Normally at this time on a Friday you’d be reading about whichever interesting open-source project we decided to highlight for our GitHub Project of the Week. But this week it seemed more pertinent to take a closer look at the recently released GitHub 2014 Transparency Report.
The report details every disclosure and takedown request, search warrant, subpoena and national security order the Web-based Git hosting service and SCM platform received in the past year. The report is broken down into disclosure requests for user information and takedown requests to remove or block user content.
“We occasionally receive legal papers, such as subpoenas, that require us to disclose non-public information about account holders or projects. Typically these requests come from law enforcement agencies, but they may also come from civil litigants or government agencies,” the report states.
Requests may involve ongoing criminal investigations or be accompanied by a court order preventing GitHub from notifying the user whose data has been requested. In the past year the company received 10 total disclosure requests, disclosed that information in seven of the cases, and notified users their data had been disclosed on three out of the seven occasions. In total the disclosures affected 40 accounts out of the more than 8 million registered GitHub users as of December 2014.
GitHub received no court orders or search warrants in 2014, but was issued 10 subpoenas. The breakdown as to which government bodies issued the subpoenas is below:
The National Security Order section is the briefest and most vague part of the report, for which GitHub is only permitted to disclose that it received somewhere in the range of zero to 249 national security orders, which could’ve affected anywhere from zero to 249 user accounts. The orders include both U.S. law enforcement requests and those from foreign governments.
As far as content takedown requests go, the information is far clearer. GitHub’s policy is to publicly disclose all government takedown requests, both foreign and domestic. The report specifically mentions the one request GitHub received from Roskomnadzor, the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media. As a result of the request, three takedown notices were processed, affecting nine user accounts.
DMCA takedown notices—alleging user content is infringing on copyright under the Digital Millennium Copyright Act—were a different story. GitHub served 258 DMCA takedown notices and logged 17 counter-notices or retractions as a result. No legal action was filed in any cases.