Back to GitHub Support Contact GitHub

Policy - page 5

Doubling Down on ConnectHome

b3344c2a-6c44-11e5-9c85-3c25fdda436c Today GitHub is proud to host the Secretary of Housing and Urban Development, Julián Castro, at our SF office. We are thrilled to welcome him, his senior staff, community organizations, tech company workers, and representatives from EveryoneOn, the national non-profit leader of ConnectHome.

ConnectHome stands alone as the first project of its kind. A public-private sector partnership, ConnectHome will initially connect more than 102,000 low-income households – and nearly 200,000 children – living in public housing with high speed broadband wireless Internet and tech tools for digital innovation.

As Chike Aguh from EveryoneOn stated at GitHub Universe, “Talent is universal, but opportunity is not.”

Growing up, many of us working in tech had a home Internet connection and a computer which jump-started our ability to be part of this sector: Currently, 1 in 4 US households do not have a home internet connection. This digital divide primarily affects low-income residents of color and has devastating effects on education and job attainment. Bridging the digital divide is a necessary ingredient to break generational cycles of poverty. GitHub understands this and we’re proud to be in on the ground floor of ConnectHome.

An investment in ConnectHome is an investment in the future of innovation. We will all reap the benefits of a country where everyone is connected and one in which those most impacted by systemic inequity will be the engineers, creators, leaders, and innovators of the tech sector. We fully expect to hire from this talent pool, and are ready and excited to support the genius on the ground.

Today we are proud to announce that we are doubling down on our financial commitment to ConnectHome - now $500,000 - along with $3 million in product and thousands of hours of staff time to help make this a reality. But we need your help: Join us in being part of this historic initiative.

Donate to the individual giving campaign to help every ConnectHome household with children get a device. Spread the word through your networks.

Today GitHub’s CEO, Chris Wanstrath, is issuing a challenge to our friends in the tech sector: Join us in putting dollars behind this momentous project. Contact us ( to become a company sponsor of ConnectHome.

GitHub is a Proud ConnectHome Partner

We are excited to announce GitHub’s partnership with the White House and the Department of Housing and Urban Development that will equip low-income homes with affordable and free broadband wireless internet access. “ConnectHome” will pilot in 27 cities and one tribal nation in the US including Newark, Seattle, Atlanta, and the Choctaw Nation in Oklahoma, providing broadband access, technical training, coding education, and devices for residents in assisted housing.

GitHub will provide

  • $3 million in free private repositories for participants;
  • $500,000 in financial support; and
  • 4,000 hours in volunteer time to train, coach, and mentor those who want to build a career in software development.

We are proud to be a national sponsor while also partnering with local non-profits, educators, and Housing Authorities.

ConnectHome is the first program of its kind, and it is incredibly important because currently, one in four low-income families in the U.S. do not have access to the internet at home.

This is also the first major project launch of GitHub’s newly-formed Social Impact Team which is committed to leveraging resources and people power to cultivate positive change in open source, tech, and communities across the US and internationally.

The next chapter in tech innovation is going to be written by people who have been on the margins of tech for too long. GitHub is committed to making it much easier for people from low-income backgrounds and other underrepresented communities to participate not only in consuming tech, but in creating it. This initiative is part of that ongoing commitment.

GitHub's 2014 Transparency Report

Like most online services, GitHub occasionally receives legal requests relating to user accounts and content, such as subpoenas or takedown notices. You may wonder how often we receive such requests or how we respond to them, and how they could potentially impact your projects. Transparency and trust are essential to GitHub and the open-source community, and we want to do more than just tell you how we respond to legal notices. In that spirit, here is our first transparency report on the user-related legal requests we received in 2014.

Types of Requests

We receive two categories of legal requests:

  1. Disclosure Requests — requests to disclose user information, which include:
  2. Takedown Requests — requests to remove or block user content, which include:

Disclosure Requests

Subpoenas, Court Orders, and Search Warrants

We occasionally receive legal papers, such as subpoenas, that require us to disclose non-public information about account holders or projects. Typically these requests come from law enforcement agencies, but they may also come from civil litigants or government agencies. You can see our Guidelines for Legal Requests of User Data to learn more about how we respond to these requests.

Since many of these requests involve ongoing criminal investigations, there are heightened privacy concerns around disclosing the requests themselves. Further, they may often be accompanied by a court order that actually forbids us from giving notice to the targeted account holder.

In light of these concerns, we do not publish subpoenas or other legal requests to disclose private information. Nonetheless, in the interest of transparency, we’d like to provide as much information about these requests as we can.

Subpoenas, Court Orders, and Search Warrants Received

In the data below, we have counted every official request we have received seeking disclosure of user data, regardless of whether we disclosed the information or not.

There are several reasons why information may not be disclosed in response to a legal request. It may be that we do not have the requested data. It may be that the request was too vague such that we could not identify the data, or that it was otherwise defective. Sometimes the requesting party may simply withdraw the request. Other times, the requesting party may revise and submit another one. In cases where one request was replaced with a second, revised request, we would count that as two separate requests received. However, if we responded only to the revision, we would count that only as having responded to one request.

  Information Request Totals.
  Total Requests: 10.
  Percentage of Requests Where Information Was Disclosed: 70%.
  Percentage of Disclosures Where Affected Users Were Provided Notice: 43%.

It is also our policy to provide notice to affected account holders whenever possible; however, as noted previously, we are often forbidden by law from providing notice to the account holder. The following chart shows the breakdown of how frequently we are actually allowed to provide notice to the affected account holders.

  Percentage of Requests Resulting in Disclosure and Notice.
  Nothing Disclosed: 30%.
  Some or All Requested Information Disclosed: 70%.
  Looking only at the cases where information was disclosed:
  Provided Notice Before Disclosure: 43%.
  Prohibited from Providing Notice: 57%.
Accounts Affected by Subpoenas, Court Orders, and Search Warrants

Some requests may seek information about more than one account. Of the ten information disclosure requests we received in 2014, only forty total accounts were affected. For comparison, forty accounts is only 0.0005% of the 8 million active accounts on GitHub as of December 2014.

Types of Subpoenas, Court Orders, and Search Warrants Received

In 2014, we only received a handful of subpoenas. We did not receive any court orders or search warrants requiring us to disclose user data:

  Types of Information Requests.
  Subpoeanas: 10.
  Court Orders: 0.
  Warrants: 0.

To help understand the difference between the numbers above:

  • Subpoenas include any legal process authorized by law but which does not require any prior judicial review, including grand jury subpoenas and attorney-issued subpoenas;
  • Court Orders include any order issued by a judge that are not search warrants, including court orders issued under the Electronic Communications Privacy Act or Mutual Legal Assistance Treaty orders; and
  • Search Warrants are orders issued by a judge, upon a showing of probable cause under the Fourth Amendment to the U.S. Constitution, and particularly describing the place to be searched and the data to be seized

As noted above, many of the requests we receive are related to criminal investigations. We may also receive subpoenas from individuals involved in civil litigation or government agencies, such as the Federal Trade Commission, conducting a civil investigation. The following pie charts show the breakdown of the different types of requests we received in 2014.

  Types of investigations leading to information requests.
  Criminal: 60%.
Civil: 40%.

  Types of subpoenas received in 2014.
  Grand Jury Subpoenas: 50%.
  FTC Subpoena: 20%.
  DMCA Subpoena: 10%.
  California State Court Subpoena: 10%.
  FBI Subpoena: 10%.

National Security Orders

There is another category of legal disclosure requests that we are not allowed to say much about. These include national security letters from law enforcement and orders from the Foreign Intelligence Surveillance Court. If one of these requests comes with a gag order—and they usually do—that not only prevents us from talking about the specifics of the request, but even the existence of the request itself. The courts are currently reviewing the constitutionality of these prior restraints on free speech, and GitHub supports the efforts to increase transparency in this area. Until such time, we are not even allowed to say if we’ve received zero of these reports—we can only report information about these types of requests in broad ranges:

  Total National Security Orders Received: 0 to 249.
  Total Number of Accounts Affected: 0 to 249.

Takedown Requests

Government Takedown Requests

In 2014, we started receiving a new kind of takedown request—requests from foreign governments to remove content. We evaluate such requests on a case-by-case basis; however, where content is deemed illegal under local laws, we may comply with such a request by blocking the content in that specific region.

Whenever we agree to comply with these requests, we are committed to providing transparency in at least two ways: by giving notice to the affected account holders, and also by posting the notices publicly. This is the approach we took, for example, when we were contacted last year by Roskomnadzor, the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media. We reached out to each of the account holders to let them know we had received the request and, when we eventually blocked access to the content in Russia, we posted the notices to a public repository. Since that repository is public, anyone can view the notices to see what content was blocked. Here are the high-level numbers of content blocked in Russia:

  Roskomnadzor Notices Totals.
  Total Notices Processed: 3.
  Total Accounts Affected: 9.

To date, other than the Roskomnadzor notices, we have not blocked content at the request of any other foreign government. And because we are committed to transparency, if we agree to block content under similar circumstances in the future, we intend to follow the same protocol—providing notice to affected account holders and posting the requests publicly.

DMCA Takedown Notices

Many of the takedown requests we receive are notices submitted under the Digital Millenium Copyright Act, alleging that user content is infringing someone’s copyright. Each time we receive a complete DMCA takedown notice, we redact any personal information and post it to a public repository.

DMCA Takedown Notices Received

Here are the total number of complete notices that we received and processed in 2014. In the case of takedown notices, this is the number of separate notices where we disabled content or asked our users to remove content:

  DMCA Totals.
  Takedown Notices: 258.
  Counter Notices or Retractions: 17.
  Notices of Legal Actions Filed: 0

  Total Number of DMCA Notices, Counter Notices and Retractions by Month
Incomplete DMCA Takedown Notices Received

From time to time, we receive incomplete notices regarding copyright infringement. When we do, we ask the submitting party to revise it to comply with the legal requirements. Usually they will respond with a revised notice, but occasionally, they may resolve the issue on their own without resubmitting a revised notice. We don’t currently keep track of how many incomplete notices we receive, or how often folks are able to work out their issues without sending a takedown notice.

Projects Affected by DMCA Takedown Requests

We also tabulated the total number of projects (e.g., repositories, Gists, Pages sites) affected by each notice. Here is a graph showing the total number of affected projects by month:

  Total Number of Projects Affected by DMCA Notices, Counter Notices and Retractions by Month

Note, however, that on October 16, 2014 we made a change to our DMCA Policy that impacted that number. Before the policy change we would have counted each reported link to a repository as a single affected repository, even though it would have actually affected the whole network of forks. After the policy change, however, since we require the notices to specify whether any forks are infringing, the “affected” number should more accurately reflect the actual number of repositories implicated by the takedown notice. Though it is too early to properly gauge the effect of this change, we noticed that the average number of repositories listed on a takedown notice increased from 2.7 (for the period of Jan 1 - Oct 15) to 3.2 (for the period from Oct 15 to Dec 31). The median number of affected projects remained the same for both periods: 1.0.


We want to be as open as possible to help you understand how legal requests may affect your projects. So we will be releasing similar transparency reports each year. If you have any questions, suggestions, or other feedback, please contact us.

Fighting patent trolls with the LOT Network

GitHub is joining the LOT Network, an open patent-licensing program designed to reduce patent litigation.

The rising threat of patent trolls

Some claim that software patents are essential to motivate us to innovate. In reality, the patent system suffers from a negative side effect—the patent troll. Patent trolls, or Patent Assertion Entities (PAEs), abuse patents to threaten your projects to the point that you either shut them down or pay the PAE to move along (if you can afford to do so).

As the data shows, trolls have been filing lawsuits in record numbers, and open-source software is far from immune: The Linux Kernel, Git, and many other open source projects have all been accused of patent infringement.

Companies Sued by PAEs Using Acquired Patents

Because of the economics of patent trolling, trolls usually target the most successful and innovative projects, which means those that many in our community contribute to. While we support the public initiatives to change patent policy at a legislative level, many of them have suffered roadblocks. So, while GitHub continues to support those initiatives, we are joining our peers to work together to shield our community from the threat of trolls and offer our users more immediate protection.

How the LOT Network works

LOT (“License on Transfer”) is an important step towards incapacitating patent trolls. Here’s how LOT works: when any member of the LOT network sells a patent to a troll, or when a patent troll grabs hold of any member’s patent by any other way, every other LOT member immediately receives a license to that patent. As LOT grows and more patents enter its network, fewer will remain for trolls to loot, which will ultimately result with trolls scratching their heads and rethinking the viability of their business model.

Open sourcing the LOT agreement

In addition to joining the network, we are now hosting the LOT agreement as an open source, CC-BY project. This means you can now access the LOT agreement, gain inspiration, and replicate it for use in similar efforts to fight patent trolls. Most importantly, you can make LOT even better and stronger by submitting issues, forking, and creating pull requests with your ideas for modifications.

Join us!


  1. Become a LOT project contributor and help us make the agreement tighter and better.
  2. Become a LOT member yourself, or lobby to get your company to be one. As more and more of us join, the space for trolls will get narrower and narrower.

So long, Trolls!

A Better DMCA Process

To bring more transparency and clarity to the processes surrounding the DMCA, we are rolling out three improvements to the way we process copyright takedowns:

  • First, whenever possible, users will have a chance to fix problems before we take content down.
  • Second, we will not automatically disable forks in a network based on the takedown of a parent repository unless the takedown notice explicitly includes them.
  • Last but not least, we’ve published a completely revamped DMCA policy as well as a pair of how-to guides for takedown and counter notices to make our process more transparent and easier to understand.

Some Background

The Digital Millennium Copyright Act (DMCA) is a United States law that establishes how copyright holders must file complaints with internet service providers (ISPs) like GitHub, and what the ISPs must do in response.

The DMCA takedown process usually takes place behind closed doors, with little visibility for impacted users, let alone the opportunity for those users to modify the allegedly infringing content. The average DMCA policy is also usually written in dense legalese that can be difficult to understand.

Our users deserve better. GitHub already promotes transparency by posting DMCA takedown notices in a public repository. And our Support Team works hard to help our users navigate the process.

Like most other ISPs, we have been disabling content whenever we receive a complete and seemingly legally adequate DMCA notice. We have learned, however, that the conventional process is not a perfect fit for Git-versioned software projects. So we decided to make some changes.

GitHub’s New Policy

The first change is that from now on we will give you an opportunity, whenever possible, to modify your code before we take it down. Previously, when we blocked access to a Git repository, we had to disable the entire repository. This doesn’t make sense when the complaint is only directed at one file (or a few lines of code) in the repository, and the repository owner is perfectly happy to fix the problem.

In practice, our support team would often shuttle messages between the parties to work out a way for them to fix it. That usually worked out well and everyone ended up happier at the end of the day. So we are making it a formal part of our policy, and we are going to do it before we disable the rest of the repository.

The second change is that if we receive a takedown notice for a parent repository, we will not disable forks in the network unless they are specifically identified in the notice. In our system, parent and fork repositories are linked so that if one is disabled, they are all automatically disabled. In many cases, however, forked repositories may be different in significant ways from the parent. Accordingly, from now on we will require copyright owners to investigate and report each fork explicitly in a DMCA takedown notice. If some forks are not identified, we will split up the network to avoid needlessly disabling unnamed fork repositories.

Finally, we’ve also taken this opportunity to completely revamp our DMCA policy itself so that it is easier to understand, provides more background information, additional resources and outlines the process in detail. We want you to understand clearly what a takedown means, how to submit a takedown notice to GitHub, and how to respond to one if you believe there has been a mistake and want your content restored. We hope you find our revised policy easier to use.

Please feel free to email us with questions or comments at


Discover new ways to build better

Try Marketplace apps free for 14 days

Learn more