilias Australia is the local arm of global domain-name registry Afilias, the world’s second-largest registry.