Tech

We Need to Stop Saying ‘Blacklist’ and ‘Whitelist’

blacklist

Earlier this month, the U.S. government sanctioned the controversial spyware vendor NSO Group, putting it on a list that prevents U.S. companies and individuals from selling services and technologies to the company. When reporting the news, several outlets, including The New York Times, The Guardian, Reuters, and CNN, referred to this action as putting NSO on a “blacklist.” 

Blacklist and whitelist are terms commonly used in computer science and cybersecurity to indicate something is allowed, or not allowed. According to the Merriam-Webster dictionary, which defines the word as “a list of banned or excluded things of disreputable character,” its first known use dates back to 1624. 

Videos by VICE

It’s time to stop using it. 

“As we work to fill open cybersecurity jobs and create a more diverse and inclusive industry that is better able to combat cyber threats, inclusivity, and the intentionality that requires, has to permeate every aspect of the field, including the language. ‘Blacklist’ equates black with bad and white with good,” Camille Stewart, the global head of product security strategy at Google and the co-founder of #ShareTheMicInCyber, an initiative to highlight and raise the voices of diverse people in cybersecurity, told Motherboard in an online chat. “Although not the most important part of the work to be done, the roots in systemic racism and the subtle message it sends about the industry matter.”

The argument that we should stop using blacklist and whitelist has a lot of support from many significant organizations. The developers of Chromium, the open source codebase that underpins Google’s Chrome browser, as well as the competing Microsoft’s Edge, announced in 2019 that “terms such as ‘blacklist’ and ‘whitelist’ reinforce the notion that black==bad and white==good.” That’s why since then its developers are using “blocklist” and “allowlist.” 

Last year, the UK’s National Cyber Security Centre (NCSC) wrote in a blog post that “there’s an issue with the terminology. It only makes sense if you equate white with ‘good, permitted, safe’ and black with ‘bad, dangerous, forbidden.’” As the NCSC noted, not only alternatives such as blocklist or denylist are not offensive and harmful, it’s also just clearer and less ambiguous language that expresses exactly what the goal of these actions are: deny, or block something. 

Earlier this year, the US government’s National Institute of Standards and Technology (NIST), which works to promote and push for industrywide standards, published new guidance on inclusive language that discouraged the use of “biased terms, such as blacklist/whitelist,” that “also may introduce comprehension issues.”

Another standards organization, the Internet Engineering Task Force argued in a document published in 2018 that “like master-slave, the metaphorical use of white-black to connote good-evil is oppressive. While master-slave might seem like a more egregious example of racism, white-black is arguably worse because it is more pervasive and therefore more sinister.” 

The document refers to the yearslong discussion around the traditional use of the terms “master” and “slave” in software and electronics engineering. The developers of Python, one of the most popular programming languages in the world, decided to stop using those terms in 2018.

Ultimately, stopping the use of “blacklist” is about listening and respecting all the Black technologists and computer experts who are part of the community.

“The people who mainstreamed technical terms like ‘blacklist/whitelist’ or ‘master/slave’ likely come from a place of privilege. I have also seen a lot of these conversations occur without any Black technologists in the room so to speak,” Alexis Hancock, the director of engineering for the Electronic Frontier Foundation’s project Certbot, said in an email. “So then we in turn faced backlash from those who really wanted to keep these terms in place. Which shows the irony of racialized conversations in tech and how people like me often have to deal with reactionary tech bros who have disdain for any change that might make us feel more comfortable overall in the field.”