GitHub has begun restricting the accounts of developers based in countries that are currently under US trade sanctions. ZDNet reports that one developer based in Crimea has lost access to his private GitHub repositories, while another based in Iran wrote a Medium post about having his account restricted. A support page from the Microsoft-owned company notes that GitHub is taking action against developers located in Crimea, Cuba, Iran, North Korea, and Syria.
Acknowledging the actions on Twitter, GitHub CEO Nat Friedman said that the company “unfortunately had to implement new restrictions on private repos and paid accounts in Iran, Syria, and Crimea.” He stressed that public repos are still available worldwide and that open-source repos are not affected by the move.
It is painful for me to hear how trade restrictions have hurt people. We have gone to great lengths to do no more than what is required by the law, but of course people are still affected. GitHub is subject to US trade law, just like any company that does business in the US.
— Nat Friedman (@natfriedman) July 28, 2019
“We’re not doing this because we want to; we’re doing it because we have to,” Friedman said. “GitHub will continue to advocate vigorously with governments around the world for policies that protect software developers and the global open source community.”
GitHub’s support page says that having an account restricted means that access to private repository services and paid services is suspended and that developers in affected countries will only get “limited access to GitHub public repository services… for personal communications only, and not for commercial purposes.” TechCrunch notes that developers who need to store export-controlled data can continue to do so using GitHub’s enterprise server product.
At least one developer who was affected by the action was told that the company was not “legally able” to provide an export of the disabled repository content. Friedman added that the company does not believe it is legally able to provide advance notice of these restrictions, but he said that users can choose to make their private repos public to gain access and clone them.
The support page says that blocking is done based on IP addresses and payment histories, meaning that developers could find their accounts restricted for the duration of a visit to one of these countries. (Developers are not allowed to use VPNs to circumvent the ban.) It said that “nationality and ethnicity” are not used to flag accounts, although at least one developer who claims to be based in Finland has seen his account restricted. Developers can appeal its decision if they think their account should not have been restricted.
GitHub spokespeople have previously said that export controls would not apply to the service in relation to US sanctions against China, but they have yet to confirm what has changed since then. The company also has yet to confirm whether developers are being blocked automatically or whether it’s being done on a case-by-case basis.
Newsmen reached out to Microsoft for details on the ban, but the company has only issued this generic statement:
GitHub is subject to U.S. trade control laws, and is committed to full compliance with applicable law. At the same time, GitHub’s vision is to be the global platform for developer collaboration, no matter where developers reside. As a result, we take seriously our responsibility to examine government mandates thoroughly to be certain that users and customers are not impacted beyond what is required by law. This includes keeping public repositories services, including those for open source projects, available and accessible to support personal communications involving developers in sanctioned regions.