Words Matter: We all have a role in reshaping outdated terms

Find out how to replace outdated language that could be found offensive in this guest post from Reg Levy (i2Coalition DII Co-Chair & Head of Compliance at Tucows) and Tim Smith (General Manager, CIPA)

There is mounting concern and interest in addressing longstanding and outdated terminology that has historically been used broadly across industries and communities to indicate good and bad actions, activities, and actors. ‘Whitelist’ and ‘blacklist’ rely on outdated and racist tropes that ‘white’ is preferable to ‘black’ and should be easy to remove from regular usage. Although this may not always be a race-related trope, it nevertheless has racialized effects.

We are beginning to see changes emerging in some tech and infosec forums (see Additional Reading, below), resulting in the following recommended replacements:

• ‘allow list’ and ‘safe list’ can be used to mean ‘a set of desired objects’;

• ‘blocklist’ is a reasonably easy option to replace ‘a set of unwanted things’ and, while ‘deny list’ is a bit clunkier, it is also an option

In all cases, the replacements make it obvious what is intended without having to redefine the new term (although even Wikipedia still defines a blocklist as ‘a blacklist’), making the proposed new terminology ideal replacements for the existing words. 

So how do we move from our historical and easily-understood nomenclature to something more inclusive? A 2019 article in Consoltech captured the essence of the discussion by noting that these lists are either ‘threat-centric’ or ‘trust-centric’. This fits well into what we are observing elsewhere within ICANN and Internet & Jurisdiction Policy Network, where the concepts of Trusted Notifier or Trusted Flaggers are gaining recognition to identify players worthy of approval.

It should be noted that blocklists are usually designed to prejudge a set of elements but that usually there cannot be a definitive blocklist because having one allows bad actors to use fast-flux or domain jumping to dodge penalties. Accordingly, it is important to recognize parties that benefit their consumer groups do not cause the physical and often irreversible threat to human life and enable transnational access to products and services as the internet was intended to do. 

In examining our nomenclature, we need to recognize that ‘lists’ are subjective and are designating for specific purposes from a particular point of view that is not necessarily universal. For now, any options are better than a color-based categorization system and, luckily, replacement options are self-explanatory; there is some hand-wringing about how important it is to have uniform terminology, but as long as we use words that people understand, it won’t matter which we choose. And doing something is better than doing nothing: be on the right side and change your and your team’s vocabulary.

Additional Reading

‘Whitelist,’ ‘Blacklist’: the New Debate Over Security Terminology at Dice

Github plans to replace racially insensitive terms like ‘master’ and ‘whitelist’ at theNextWeb

Random Twitter Poll that settles on “allowlist/denylist” by @MayaKaczorowski

Wikipedia article, “Whitelisting” “Blacklist”