GitHub has released its first ever transparency report.
Of the 10 subpoenas for user data, GitHub has disclosed information in 7 of them, and has informed affected users about it in 43 percent of the cases (3 in total, then).
In the remaining 57 percent of the cases, they were forbidden by law from providing notice to the account holder. 40 percent of the requests were related to civil investigations, the other 60 percent to criminal onwa
All in all, these 10 information disclosure requests affected only 40 accounts were affected, which makes 0.0005% of the 8 million active accounts on GitHub.
No court orders or warrants were received. Also, GitHub, as many companies before it, isn’t allowed to say whether they have received a National Security Letter from law enforcement and orders from the Foreign Intelligence Surveillance Court, so they offered a range that effectively says nothing (National Security Orders received: 0-249).
Takedown requests were more plentiful: 3 from a foreign government (all from Russia), and 258 DMCA takedown notices.
“Whenever we agree to comply with these requests, we are committed to providing transparency in at least two ways: by giving notice to the affected account holders, and also by posting the notices publicly,” GitHub staffer Jesse Geraci explained.
“This is the approach we took, for example, when we were contacted last year by Roskomnadzor, the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media. We reached out to each of the account holders to let them know we had received the request and, when we eventually blocked access to the content in Russia, we posted the notices to a public repository. Since that repository is public, anyone can view the notices to see what content was blocked.”
“Each time we receive a complete DMCA takedown notice, we redact any personal information and post it to a public repository,” he added.
GitHub pledges to publish a similar transparency each year.