The parable of the domain names

Ikaika M Hussey

The President of the University of Hawaii System is asking for the state legislature to get involved in a fight against an adult site – “universityofhawaii.xxx” (not .com as misreported by the Associated Press and repeated by the Star-Advertiser). Here’s what Dr. M.R.C. Greenwood wrote to the State Senate about S.B. 2066, a bill about unauthorized use of a computer:

The University’s testimony is not about the specific language in this bill as currently written, but rather, a request that your committee, and the Legislature as a whole, consider incorporating language that provides a real and significant deterrence for the fraudulent use of Internet domain names.

SB 2066 is a bill about breaking into a computer and using it without authorization—i.e., what most people would call “hacking.” Registering an adult site with a familiar-sounding domain name has nothing to do with hacking. It’s odd that President Greenwood would submit this type of non-germane testimony.

As you have likely heard, the University of Hawai‘i and the public are being victimized by a person or persons unknown who have acquired a “universityofhawaii” domain name and are using it in a manner that is purposefully intended to besmirch the University of Hawai‘i and mislead the public for their personal private gain.

The domain name in question is “universityofhawaii.xxx.” Not .edu. Not even .com. But .xxx. Who is misled by this domain name? If you’re in to that sort of that thing, visit the site in question. Would you apply to that college?

While we are preparing our options for civil action under Federal and/or State law, we believe that individuals who willfully and purposely attempt to profit through misleading the public by misrepresenting governmental organizations should also be held accountable as the wrongdoers they are.

The University of Hawai‘i has not developed specific language for this. One approach might be to update Hawaii’s decade-old statutes on “cybersquatting” (HRS §481B-21 to 25) to include the fraudulent use of domain names, such as the kind of malicious misrepresentation we are now seeing.

It’s misogynistic, definitely. But fraudulent? I can’t believe that the intent of the owners of the .xxx site is to defraud potential students, donors, or faculty of UH. Fraudulent would be to create a webpage with a layout that at first glance is identical to the real hawaii.edu, and then proceed to deceive the visitor into believing that they’re at a university website. But that’s not what’s going on here.

But we would welcome any approach the Legislature deems appropriate to better protect the public and the reputation of governmental entities from this malicious and self-serving behavior. We would be pleased to work with the committee or law enforcement experts to provide further input and information on our situation, in hopes this kind of behavior can be stopped before others are similarly victimized.

It’s tempting to believe that the university has been victimized. But frankly, it’s been careless. The .xxx domains have been discussed for more than a decade. They were available on a limited basis to trademark holders in September, a “sunrise period” that allowed owners of names such as “University of Hawaii” to buy their existing names with a .xxx suffix, before the general public could in December. That means that for an entire semester, the university could have purchased the domain names in question—at a price of approximately $99/year—and obviated this entire discussion.

That’s a very expensive opportunity cost.

The university should learn its lesson now. As I write this, both universityofhawaii.biz and universityofhawaii.us are available, and there are probably dozens more that are available.

I think I hear credit cards coming out.