What Happens When The US Government Tries To Take On The Open Source Community?
Last year, Microsoft bought the popular code repository GitHub. As Techdirt wrote at the time, many people were concerned by this takeover of a key open source resource by a corporate giant that has frequently proved unfriendly to free software. In the event, nothing worrying has happened — until this:
GitHub this week told Anatoliy Kashkin, a 21-year-old Russian citizen who lives in Crimea, that it had “restricted” his GitHub account “due to US trade controls”.
As the ZDNet article explains, a user in Iran encountered the same problems. Naturally, many people saw this as precisely the kind of danger they were worried about when Microsoft bought GitHub. The division’s CEO, Nat Friedman, used Twitter to explain what exactly was happening, and why:
To comply with US sanctions, we unfortunately had to implement new restrictions on private repos and paid accounts in Iran, Syria, and Crimea.
Public repos remain available to developers everywhere — open source repos are NOT affected.
He went on to note:
The restrictions are based on place of residence and location, not on nationality or heritage. If someone was flagged in error, they can fill out a form to get the restrictions lifted on their account within hours.
Users with restricted private repos can also choose to make them public. Our understanding of the law does not give us the option to give anyone advance notice of restrictions.
We’re not doing this because we want to; we’re doing it because we have to. GitHub will continue to advocate vigorously with governments around the world for policies that protect software developers and the global open source community.
The most important aspect of this latest move by GitHub is that open source projects are unaffected, and that even those who are hit by the bans can get around them by moving from private to public repositories. Friedman rightly points out that as a company based in the US, GitHub doesn’t have much scope for ignoring US laws.
However, this incident does raise some important questions. For example, what happens if the US government decides that it wants to prevent programmers in certain countries from accessing open source repositories on GitHub as well? That would go against a fundamental aspect of free software, which is that it can be used by anyone, for anything — including for bad stuff.
This question has already come up before, when President Trump issued the executive order “Securing the Information and Communications Technology and Services Supply Chain“, a thinly-disguised attack on the Chinese telecoms giant Huawei. As a result of the order, Google blocked Huawei’s access to updates of Android. Some Chinese users were worried they were about to lose access to GitHub, which is just as crucial for software development in China as elsewhere. GitHub said that wasn’t the case, but it’s not hard to imagine the Trump administration putting pressure on GitHub’s owner, Microsoft, to toe the line at some point in the future.
More generally, the worry has to be that the US government will attempt to dictate to all global free software projects who may and may not use their code. That’s something that the well-known open source and open hardware hacker Bunnie Huang has written about at length, in a blog post entitled “Open Source Could Be a Casualty of the Trade War“. It’s well-worth reading and pondering, because the relatively minor recent problems with GitHub could turn out to be a prelude to a far more serious clash of cultures.