The U.S. Department of Commerce’s National Institute of Standards and Technology building. | Dana Romanoff/Getty Images
The National Institute of Standards and Technology, whose publications form the basis for federal activities on everything from cybersecurity to time measurement, will stop using common computer security terms with racist connotations.
“We’ve identified a pretty extensive list of publications that have one or more uses of these terms, and we’re in the process of initiating updates to those,” Kevin Stine, the chief of NIST’s Applied Cybersecurity Division, said on Thursday during a meeting of the agency’s Information Security and Privacy Advisory Board, or ISPAB.
Chuck Romine, director of the agency’s Information Technology Laboratory, first informed the board that it was reviewing the use of a number of terms on Wednesday.
Loaded terms: Technology professionals have long used “whitelist” and “blacklist” for certain software rules, along with “master” and “slave” to describe the control relationship between hardware components. The ISPAB plans to formally urge agencies to abandon these and other terms that evoke the legacy of oppression that the Black community has experienced.
Key context: NIST and the ISPAB’s attention to terminology comes at a time when Americans are paying more attention to the racist meaning behind omnipresent symbols, amid nationwide attention to racial justice following the killing of George Floyd in Minnesota. Across the country, for example, protesters and local governments have removed monuments to Confederate generals.
The impact: NIST is one of the most influential voices on scientific and technical issues, and its terminology decisions will carry significant weight in the broader community. If more organizations follow its lead, there will be less of the language fragmentation that can make it difficult for different companies’ products to interact.
Next steps: NIST is still deciding what replacement terms to use. On Thursday, Stine suggested that “allow list” and “block list” might replace “whitelist” and “blacklist.” As for “master” and “slave,” some experts suggest using “primary” and “secondary” to indicate the role that a piece of equipment plays.
“We understand this is going to be an evolving process,” Stine said.
NIST is also reviewing its terminology for harmful connotations in other contexts, including gender, said Matt Scholl, the chief of the agency’s Computer Security Division.
The ISPAB, which advises the leadership of NIST, the Commerce Department, DHS and OMB, is holding its quarterly meeting this week. The board will officially vote to approve a letter to agencies on Thursday afternoon at the conclusion of its meeting. Board member Phil Venables, a senior cybersecurity adviser to Goldman Sachs, volunteered on Wednesday to draft the letter. He said the bank is already engaged in the same process to root out racist technical terms.
Romine said that NIST wants the independent advisory board to hold it accountable and “encourage us to take swift and decisive action on this issue.”