Bottle Domains loses auDA battle in Supreme Court of Victoria

Supreme Court of Victoria upholds auDA’s decision to terminate the registrar accreditation of Bottle Domains.

The Supreme Court of Victoria has ruled that the Australian Domain Name Administrator (auDA) acted correctly in its decision to terminate Australian Style Pty Ltd (which is owned by Nicholas Bolton and traded as Bottle Domains) registrar accreditation.

In February 2009, auDA was notified by the Australian Federal Police that there had been a security incident which affected customers of Bottle Domains.

The decision by auDA to terminate Bottle Domains’ auDA accreditation as a registrar followed this security incident that may have resulted in the account information of Bottle Domains’ registrants being accessed by third parties.

auDA discovered that Bottle Domains was the subject of a similar security breach in April 2007, which it believes the failure by Bottle Domains to report this breach may have caused or contributed to the incident this year.

The failure by Bottle Domains to notify auDA of the security breach in 2007, was a breach of its obligations under its Registrar Agreement to auDA, and consequently resulted in auDa’s termination of Bottle Domains’ accreditation as a registrar.

auDA has since discovered that Bottle Domains was the subject of an earlier security incident in April 2007, which auDA believes may have caused or contributed to the security incident in February 2009.

Bottle Domains failed to notify auDA at the time of the April 2007 security incident, which was a breach of its obligations under the Registrar Agreement.

“auDA takes security issues very seriously,” said auDA CEO, Chris Disspain in a media release. “In our view, Bottle Domains’ failure to deal properly with the security incident in April 2007 demonstrated an alarming disregard of the potential risks to its own customers, and to the overall stability and integrity of the Australian DNS.”

“Given the seriousness of the matter, it is appropriate that auDA terminate Bottle Domains’ registrar accreditation.”

Information provided to auDA by Bottle Domains in regard to the April 2007 incident revealed that it did not reset customer passwords or alert its customers to the possibility that their account information had been accessed by third parties. Bottle Domains also failed to conduct an independent security audit to verify that the security vulnerability had been fixed, and that there was no other unauthorised access to its systems.

Australian Style Pty Ltd claims that auDA was not notified of the 2007 security incident because the company did not consider this to be a breach. It believed that no registrant information had been compromised and that the breach was engaged due to software testing the of the system’s vulnerabilities. Nonetheless the Supreme Court of Victoria refuted these claims, ruling that what happened in 2007 should be classed as a breach.

“It is not to the point that Mr Bolton was informed that this unauthorised access was engaged in for an innocent purpose (to test the vulnerability of the Australian Style system) without any private information being obtained. The security breach occurred when the unauthorised PHP injection was performed,” said Justice Hargrave.

The Supreme Court of Victoria decided that Australian Style had therefore gone against the registrar agreement by not notifying auDA of the problem. In handing down his judgment, Justice Hargrave stated that Bottle Domain’s failure to report this security breach prevented auDA from performing its regulatory role under the agreement, contributing to the further breach this year.

Bottle Domains was also found to be in breach of its registrar agreement for misleading auDA when it sent out e-mails to registrants regarding the 2009 security breach, with Justice Hargrave believing that this was an attempt to play down the severity of the situation.

“Mr Bolton’s conduct following the 2009 security breach…preferred the commercial interests of Australian Style to the legitimate interests of registrants who may have been affected,” Justice Hargrave stated.

“There was nothing unreasonable about [auDA’s] decision to terminate the agreement.” Final orders will be made by the Supreme Court of Victoria on 30 September, 2009.

Follow GoodGearGuide on Twitter: @Goodgearguide

Tags auDAcourt casebottle domains

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jake Wilson

Good Gear Guide

2 Comments

paul

1

So where does that leave us?

I'm assuming that auDA will contact those of us with domains registered with Bottle to suggest alternate options?
Paul

Anonymous

2

Larry's press release of April seems to have been premature.

http://www.pcworld.idg.com.au/article/299855/auda_recklessness_damages_australian_domain_industry

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?