IT Network Documentation - IPv4/v6 Public Facing addresses

Ben Fairless made this Freedom of Information request to Department of Defence as part of a batch sent to 29 authorities

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was refused by Department of Defence.

Dear Department of Defence,

I am writing to you to request information pertaining to your Information Technology infrastructure.

Namely, I am after records detailing the IPv4 (and if relevant,
IPv6) addresses used to access the public internet from within your network.

To clarify, these are the public facing addresses of your private network. I am only requesting addresses that are used to access the general public internet.

In addition, if it is such that a particular IP address serves a
particular area within your department (for example, one IP address is used for Media Relations, while another is used for Ministerial Communications), I also request access to this information.

To assist you in locating this information, I suggest it would be found in network documentation, or at the very least in configuration files of your
router and firewall equipment.

Please do not hesitate to reply if you require clarification to
fulfil this request.

I look forward to your response.

Yours faithfully,

Ben Fairless

FOI, Department of Defence

UNCLASSIFIED

Good morning

Thank you for your email. Your request has been forwarded for consideration/action.

Someone from our office will be in contact.

Kind regards

Nicole Hanna
FOI Operations Officer
Ministerial and Information Management Branch Defence Support and Reform Group
* Department of Defence | CP1-6-001| PO Box 7910 | Canberra ACT 2610 | * (02) 6266 2210 |Email
[email address]

http://www.defence.gov.au/FOI/privacy.asp

show quoted sections

Hi Nicole,

Thanks for your email. I tried to call you however the line appears to be dead.

I made a request to Defence Imagery and Geospatial Organisation which they also referred to you (see https://www.righttoknow.org.au/request/i...).

Can you confirm that my request to the Department of Defence also includes (but is not limited to) the Defence Imagery and Geospatial Organisation?

Thanks,

Ben Fairless

FOI, Department of Defence

UNCLASSIFIED

Hi Ben

I can confirm that requests to Defence Imagery and Geospatial Organisation and Australian Signals Directorate are managed by Defence Freedom of Information.

I have checked the phone line and it appears to be working fine now.

Kind regards

Nicole Hanna
FOI Operations Officer
Ministerial and Information Management Branch Defence Support and Reform Group
* Department of Defence | CP1-6-001| PO Box 7910 | Canberra ACT 2610 | * (02) 6266 2210 |Email
[email address]

http://www.defence.gov.au/FOI/privacy.asp

show quoted sections

Ben Fairless left an annotation ()

The above email has been hidden at the request of the Decision Maker, who's signature appears within an attachment.

The response is provided below:
Dear Mr Fairless

1. I refer to your email, dated 16 July 2014, in which
you requested access, under the Freedom of Information Act 1982 (FOI
Act), to:

"information pertaining to your Information Technology infrastructure.

Namely, I am after records detailing the IPv4 (and if relevant,

IPv6) addresses used to access the public internet from within your
network.

To clarify, these are the public facing addresses of your private
network. I am only requesting addresses that are used to access the
general public internet.

In addition, if it is such that a particular IP address serves a
particular area within your department (for example, one IP address is
used for Media Relations, while another is used for Ministerial
Communications), I also request access to this information.

To assist you in locating this information, I suggest it would be found
in network documentation, or at the very least in configuration files of
your router and firewall equipment."

2. The purpose of this letter is to provide you with
the decision on your request.

FOI decision maker

3. Ms Andrea Sansom, Acting Director, Freedom of
Information is the accredited officer pursuant to section 23 of the FOI
Act to make a decision on this FOI request.

Decision

4. Ms Sansom decided to deny access to the requested
document, as it is considered exempt under section 33 [documents
affecting national security, defence or international relations of the
Commonwealth] of the FOI Act.

Material taken into account

5. In making her decision, Ms Sansom had regard to:

a. the terms of the FOI request:

b. the specific content identified;

c. relevant provisions in the FOI Act,

d. Defence guidance material on the FOI Act and the guidelines
published by the Office of the Australian Information Commissioner under
section 93A of the FOI Act (the guidelines);

e. advice from Attorney General's Department; and

f. advice from Defence's Chief Information Officer Group.

Reasons for Decision

Sub-Section 33(a)(i) - security of the Commonwealth

6. Ms Sansom advised that she contacted the Chief
Information Officer Group (CIOG), who advised that the information
requested exists within the Defence Information Environment (DIE).

7. The CIOG advised that there are potential security
implications of detailing which IP addresses relate to specific services
outside the department. It is considered that disclosure of the
requested information could provide key information and could compromise
the DIE.

8. Ms Sansom took into consideration the guidelines,
which state:

The term 'security of the Commonwealth' broadly refers to:

...(b) the security of any communications system or
cryptographic system of any country used for defence or the conduct of
the Commonwealth's international relations.

9. In deciding that material was exempt under section
33 of the FOI Act, Ms Sansom also considered the mosaic effect: The
Guidelines state that:

5.33 Normally when assessing the potential harm in releasing a
document, a decision maker looks at the contents of the document in
question. But when evaluating potential harmful effects of disclosing
documents that affect Australia's national security, defence or
international relations, decision makers may take into account the
intelligence technique usually known as the 'mosaic theory'. This theory
holds that individually harmless pieces of information, when combined
with other pieces, can generate a composite - a mosaic - that can damage
Australia's national security, defence or international relations.
Therefore, decision makers may need to consider other sources of
information when considering this exemption.

5.34 The mosaic theory does not relieve decision makers from
evaluating whether there are real and substantial grounds for the
expectation that the claimed effects will result from disclosure. It is
a question of fact whether the disclosure of the information, alone or
in conjunction with other material, could reasonably be expected to
enable a person to ascertain the identity or existence of a confidential
source. This is not always simple. For example, in Re Slater and Cox the
evidence that persuaded the AAT of a 'mosaic effect' claim was an
analysis of 22 thirty-five-year-old documents.

10. Ms Sansom took into account that disclosure of this
information may add to what is already known, or already in the public
domain, which could lead to an adversary applying a mosaic effect to
information relating to the DIE and undermine its effectiveness.

11. Finally, Ms Sansom also had regard to advice from the
Attorney- General's Department with regard to release of material
relating to departments' ICT capability.

12. Taking all of the above into consideration, Ms Sansom
was satisfied that the requested information is exempt under section
33(a)(i) of the FOI Act.

Section 22 - access to edited copies with exempt or irrelevant matter
deleted

13. Where a decision maker decides to deny access to a
document they must consider whether the document can be released with
the exempt matter deleted in accordance with subparagraph 22(1) of the
FOI Act. Ms Sansom considered providing you with an edited version of
the document, having regard to section 22(1)(c) of the FOI Act and
paragraph 5.3 of the Guidelines. However, she decided against this
course of action as it would not be possible, nor practical, to delete
the exempt material and retain a meaningful non-exempt version of the
document as all of the information would be deleted.

Section 7 - exemption of certain person and bodies

14. Ms Sansom noted that you submitted the same request to
a number of Australian government agencies, including 2 that fall within
the Defence portfolio, being the Australian Signals Directorate (ASD)
(previously the Defence Signals Directorate (DSD)) and the Australian
Geospatial-Intelligence Organisation (AGO) (previously the Defence
Imagery and Geospatial Organisation (DIGO)).

15. Section 7 of the FOI Act exempts intelligence agencies,
documents originating from those agencies, and extracts of those
documents, from the provisions of the FOI Act. Accordingly, the
subsequent requests as referred to in paragraph 14 above have not been
considered as they are listed in subsection 7(2A)(a) of the FOI Act.

Further information

16. FOI Act may be accessed at:
http://www.comlaw.gov.au/Details/C2014C0....

17. All departmental action on your request is now
complete. Should you have any questions in regard to this matter please
contact this office.

Yours sincerely

Theresa Stinson
Assistant Director - Media Case Management Freedom of Information