Published on July 5th, 2020 📆 | 5587 Views ⚑
0Infosec Community Debates Changing ‘Black Hat’ Terminology
A Google security researcher has chosen to withdraw from speaking at the Black Hat security conference this year and has asked the information security community to stop using the terms âblack hatâ and âwhite hatâ, as reported by ZDNet. David Kleidermacher, VP of Engineering at Google, said that the terms contribute to racial stereotyping.
âIâve decided to withdraw from speaking at Black Hat USA 2020,â Kleidermacher wrote on Twitter. âBlack hat and white hat are terms that need to change. This has nothing to do with their original meaning⌠These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias.â
Iâve decided to withdraw from speaking at Black Hat USA 2020. Iâm deeply grateful for the offer to speak, and for the great work the conference has done over the years to protect users through transparency, education, and community building.
— David Kleidermacher (@DaveKSecure) July 3, 2020
Kleidermacher also referred to the need to update gendered terms like âman-in-the-middle,â a type of cyber attack, to a gender-neutral term like âperson-in-the-middle.â
Many in the infosec community pointed out that the terms âblack hatâ and âwhite hatâ did not originate from references to race, but rather to the tradition in Western movies in which the hero typically wears a white hat and the bad guy wears a black hat. But Kleidermacher anticipated this objection, writing that, âthe need for language change has nothing to do with the origins of the term black hat in infosec. Those who focus on that are missing the point. Black hat/white hat and blacklist/whitelist perpetuate harmful associations of black=bad, white=good.â
Although this latest debate was clearly inspired by recent Black Lives Matter campaigning and a broader conversation around racial justice in the U.S. and beyond, this discussion is not new. A similar discussion has been going on for decades over software terms like âmasterâ and âslave,â which are frequently used to describe dependencies in documentation. Programming language Python, for example, removed this terminology from its documentation in 2018.
However, unlike the master/slave example which was broadly agreed over time to be offensive, the black hat/white hat issue has been more contentious. Hackers concerned with racial justice worried on Twitter that there was a âhuge danger that we waste the moment shuffling words around instead of changing power systemsâ and argued for âmore than a name changeâ such as inviting more Black hackers to speak at events, funding scholarships for Black hackers, and paying to train more Black hackers.
It may be fine for white folks to cloak themselves in the imagery of black: black hats are enigma, sinister, counterculture, cool. But Black folks donât need your help being associated with criminality. Itâs not cool. For us. We donât own that image. 10/x
— Brian Anderson (@btanderson72) July 4, 2020
Information security analyst Brian Anderson wrote a thread discussing the harm done by careless terminology. He concluded that changing naming conventions without addressing the larger issues affecting minority hackers, such as cost and the predominantly white lineup of speakers at events, was performative. âIâm glad people are actively or thinking of giving up their coveted roles in Black Hat,â he wrote. âThatâs great. But. But. Who is being served by this action? Whatâs the objective? Who benefits? How? Thatâs the conversation we have to have.â
Editors' Recommendations
Gloss