Are some common cybersecurity terms racist? Is the personal computer world being attacked by the politically correct world? It seems that’s the accusation being leveled against the terms “blacklist” and “whitelist.”
In a recent post, the United Kingdom’s National Cyber Security Centre (NCSC) announced that it is changing the way it talks about the good and the bad in cybersecurity. And it is doing so because it was suggested that certain terms reinforce racism.
In information technology and cybersecurity circles it is fairly common to divide the bad and the good, or the permitted and the restricted by using “black” for bad, and “white” for good. Does this subtlety reinforce racism? There are white hat hackers, and black hat hackers, as well as grey hat hackers. There is the Light Side and the Dark Side of The Force.
The NCSC is specifically replacing the terms “whitelist” and “blacklist” In the illustration above there is also a “grey list.” Does this connote some sort of ageism?
The new terms being recommended are “allow list” and “deny list.” As much as I am not a PC guy (as in politically correct), the PC guy (as in personal computer) in me thinks that the new terms describe more accurately the nature of these security controls. Black and white are colors, while allow and deny are conditions.
But it is my hope that we are not forced to endure an endless string of terminology replacement that appears to violate someone’s sense of political correctness.