Draft #4 of the Code of Practice follows subject to the grace of Magna's
majordomo...

Changes from draft #3 are:
- rewording to state that the Code only applies to some subset of the
.au
sub-domains, currently just .com.au
- 2.2.3 modified to reflect possible impact of privacy legislation
- 2.8 modifed to remove use of the word "agent".
- 3.1 modified to remove "Police" as an example of an authoritative body

Comments and suggestions encouraged.

There were a bunch of suggestions for inclusion into the Code of
Practice which I thought might be better placed in a DNA Terms and
Conditions document.  A collection of those suggestions is posted
separately.

Leni.

====

Code of Practice
Draft #4
Comments to dns§intiaa.asn.au or leni§toplevel.net

1 Introduction

This Code of Practice (ãCodeä) governs the conduct of  Domain Name
Administrators (ãDNAsä) operating under the aegis of the Australian
Domain Name Authority. (ãADNAä).

The Code applies to DNA activities within specific subdomains of .au,
currently: .com.au

The Code does not apply to DNA activities in domains not governed by
ADNA.

A DNA may not evade application of the Code, either by contract or
otherwise.

The Code shall be applied and enforced by the Code of Practice Committee

(ãThe CPCä) who shall be independent of  DNAs and appointed by the ADNA
board.

The Code may be amended from time to time by due process of the ADNA
board after due and proper consulation with DNAs.

DNAs must comply with the spirit as well as the letter of the Code.

DNAs recognise that compliance with the Code does not necessarily
guarantee that they are acting within the law.

2 Code Of Practice

A "competitive domain" is one in which more than one DNA registers
names.   Sections 2.6, 2.7 and 2.8 always applies to competitive
domains. Sections 2.6, 2.7, and 2.8 shall not apply to domains in which
only one DNA operates.

2.1  General Requirements

DNAs shall use their reasonable endeavours to ensure the following:

2.1.1 Services and promotional material do not contain or encourage
anything which is in the breach of the law, nor omit anything which the
law requires.
2.1.2 Services and promotional material are not of a kind that are
likely to mislead by inaccuracy, ambiguity, exaggeration, omission or
otherwise.
2.1.3 Promotions transmitted via radio, television, print or any other
media observe the provisions of this Code.

2.2 Operational requirements
2.2.1 DNAs are required to maintain a database of contact information of

registrants. The database contains information about the entities to
whom allocations of names within a domain have been made. This
information shall include their name, e-mail address whether within the
allocated domain or elsewhere, and contact information independent of
the internet such as telephone number, fax number or postal address. The

database allows contact to be made with the owners of subdomains should
their  network connection become non-existent or inoperable.
2.2.2 DNAs shall make reasonable attempts to keep their database of
contact information of registrants up-to-date.
2.2.3 The database must be replicated offsite, unless the DNA is
prevented from doing so by law, in which case special dispensation must
be obtained from ADNA.

2.3 Privacy and secrecy
2.3.1 DNA services involve the collection of personal information from
customers, such as name and addresses.  DNAs shall make reasonable
endeavours to make it clear to the customer the purpose for which the
information is required. DNAs shall identify the information user if
that user is different from the DNA or AUNIC.  The DNA must also give
the customer the opportunity to prevent such usage.
2.3.2 No undertaking given by a DNA to its customers, suppliers,
information providers or others shall preclude that party from
delivering information pertinent to a complaint to the ADNA CPC in
confidence.

2.4 Fair Trading
2.4.1 In its dealings with consumers, other businesses and each other,
DNAs must act fairly and reasonably at all times.
2.4.2 The DNA shall bring to the attention of its customers the
existence of the Code and the complaints procedure available to the
customer pursuant to the provisions of the Code.

2.5 Pricing
2.5.1 The DNAs must ensure that the charge for the service is clearly
stated in relevant promotional material. The price quoted should include

taxes where applicable.
2.5.2 Textual pricing information should be legible, prominent, and
presented in such a way that does not require close examination.

2.6 Non-collusion
2.6.1 DNAs should not collude in order to fix prices and shall be
subject to ACCC guidelines.
2.6.2 DNAs shall treat all customers equally and consistently.  Pricing
and policies may change over time, and there may be volume discounts and

such-like but there should not be a policy of ãone price/service for
this customer and another price/service for that customerä.

2.7 Domain Names
2.7.1 Within a given domain and itâs subdomains, DNAa shall treat all
names equally.  Pricing and policies may change over time, but there
should not be an effect of ãone price for this name and one price for
that nameä.
2.7.2 With a shared registry, a DNA cannot guarantee that a name can be
registered on behalf of a customer until it has done so.  DNAs should
avoid making claims or guarantees that do not reflect this basic
principle.
2.7.3 DNAs will rigorously adhere to and apply the generic policies of a

domain.  This applies to the naming policy of a domain (such as that of
.com.au), as well as the  ãfirst come, first servedä policy that may
apply in other domains.
2.7.4 With respect to the domains that a DNA operates in, a DNA shall
only register names for itâs exclusive use for the purpose of itâs DNA
operations.  The number of domains in this category should be very
small.
2.7.5 With respect to domains that it operates in, a DNA may register a
domain name with the intention of registering names in the subdomain
only if all other DNAs within the ADNA framework are also able to
register names in the subdomain. As Robert Elz puts it, there is no
notion of ãI thought of it first!ä

2.8 Avoiding Appearance of Conflict of Interest
A customer (that is, the administrative contact) may use an
ãintermediaryä to register a name on their behalf.  The intermediary is
the person, company or organisation that fills out or submits the
application form to a DNA on behalf of the customer.

A DNAâs  ãrelated partiesä includes any individual, business or
corporate entity with which it has an operational, employment or
directorship function in common.

In order to avoid any appearance of confilct of interest, a DNA should
not accept registration requests from any customer or intermediary that
is a related party.

This means for example, that an ISP, or itâs directors can run a DNA,
but the ISP business cannot register names with the DNA business.  The
ISP must use the services of an unrelated DNA.

The nature of this prohibition and identification of the ãrelated
partiesä should appear on any and all application forms where there is a

risk of such confict of interest arising.

3 Complaint Procedures and Sanctions
3.1 Complaints

The CPC will be responsible for considering the full nature and extent
of complaints and may consult with the DNA(s) concerned. The CPC shall
be entitled to consult relevant parties (for example government
authorities) prior to making a determination. DNAs agree to co-operate
fully with the CPC.
We can anticipate that complaints may be presented by:
? members of the general public,
? authoritative bodies (for example the Courts, the ACCC) and
? other DNAs.

It would seem that there are three possible scenarios for complaints:
? A complaint is made directly to a DNA. The DNA acts on that complaint
and remedies the complaint to the satisfaction of the complainant.
? A complaint is made directly to a DNA. The DNA and complainant are
unable to resolve the issue. The complainant refers the complaint to the

CPC of ADNA.
? A complaint is made directly to the CPC.

The CPC acknowledges that the DNA may not have direct knowledge of a
complaint and may initially contact the DNA on an informal basis.
Before making a determination, the CPC will:
? notify the DNA in writing of the complaint and
? allow the DNA an opportunity to respond.

The CPC shall be responsible for communicating the determination of the
complaint to the DNA and the complainant.  Where a complaint is upheld
by the CPC, the CPC may seek to claim from the DNA, at its sole
discretion, the reasonable administrative costs incurred by the CPC in
processing the complaint.

3.2 Sanctions
DNAs must comply with any conclusion reached by the CPC, including a
decision to impose a sanction as a result of a breach of the Code.
Written notification of this will be forwarded to the DNA by the CPC.
The sanctions to be imposed by the CPC on behalf of ADNA shall be
regularly reviewed and may include fines and ultimately, revoking the
DNAs licence to operate in any or all domains under the ADNA aegis.
The CPC shall apply sanctions to the DNA in proportion to the perceived
seriousness of the breach of the Code.  The CPC will make itâs best
effort to apply any sanctions consistently among DNAs.  Repeated
breaches may attract stiffer sanctions.

4 Acknowledgements
This document was developed by the internet community in Australia.  An
early draft of this document was based in part on the ISPA UK Code of
Practice: http://www.ispa.org.uk.  Thanks to Robert Elz for permission
to use parts of his post relating to managment of the id.au domain:
http://www.id.au.

5 Suggested but not yet added
This section is empty as of draft #3.

6 Weaknesses and things needing clarification
6.1 Complaints procedure
More work is needed on the complaints procedure, including:
? Statement of intention on how to populate the CPC ö they should be
seen to be independent of DNAs.
? a clear procedure for initiating and resolving complaints.  Eg. E-mail

address, telephone number, a on-line web form.  Turnaround times etc.
6.2 Unresolved questions re: the Database of contact information of
registrants
Who ãownsä the database?  Has this ownership been tested in a court in
Australia?  Should ADNA keep a replicated copy of each DNAs database in
case a DNA just vanishes?