No Longer Black or White

Semiotics is the term used for the science of signs and how we create and communicate meaning. As human beings we are constantly trying to understand and develop the way we see the world, language is a crucial part of that.

However, have you noticed the language used in and around computers can be obscure and somewhat random. Think ‘phishing’, ‘spam’, ‘bug’, ‘bit’, ‘byte’, ‘dwort’,  and ‘cookies’ for crying out loud! But does it matter what we call things?

Some people are very aware of the power of words, however, political correctness or setting new rules and boundaries can make others very annoyed. But let’s return to the idea of semiotics and language as a potential symbol that could be reinforcing outdated and negative ideas.

In the language of cyber security, a black hat hacker is the bad guy and a white hat hacker the legal one, a black list is for untrusted and unacceptable entities, while the white list is for those permitted. Surely in 2020 we can no longer justify casual references to colour to connote good and bad?

For an example of how conditioned associations can change, let’s look to the Victorian times, when baby boys were dressed in pink clothes and baby girls were dressed in blue, so when did that change and why?  In more recent generations, pink has been so strongly linked to feminine that a boy or a man might not wear pink without seeming to be making some kind of statement.

Where did we get the term hats for Hackers? We categorise them this way because of the metaphorical hat that is worn. It derives from the Westerns where the good guys would wear a white cowboy hat and the bad guy a black hat. 

Black Hat
The term black hat in the world of cyber security is commonly used to refer to a person who is hacking with ‘malicious intent’ for example to gain access to data illegally

Grey Hat
Next on our colour scheme of hats is Grey. The middle ground. This person will attempt to break into a computer system or network to discover vulnerabilities. They will do this without the permission of the target and they then ask for payment to fix the vulnerabilities they find. Some companies offer ‘bug bounties’ in order to harness this behaviour in a positive way.  A bug bounty is where an organisation gives general permission to people to try and access their systems to find vulnerabilities and then they pay a reward to anyone that finds and reports a vulnerability.

White Hat
This person has the explicit permission of the company to access a system to test networks for vulnerabilities and this is commonly known as a penetration testing or pen testing.

The National Cyber Security Centre (NCSC) and Government Communications Headquarters (GCHQ) have set a precedent this year by announcing changes to their security terminology to use racially neutral terms. In place of black and white lists, which describe access control mechanisms, they will use, allow lists and deny lists. These words communicate clearly their meaning and function and puts aside racial stereotypes.

In addition, terms like master and slave drives, which are used for the internal workings of our storage bays are also under notice. These are words that have meaning derived from negative relationships between people and shouldn’t be attributed to anything we use in our daily lives. Primary and secondary drives are names that do their job.

Many tech firms are now actively discouraging the use of terms that racially stereotype and stigmatise, it might be a small shift in the right direction, but collectively, the small shifts can create meaningful change.