Image: brazzo / Getty Images
Earlier this month, the US government sanctions controversial spyware vendor NSO Group, putting it on a list that prevents American businesses and individuals from selling services and technology to the company. When reporting the news, several media, including The New York Times, The Guardian, Reuters, and CNN, called this action to put NSO on a “blacklist”.
Blacklist and Whitelist are terms commonly used in IT and cybersecurity to indicate that something is allowed or not. According to Merriam-Webster Dictionary, which defines the word as “a list of prohibited or excluded things of an unsavory character”, its first known use dates back to 1624.
It’s time to stop using it.
âAs we strive to fill cybersecurity vacancies and create a more diverse and inclusive industry, better able to tackle cyberthreats, the inclusiveness and intentionality that demands it must permeate all aspects of the field. , including language. âBlacklistâ equates black with bad and white with good, âCamille Stewart, global head of product safety strategy at Google and co-founder of #ShareTheMicInCyber, told Motherboard to highlight and voice the voice of various people in the field of cybersecurity. in an online chat. “While not the most important part of the job to be done, the roots of systemic racism and the subtle message it sends about the industry does matter.”
The argument that we should stop using the blacklist and the whitelist has a lot of support from many important organizations. The developers of Chromium, the open source code base that underpins Google’s Chrome browser, as well as competitor Microsoft’s Edge, announced in 2019 that “terms such as ‘blacklist’ and ‘whitelist’ reinforce the idea that black == bad and white == good. This is why since then, its developers use the “block list” and the “allow list”.
Last year, the UK’s National Cyber ââSecurity Center (NCSC) written in a blog post that âthere is a problem with the terminology. This only makes sense if you equate white with “good, authorized, safe” and black with “bad, dangerous, forbidden”. clearer and less ambiguous language that expresses exactly what the purpose of these actions is: to deny or block something.
Earlier this year, the U.S. government’s National Institute of Standards and Technology (NIST), which works to promote and promote industry-wide standards, published new guidelines on inclusive language which discourages the use of “biased terms, such as blacklist / whitelist”, which “may also introduce comprehension problems”.
Another standards organization, the Internet Engineering Task Force argued in a document published in 2018 that âas a master-slave, the metaphorical use of white-black to evoke good-evil is oppressive. While the master-slave may seem like a more blatant example of racism, the white-black is arguably worse because it is more prevalent and therefore more sinister. ”
The document refers to the discussion that has gone on for years on the traditional use of the terms “master” and “slave” in software and electronics engineering. The developers of Python, one of the world’s most popular programming languages, decided to stop using these terms in 2018.
Ultimately, stopping the use of the “blacklist” means listening to and respecting all the black technologists and computer scientists who are part of the community.
“People who have incorporated technical terms like ‘blacklist / whitelist’ or ‘master / slave’ probably come from a privileged place. I’ve also seen a lot of these conversations go on without black technologists in the room so to speak, âsaid Alexis Hancock, engineering director for the Electronic Frontier Foundation’s Cerbot project, in an email. âSo we in turn faced negative reactions from those who really wanted to keep these conditions in place. Which shows the irony of racialized conversations in tech and how people like me often have to deal with reactionary tech colleagues who despise any change that might make us more comfortable overall in the field.