‘Blacklist’ and ‘whitelist’ terms banned by UK cyber security agency for being racist

Most people understand what ‘whitelist’ and ‘blacklist’ mean, but are they outdated, racist words? That’s the opinion of the UK government’s cyber security agency, which is getting rid of the terms and replacing them with ‘allow list’ and ‘deny list.’
The National Cyber Security Center (NCSC), a branch of the Government Communications Headquarters (GCHQ), said it was implementing the change to help “stamp out racism in cyber security.”

Blacklist is a term often used in tech, and other industries, to describe a list containing banned, disallowed, or undesirable elements such as passwords, spam emails, websites, applications, etc. Whereas whitelist is the opposite, containing everything that is allowed.

“There’s an issue with the terminology. It only makes sense if you equate white with ‘good, permitted, safe’ and black with ‘bad, dangerous, forbidden’. There are some obvious problems with this,” wrote NCSC executive Emma W. “So in the name of helping to stamp out racism in cyber security, we will avoid this casually pejorative wording on our website in the future.”

The alteration to the terminology was prompted by a request from a customer, who asked if the agency would consider changing the wording on its website.

The open-source browser engine Chromium, which is used in Chrome, Edge, Vivaldi and others, also deprecated the terms whitelist and blacklist after being asked to do so by Microsoft engineers.

An academic study from the University of Limerick claimed terms such as blacklist, whitelist, and black sheep do “not merely reflect a racist culture, but also serves to legitimise and perpetuate it.”

For those considering complaining about the change, the NCSC’s technical director, Ian Levy, says: “If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother.”