Skip to main content

Infosec community debates changing ‘Black Hat’ terminology

A Google security researcher has chosen to withdraw from speaking at the Black Hat security conference this year and has asked the information security community to stop using the terms “black hat” and “white hat”, as reported by ZDNet. David Kleidermacher, VP of Engineering at Google, said that the terms contribute to racial stereotyping.

“I’ve decided to withdraw from speaking at Black Hat USA 2020,” Kleidermacher wrote on Twitter. “Black hat and white hat are terms that need to change. This has nothing to do with their original meaning… These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias.”

Related Videos

I’ve decided to withdraw from speaking at Black Hat USA 2020. I’m deeply grateful for the offer to speak, and for the great work the conference has done over the years to protect users through transparency, education, and community building.

— David Kleidermacher (@DaveKSecure) July 3, 2020

Kleidermacher also referred to the need to update gendered terms like “man-in-the-middle,” a type of cyber attack, to a gender-neutral term like “person-in-the-middle.”

Many in the infosec community pointed out that the terms “black hat” and “white hat” did not originate from references to race, but rather to the tradition in Western movies in which the hero typically wears a white hat and the bad guy wears a black hat. But Kleidermacher anticipated this objection, writing that, “the need for language change has nothing to do with the origins of the term black hat in infosec. Those who focus on that are missing the point. Black hat/white hat and blacklist/whitelist perpetuate harmful associations of black=bad, white=good.”

Although this latest debate was clearly inspired by recent Black Lives Matter campaigning and a broader conversation around racial justice in the U.S. and beyond, this discussion is not new. A similar discussion has been going on for decades over software terms like “master” and “slave,” which are frequently used to describe dependencies in documentation. Programming language Python, for example, removed this terminology from its documentation in 2018.

However, unlike the master/slave example which was broadly agreed over time to be offensive, the black hat/white hat issue has been more contentious. Hackers concerned with racial justice worried on Twitter that there was a “huge danger that we waste the moment shuffling words around instead of changing power systems” and argued for “more than a name change” such as inviting more Black hackers to speak at events, funding scholarships for Black hackers, and paying to train more Black hackers.

It may be fine for white folks to cloak themselves in the imagery of black: black hats are enigma, sinister, counterculture, cool. But Black folks don’t need your help being associated with criminality. It’s not cool. For us. We don’t own that image. 10/x

— Brian Anderson (@btanderson72) July 4, 2020

Information security analyst Brian Anderson wrote a thread discussing the harm done by careless terminology. He concluded that changing naming conventions without addressing the larger issues affecting minority hackers, such as cost and the predominantly white lineup of speakers at events, was performative. “I’m glad people are actively or thinking of giving up their coveted roles in Black Hat,” he wrote. “That’s great. But. But. Who is being served by this action? What’s the objective? Who benefits? How? That’s the conversation we have to have.”

Editors' Recommendations

British Airways hit with a massive fine for 2018 data breach
british airways cabin crew given ipads

A data breach in 2018 that saw hackers steal personal data belonging to hundreds of thousands of British Airways customers has cost the company nearly 184 million British pounds (about $230 million), making it the biggest fine ever imposed for an incident of this kind.

The U.K.’s Information Commissioner’s Office (ICO) said it handed down the fine for breaches of data protection law that it said resulted from “poor security arrangements” at the company.

Read more
Flipboard hack prompts password reset for millions of users
Privacy security stock photo.

Flipboard has been targeted by hackers, prompting the company to perform a password reset for its community of around 145 million users.

Upon learning of the hack, the Palo Alto, California-based social media and news aggregator informed law enforcement and also contacted an external security firm. Investigators confirmed that hackers had “accessed and potentially obtained copies of certain databases containing Flipboard user information” between June 2, 2018 and March 23, 2019, and also on April 21 and 22, 2019.

Read more
500px reveals almost 15 million users are caught up in security breach
photo portfolio services photographer

Online photography community 500px told its members on Tuesday, February 12, that their data may have been stolen in a security breach and warned them to change their password.

In a statement, the portfolio website for photographers said an unauthorized party gained access to its systems on or around July 5, 2018. However, the breach was only discovered by its engineers on February 8, 2019.

Read more