Use of Inclusive Language in Standards

a little bit about myself my name is blair campbell i am i guess all intents and purposes a data protection professional i started my my career in information security and just happened to find myself in in the world of privacy and um i've been doing that ever since so going on great brian almost hi everyone uh we just had the last one of the day and we have bran with us now he's and i will be available in discord afterwards if we have any questions for him and i can also take any questions for him during the talk and i'll pass it on to him afterwards and we have been and i'll just let him

come to you and i'll just be out there thank you hi everyone thank you for joining my presentation my name is blair campbell i am a data protection professional i started my field in information security but i've really been focusing on privacy now since 2008. um something i i had to show to to the audience uh before presenting is is my inaugural b-sides attendance and this is a ten-year-old t-shirt that i picked up at rsa in san francisco um so i thought timing was good too um so this afternoon what i'm going to be speaking about is the use of inclusive language and and why it's meaningful within within particularly our environments and touch upon some of the the history of

of how things have kind of evolved uh with regards to security and particularly when you're looking at things like standards things like policies and even looking at things like procedures

so a couple of entities that i'd like to point out uh the first is the internet engineering task force uh and i'm sure the audience is going to be familiar with both of these organizations however the ietf is a voluntary internet standards body and pretty much everything that you use online has has gone through this entity and i'm going to touch upon their importance as long as well as nist's endeavoring into the development of inclusive language certainly with regards to uh its standards and of course everyone knows what nist is it's the national institute of standards and technology um most of our environments are are structured around this framework in probably multiple areas and what

made me think about this topic was not only our teenage teenage daughter who seems to have a great more mindfulness when it comes to things like pronouns when it comes to classification and i came across this article on the new york times this was april earlier this year and you can see by the headline master slave in the fight over offensive terms and this is where i'll talk a bit about the ietf and and an initiative that that they're working on right now and within the article you can see so the group which helped create technical foundation of the internet ietf uh made it possible for someone with a gmail account to communicate with a friend who uses yahoo

shoppers etc and now the organization not only looking at protocols but but looking at standards and and why they're meaningful specifically in in the field of technology and so trying to remove terms that uh have have a racist history terms like master terms like slave whitelist blacklist and so they have started the development of the what they're calling the iesg statement on oppressive or exclusionary language and i think why i found this really significant and and certainly with the guidance that is being developed by nist and its use of inclusive language in in documentary standards is i've as i said i've been i've been in this industry for a while and thinking about how ingrained terms become how ingrained

language is and perhaps being a little too a little too simple when it comes to classification of certain terms and whether or not they could be interpreted misconstrued [Music] and again i i started becoming more aware of the use of language not entirely but significantly through through our 16 year old daughter and if we look at some of the the verbiage that that has been used and still used to this day um whether you're talking about things like white listing um whether something's acceptable or allowable um blacklist you know means to block something but the suggested edits that are being presented by certainly missed would be denying listing if you look at like blackmail i haven't

used the term blackmail for a while although certainly within within the worlds where we are things like extortion can be pretty significant you know when you look at things like uh any sort of ransomware look at what's happening in newfoundland etc it truly is extortion uh master master data or you know slave nodes you think back as far as what the connotation of those words mean today and and how now it just seems to be very backward looking and so as opposed to using master slave use primary secondary and i know in my workplace this has been this has been adopted and we're actually going through and we're looking at the documentation uh that we have internally and how it is

that we can tweak it um terms like way out in left field i work with [Music] a very small team the team that i am on we have a team member from south america we have two team members that are from the caribbean um where well maybe not so much venezuela but if you look at the caribbean and you think of what sort of exposure do people have in the caribbean when it comes to baseball you know it's i would think cricket or perhaps soccer football so when you start using terms that people don't understand and they don't compute there's a disconnect there and so as opposed to using way out in left field made very inaccurate measurements uh

moving to male connector female connector calling it a plug-in socket and and i think these these terms are already being adopted um but but i think i think we can do even better than what we're seeing here and some of the additional recommend recommendations uh consider good clear words so specific words words that really speak to things as more an object as opposed to a being and again rather than using using common terms or colloquial terms that are terms that we have familiarities with we okay as a canadian and i i often say you know as opposed to managing a problem i'll say that i'm stick handling a problem uh think of people that happen to be in

the caribbean people who happen to be in south america how many people would even understand what it is that i'm saying or what it is that i'm referencing um bias terms getting back to the blacklist white list um and it it can affect how people understand what it is that you're trying to say when when you're using terms uh such as master and slave and it gets back to the negative stereotype of that language and not only do you see that happening certainly within within the world of computing um you're now seeing changes being made in environments that i mean you think of the main bedroom in a home uh it's referred to as the master

bedroom but that that too is changing so you're seeing a bit of a shift in the real estate industry which i find to be actually quite enlightened of them um again avoid using gender type issues whether things happen to be male or female and you know use of condescending or reductive language in favor that you know groups would rather be referenced by um and and i think if if if you're having if you're having a struggle with replacing words or thinking of ways to substitute certain language there there are a couple of resources that i've included in the deck the one is from the american psychological association call and it's bias free language uh and the other within the

within the speaker notes of the presentation points to the chicago manual of style both are excellent resources and if you go to the apa site and and go to the bias free language page you can see where they emphasize the need to talk about all people with inclusivity and respect and what's neat about what the apa provides is looking at characteristics and perhaps better ways to use language and and you may find that language is is isn't really that um isn't particularly sensitive when when i think about where where i work with regards to the fields that i'm involved with but but i find that things are changing and whether you're looking at things such as how to

speak to people that have a disability again talking about gender racial and and ethnic identity sexual orientation um and i can i can point to why this this approach really is logical uh within business environments and i know for the company that i work for which employs upwards of 200 000 people um there's going to be a lot of different people and and there's going to be people that perhaps just don't have the exposure to some of the nuances of of canadian isms um and just language in general as as it's evolved in canada and something that i found is so you have something like uh whether it's the apa or whether it's you know looking at the chicago manual

of style um kind of the obverse of that is you know if if you go on to the aicpa site um and i know certainly in in my area of work we we certainly leverage uh their their framework most notably with the general accepted privacy principles so when i'm going in and i'm looking at an entity within our environment i'll use the gap principle framework to understand where our maturity level is within the organization but even to today where if you're to search for the term segregation of duties i find it interesting that the aicpa has has the language segregation of duties and now if you go to wikipedia for example as opposed to having segregation of

duties it's separation of duty so this is slowly and organically being being adopted with antiquated language in my position or in my my perspective is is being is being updated to to be reflective of of what's happening at our communities what's happening in in our field and you know i came across something and and i was really pleased to see this i don't know if if many of the participants are members of isc squared i have their cissp but something i came across when i was building this deck was what i see squared is is calling inclusion ready and this was just unveiled at their recent security uh congress i think it was about two weeks ago

and what it's specifically working towards is what the iatf is doing what nist is doing and looking at an organization like isc squared who has or that has excuse me uh 130 000 uh certified information security professionals and and i know when certainly from my view when it comes to the entity that speaks to certainly the the security side of the fence when it comes to computing um icy squared is it and i i just think it's fabulous that that they're also starting to adopt this sort of of language and so whether you're looking at diversity equity inclusion um another article that i came across was from the world economic forum so why cyber security

needs a more diverse and inclusive workforce and what'll point to that is you know if you look at certainly the field of information security supposedly there are upwards of a quarter of a million vacancies within the field that can't be filled and and i'd have to believe if i look at certainly canada in general you know this headline from the globe and mail no one considers canada's immigration record to be a big deal and that's remarkable well what's remarkable about it is if we look at the birth rate in canada the birth rate is is decreasing um from of those who live here um so we're gonna need more people and these people come from all over the

world so the country is on target to have 400 000 plus people immigrate to canada every single year and many of these people are going to end up in the field of information security or computing or data protection and and we want to make it so that we can broaden the pool we can we can make it so that we don't have the disconnected language and that the language that we present is is clear and not not objective or subjective to our exposure of the language but taking a global perspective on on language within within the field of computing and i think if you look at the infographic uh of population projections um it's it's

huge we're we're getting people from all over the place and i i can speak specifically in toronto where people of my demographic people of my ethnicity are now now the minority uh within the city of toronto and you know it just speaks to what a fabulous city is with regards to toronto is with regards to making it an inviting community to the point where people want to move here and people are moving here so really at the end of the day it's it's in organizations best interest to not only recruit talent but to maintain talent and and to clarify what it is that you're trying to convey because if you haven't been exposed to certain words certain languages it makes

it very difficult to to not only break into that area but understand what it is that a role entails or what it is that one needs to do um [Music] and with this slide this is my last slide um i think that there are some great resources that that you can leverage within this deck and if where you work isn't taking this approach um i i can certainly find some documentation outside of this material that can absolutely reinforce that it would be to the betterment of your organization and with that i defer to questions

bye