A Google security researcher has decided to stop speaking at the Black Hat security conference this year and has asked the information security community to stop using the terms "black hat" and "white hat" reported by ZDNet. David Kleidermacher, VP of Engineering at Google, said the terms contribute to racist stereotyping.
"I decided to stop talking at Black Hat USA 2020," Kleidermacher wrote on Twitter. “Black hat and white hat are terms that have to change. This has nothing to do with their original meaning … These changes remove harmful associations, promote inclusion and help us to break down walls of unconscious prejudice. "
I have decided to withdraw from Black Hat USA 2020 speech. I am deeply grateful for the offer to speak and for the great job the conference has done over the years to protect users through transparency, education and community building.
– David Kleidermacher (@DaveKSecure) July 3, 2020
Kleidermacher also referred to the need to update gender-specific terms such as “man in the middle”, a kind of cyber attack, to a gender-neutral term such as “person in the middle”.
Many in the Infosec community pointed out that the terms "black hat" and "white hat" do not come from references to race, but from the tradition in western films in which the hero usually wears a white hat and the bad guy a black hat. But Kleidermacher anticipated this objection and wrote:The need to change languages has nothing to do with the origins of the term black hat in Infosec. Those who focus on it miss the point. Black hat / white hat and black list / whitelist perpetuate harmful associations of black = bad, white = good. "
Although this recent debate has clearly been inspired by the recent Black Lives Matter campaigns and a broader discussion about racial justice in the United States and beyond, this discussion is not new. A similar discussion has been going on for decades about software terms such as "master" and "slave", which are often used to describe dependencies in the documentation. The Python programming language, for example, removed this terminology from the documentation in 2018.
In contrast to the master / slave example, which was generally considered offensive over time, the black hat / white hat issue was more controversial. Racial justice hackers worried on Twitter that "there is a great danger that we will waste the moment shuffling words instead of changing energy systems" and advocated "more than a name change" such as inviting other black hackers to speak at events. Fund scholarships for black hackers and pay to train more black hackers.
It may be okay for white people to wrap themselves in the pictures of black: black hats are puzzles, scary, counterculture, cool. But blacks don't need your help to be associated with crime. That's not cool. For us. We do not have this picture. 10 / x
– Brian Anderson (@ btanderson72), July 4, 2020
Brian Anderson, an information security analyst, wrote a thread about the damage careless terminology does. He concluded that changing naming conventions without taking into account the major problems affecting minority hackers, such as: B. the costs and the predominantly white occupation of speakers at events was performative. "I'm glad people are active or thinking about giving up their coveted roles in Black Hat," he wrote. "That's great. But. But. Who will this campaign serve? What is the goal? Who benefits? How? This is the conversation we have to have."