The strange fact that government websites are rented

There is something quietly unsettling about the way governments manage their digital presence, and almost nobody talks about it. Every government department, every council, every statutory authority with a website — state, local, federal — holds its online address on a lease. It pays a registrar, year after year, for the right to keep that address. The moment that payment fails, the address is at risk. The moment the registrar changes its terms, the address is at risk. The moment someone in the right position forgets to renew, or a credit card lapses, or an agency restructure buries the admin credentials in a departed employee’s inbox, the address is at risk.

This is the current state of government digital infrastructure, and it is accepted almost without question as the natural order of things. We do not accept it. We think it is one of the most overlooked structural weaknesses in modern democratic administration — and we think the technology now exists to fix it permanently.

That is the argument we want to make in this post. Not a technical argument, though we will cover the technical dimensions. Not a political argument, though there are political consequences. This is fundamentally a practical argument about what governments owe their citizens when they publish themselves online, and what kind of infrastructure is worthy of the public trust.

What it actually means to rent a domain

Let us be precise about what is happening when any organisation, government or otherwise, registers a domain name under the current system.

You are not buying an address. You are licensing a string of characters from a registrar, which in turn operates under rules set by a central authority. Instead of owning your web address outright, you are leasing it through annual renewals. The registrar holds the real administrative power over that address. Registrars mediate domain registrations, but their centralised databases are prime targets for attackers — and this structure leaves room for hijacking, cache poisoning, and government-ordered suspensions.

The risks cascade in all directions. When a critical domain expires, the public website tied to it can stop resolving or become unreachable through normal DNS paths — turning a billing or process mistake into an immediate customer-facing outage. It is not merely the website that disappears. Email depends on the domain as much as the website does. If a domain falls out of good standing, mail delivery can fail, support inboxes can go dark, and operational communication can break at the same time the website goes offline.

For a private company, this is a serious operational risk. For a government, it is something worse. When a government department’s website goes dark — even briefly, even accidentally — citizens lose access to services they may urgently need. A health alert cannot reach the public. A court notice cannot be accessed. A local council’s planning portal vanishes. Permit applications stall. The relationship between a citizen and the institution they depend on is severed by an administrative failure that had nothing to do with policy, nothing to do with legislation, and everything to do with the brittleness of the underlying infrastructure.

Renewal notices may go to the wrong inbox, a former team member may still own registrar access, auto-renew can fail, payment methods can lapse, or an agency-managed domain may sit outside the organisation’s normal operational workflow. These are not exotic failure modes. These are the routine vulnerabilities of any organisation that manages addresses through a third-party renewal cycle. Governments are not exempt from them. And governments, more than any private entity, cannot afford them.

Beyond the accidental, there are the structural vulnerabilities. Traditional, centralised domain systems run by governing bodies like ICANN create vulnerabilities, from data breaches and hijacking to censorship and operational shutdowns. The architecture of the domain name system was built for speed and practicality, not permanence. If the authoritative DNS records are tampered with, attackers can redirect users to fraudulent sites and harvest sensitive information. When that happens on a government site, the breach is not just a cybersecurity incident. It is an attack on public trust in institutions themselves. Citizens who are redirected from what they believe to be an official government address to a fraudulent page do not merely lose data — they lose faith.

Public-service DNS infrastructures within a country are operated in a highly distributed manner by government-owned entities, trusted third-party local operators, or foreign cloud service providers. That distributed fragility is compounded at every level of government. State agencies use one set of registrars, local councils use another, statutory bodies use a third. There is no coherent digital sovereignty across the architecture. There is just a patchwork of rental agreements, each with its own renewal calendar, its own administrative contacts, its own points of failure.

This is what we are proposing to change — starting with Queensland.

Why Queensland, and why now

We secured six permanent onchain addresses for Queensland: .queensland, .qld, .brisbane, .surfersparadise, .gold-coast, and .brisbane2032. These are not domain names in the traditional sense. They are not leased. They are not subject to renewal. They are not controlled by a registrar who can withdraw them, modify them, or be coerced into surrendering them.

They are permanent infrastructure. Built on blockchain. Immutable at their root.

Queensland is not just a geography to us — it is a case study in what a place with genuine regional identity, genuine government complexity, and genuine digital ambitions could look like when its foundational online address layer is finally given the permanence it deserves. Queensland has a state government with dozens of departments. It has local governments up and down the coast and inland. It has statutory bodies, authorities, commissions, and services that touch millions of citizens’ lives. All of them currently exist online through rented addresses. All of them are, to varying degrees, at the mercy of the systems described above.

The question we kept coming back to, as we worked through what these onchain addresses could mean, was this: if you were designing government digital infrastructure from scratch, knowing what we now know about the vulnerabilities of renewal-based domain systems, would you build it this way? Would you make the digital presence of your courts, your health services, your electoral commission, your local councils, dependent on annual payments to a commercial registrar?

The answer, almost universally, when you put it that way, is no. Nobody building from scratch would choose this. The only reason it exists is historical inertia — the domain name system was created before blockchain technology made a better model possible, and nobody has paused long enough to ask whether the foundation should be rebuilt.

We are pausing. We are asking. And we are offering Queensland a different foundation.

What permanent onchain infrastructure actually means

Let us explain what we mean by permanent, because the word carries a lot of weight and deserves precision.

Ownership in an onchain system is tied to smart contracts and stored on decentralised networks. The address itself exists as a non-fungible token inside the owner’s crypto wallet, granting perpetual rights without renewal fees. There is no registrar in the traditional sense. There is no annual billing cycle. There is no expiry date. The address is owned, not leased — and the distinction is as profound as the difference between renting a building and owning the land it sits on.

Because all records are transparent and verifiable on the blockchain, tampering or unauthorised changes are almost impossible. This is not a claim about theoretical security — it is a statement about the architecture. The blockchain’s immutability means that the history of an address, every transfer, every modification, every claim, is publicly visible and cryptographically verifiable. Every registration, transfer, and modification is publicly recorded, creating a permanent audit trail.

For government, that audit trail is not incidental — it is essential. Every action taken on a government digital address should be accountable. Every transfer of administrative control should be logged. Every change to the records pointing to public services should be traceable. In the current system, these records are held by registrars and are only partially visible to the organisations that nominally own the addresses. In an onchain system, they are open by default.

The permanence also has a different dimension that matters specifically for government. Governments do not go out of business. They change form, they restructure, they merge departments and split agencies and change ministers. But the State of Queensland is not a startup that might pivot or fail. The Brisbane City Council is not a company that might be acquired. These institutions have a continuity that commercial organisations rarely do — and their digital addresses should reflect that continuity rather than being treated as a rolling annual cost that can accidentally lapse.

A permanent digital address serves as a permanent digital fingerprint that no external party can delete. For a government, that is not a nice-to-have. That is a baseline requirement for a functioning digital public sphere.

The layers of government, and the layers of the problem

Queensland government is not a single entity with a single website. It is a layered architecture of jurisdictions, each with distinct responsibilities, distinct constituencies, and distinct digital needs. To understand why permanent onchain addresses matter, it helps to think through each layer.

The state level

Queensland’s state government operates an enormous portfolio of online services. Health, education, transport, justice, environment, primary industries, treasury, planning — each of these portfolios contains multiple departments and agencies, each with their own digital presence. The state government’s flagship websites are, in principle, well-resourced enough to manage domain renewals. But even at this level, the vulnerabilities we described earlier apply. Bureaucratic transitions — changes of government, machinery-of-government restructures, the creation and abolition of departments — regularly scramble administrative ownership of digital assets. Domains that were managed by a department that no longer exists can become orphaned. Contact details attached to renewal accounts can become outdated overnight when a senior IT administrator leaves.

More fundamentally, the existence of a permanent, state-anchored onchain address system would change the relationship between state government and its own digital infrastructure. Rather than managing a sprawling portfolio of rented addresses across multiple registrars, the state could operate from a permanent, owned namespace. Departments would not maintain their digital presence by continuing to pay for it — they would hold it, permanently, as a public asset.

That shift — from rental to ownership — has implications for budgeting, for administration, for accountability, and for the trust citizens place in the permanence of government services. When a department’s website address is a permanent public asset rather than an annually renewed licence, the question of whether that service will still be findable next year is no longer a billing question. It is settled.

The local government level

This is where the case for permanent onchain addresses becomes most compelling, and where the risks of the current system are most acute.

Queensland’s local governments range from the Brisbane City Council, one of the largest local governments in the country, to small shires in remote inland areas with limited IT staff and limited budgets. All of them have an online presence. All of them provide digital services — development applications, rates payments, community notices, emergency communications. And all of them manage that digital presence on a shoestring, compared to what state or federal agencies can deploy.

For a small rural shire, a domain renewal is a real administrative burden. The person responsible for paying the bill may change. The email address attached to the renewal account may be someone who left the organisation. The credit card on file for auto-renewal may expire. Domains should be set to auto-renew as they will have an expiry date, after which administrative access is unavailable and another organisation could register your domain. That instruction, from government cybersecurity guidance, is sound advice — but it is also an ongoing obligation, and every ongoing obligation is a potential failure point.

After a domain’s expiry date, administrative access becomes unavailable and another organisation could register it — so renewal should use a payment method actively maintained by the organisation, and not a personal credit card that will expire. For a large city council with dedicated IT infrastructure, this is manageable. For a small inland shire with two IT staff covering everything from cybersecurity to printer maintenance, this kind of ongoing vigilance is much harder to guarantee.

The consequence, when it goes wrong, falls on the community. Residents who need to access council services — to pay rates, to check flood alerts, to find out about road closures, to submit development applications — find a dead website. Or worse: they find a website that looks like the council’s website, because someone registered the expired domain and pointed it at a convincing replica. Government impersonation via expired and re-registered domains is a genuine and documented threat. To prevent someone from using public information to impersonate a government or an official, verifying the identity of domain requestors is an important safeguard. But verification of requestors does not help when a domain has already lapsed.

A permanent onchain address eliminates this class of problem entirely. An address that cannot expire cannot be accidentally surrendered. An address that is permanently owned by the council is not available for re-registration by a bad actor the day after a missed renewal. The protection is structural, not procedural.

The departmental and service level

Below state agencies and local councils, there is an entire ecosystem of government-adjacent digital infrastructure: statutory authorities, regulatory bodies, publicly funded services, commissions, and boards. Many of these operate their own websites, their own email systems, their own digital service portals. Each is a separate rental arrangement. Each has its own renewal cycle, its own administrative contacts, its own points of failure.

We think about the citizen experience here, which is often overlooked. When someone interacts with a government website, they trust that the address they are using is genuinely that institution. That trust is currently underwritten only by the fact that the institution happened to renew its domain on time and nobody has tampered with its DNS records. It is trust built on procedural compliance rather than structural guarantee. Permanent onchain addresses make that trust structural. The address either belongs to the institution, permanently, on the blockchain — or it does not. There is no ambiguity, no window of vulnerability, no possibility of a fraudulent site occupying an accidentally lapsed address.

The sovereignty dimension

There is a dimension to this argument that goes beyond operational security and administrative efficiency. It is a question of sovereignty — specifically, digital sovereignty, and what it means for a government to genuinely control its own digital presence.

Traditional digital identity works through a hub-and-spoke model: a central authority — whether it is a government, a bank, or a tech company — issues credentials, stores data, and decides whether you can access services. You are, in effect, a guest in your own identity ecosystem.

That dynamic applies to governments as much as to individuals. When Queensland government departments rely on registrars controlled by international corporations, operating under rules set by bodies with no particular accountability to Queensland citizens, they are guests in their own digital ecosystem. They hold addresses at someone else’s pleasure, under someone else’s terms, in infrastructure that someone else ultimately controls.

Public-service DNS infrastructures within a country are operated in a highly distributed manner by government-owned entities, trusted third-party local operators, or foreign cloud service providers. The foreign cloud service provider dimension is particularly worth sitting with. A Queensland local council’s digital presence may ultimately depend on infrastructure operated by a data centre in a different country, subject to that country’s laws, under the control of a corporation whose interests are entirely distinct from the council’s constituents. This is not a hypothetical concern — it is the present reality of government digital infrastructure across Australia and across the world.

Permanent onchain addresses do not resolve every dimension of this sovereignty question. But they establish something fundamental: the root of the address itself — the thing that says “this is the official Brisbane City Council digital presence” — is owned. It is not leased. It is not contingent on a commercial relationship. It is not subject to a registrar’s terms of service. It is anchored to the blockchain, verifiable by anyone, controlled by the institution that holds it.

By using blockchain technology, these systems provide a form of self-sovereign infrastructure, allowing institutions to control their own data while enabling tamper-proof verification for services. For governments, that self-sovereignty is not just a technical nicety — it is a statement about the relationship between a democratic institution and the infrastructure through which it serves its citizens.

The permanence of place

There is another dimension to the .queensland, .qld, .brisbane, .surfersparadise, .gold-coast, and .brisbane2032 addresses that deserves its own consideration. These are not generic addresses. They are place names. They encode geography, identity, and belonging in a way that a generic TLD simply cannot.

When a government service is accessible at an address that includes .queensland or .brisbane, it says something meaningful. It says this service belongs to this place. It is not just a government service somewhere in the cloud — it is a Queensland institution, a Brisbane institution, operating from an address that reflects that identity. The address itself carries information about accountability and belonging that a generic address cannot.

This matters more than it might initially seem. The current state of government digital addresses is a mess of generic TLDs, legacy domains, and organisational acronyms that tell citizens very little about where they belong in the institutional landscape. A council website might sit on a .com.au address that was registered in the nineties and has never been rationalised. A statutory authority might operate on a domain that obscures its relationship to any particular level of government. Navigating government online requires citizens to know, in advance, what they are looking for — rather than being able to rely on a coherent, place-based address system that signals institutional identity clearly.

Permanent place-based TLDs for Queensland provide the foundation for a more coherent, more legible, more trustworthy government digital presence. When every level of Queensland government can locate itself within a permanent, Queensland-anchored namespace, the signal to citizens is clear: this address belongs to this place, permanently, and cannot be surrendered, impersonated, or allowed to lapse.

What it means to own something once

We want to return to the permanence point, because it has a practical dimension that gets lost in higher-level conversations about sovereignty and trust.

The current cost model for government digital addresses is not trivial. Across every level of Queensland government — state departments, statutory authorities, local councils, and the smaller agencies and services attached to each — there are hundreds of domains being renewed annually. Each renewal has a cost: a fee to the registrar, an administrative cost to track the renewal, to manage the billing, to update contact details, to handle any problems that arise. These costs are individually small and collectively significant. They also represent an ongoing obligation that never ends — an infrastructure cost that persists in perpetuity, requiring attention every single year, for as long as the address exists.

A permanent onchain address is purchased once. The payment — a single, one-time cost — ends the renewal cycle permanently. There is no next year’s bill. There is no auto-renewal to manage. There is no contact detail to keep updated at the registrar. The address is owned. Done.

For a small local council managing tight budgets and limited IT resources, this is not a minor convenience. It is a structural change to how they relate to their digital infrastructure. An address you own is a capital asset. An address you rent is an operating cost. Capital assets can be treated differently — they can be inventoried, assigned, transferred within the organisation as administrative arrangements change, and guaranteed to be present ten, twenty, fifty years from now without requiring any action at all.

The entire conversation about government digital addresses changes when the infrastructure is permanent. Right now, every government IT manager who oversees a portfolio of domains is managing a renewal calendar. They are thinking about which domains expire when, which payment methods are attached to which registrar accounts, which contact emails need updating. That entire class of problem disappears when addresses are permanent. The mental energy — and there is more of it than most people outside government IT appreciate — can be redirected to actual service delivery rather than infrastructure maintenance.

Trust, legitimacy, and the public record

We have spent a lot of this post talking about operational risks and administrative efficiency, because those are real and they matter. But we want to close with something more fundamental.

Government digital infrastructure is not just a service delivery mechanism. It is a component of democratic legitimacy. When a citizen accesses a government website, they are not just seeking information or transacting a service — they are engaging with a public institution. The address of that institution is part of the signal they receive about its legitimacy and permanence.

This permanence reinforces trust with audiences who value transparency and control. For a government, that trust is not discretionary. It is foundational. Citizens must be able to trust that the address they are using for a government service is genuinely that service. They must be able to trust that it will still be there next week. They must be able to trust that it has not been redirected by a bad actor, that the records it holds about its own identity have not been tampered with, that the institution at the other end of that address is exactly who they say they are.

Blockchain digital identities can revolutionise the way citizens interact with government services. By providing secure and tamper-proof digital addresses, governments can offer streamlined services, reduce bureaucratic inefficiencies, and enhance trust in public administration.

The public record dimension matters here too. Because all records are transparent and verifiable on the blockchain, tampering or unauthorised changes are almost impossible. Every transfer of administrative control over a government onchain address is recorded publicly and permanently. That means that the history of who has controlled a government’s official address is not held in a private registrar account that only the organisation itself can audit — it is on the public blockchain, verifiable by journalists, researchers, auditors, and citizens. The government cannot quietly transfer control of an official address without that transfer being recorded. The accountability is structural, not just procedural.

Governments are adopting blockchain-based applications across a variety of service domains, including digital identity, electronic voting, e-tendering, social security, public spending, and interoperable administrative systems. The pattern is becoming clear across jurisdictions: the combination of permanence, transparency, and tamper-resistance that blockchain infrastructure provides is being recognised as valuable for exactly the kind of institutional use cases that matter most — the ones where failure has consequences for real people.

Permanent onchain addresses for government are not a leading edge experiment. They are the logical next step in the evolution of government digital infrastructure, now that the technology to deliver them exists.

A different relationship between place and presence

Queensland is a big place. It stretches from subtropical rainforests in the south-east corner to the dry savanna of the Cape and the Torres Strait islands in the far north. It has one of the most geographically diverse and dispersed populations in the country. The communities that depend on government services across that geography have different needs, different resources, and different relationships with digital infrastructure.

But every one of them — from a family in Brisbane navigating housing services, to a farmer on the Darling Downs renewing a water licence, to a business owner in Surfers Paradise checking a development application, to a family in a remote Cape York community accessing health information — deserves a government digital presence that is permanent, trustworthy, and clearly identified with the place it belongs to.

The .queensland, .qld, .brisbane, .surfersparadise, .gold-coast, and .brisbane2032 addresses are not just product SKUs. They are the foundation of a different relationship between Queensland’s institutions and the digital ground they stand on. They are the beginning of a public digital infrastructure that is owned rather than rented, permanent rather than provisional, transparent rather than opaque.

We believe every level of Queensland government deserves that foundation. We believe Queensland citizens deserve to interact with government services through addresses that cannot accidentally disappear, cannot be impersonated through a lapsed renewal, and cannot be transferred without a public record. We believe the ongoing annual cost of renting government digital presence is not just a financial inefficiency — it is a structural vulnerability that has been tolerated for too long.

The case we are making

We are not arguing that everything about government digital infrastructure needs to change overnight. We are not arguing that traditional domain systems should be abolished, or that onchain addresses will solve every problem a government IT team faces. We are making a specific, bounded, and we believe overwhelming case: that the root addresses of Queensland government institutions should be owned permanently, not rented annually.

The argument, stripped to its essentials, is this:

Government institutions exist to serve citizens continuously and permanently. Their digital presence should reflect that permanence. The current model — annual renewal cycles, registrar dependency, centralised control by third parties — is structurally misaligned with the continuity that public institutions require. Blockchain infrastructure now provides a genuine alternative: addresses that are owned once, held permanently, verifiable publicly, and impossible to accidentally surrender.

Digital identity platforms are transforming the internet from a space of rented access to one of owned identity. Government should be at the front of that transformation, not dragged along reluctantly at the rear. The institutions that citizens depend on most — the ones that provide healthcare information, administer justice, issue permits, manage emergencies, run elections — should be the institutions whose digital addresses are most secure, most permanent, most clearly owned.

Queensland has the addresses. We have secured them. The foundation is there.

The question is whether Queensland’s institutions will build on it.