Do you have questions about our data or ideas for future data deep dives? Open an issue in the transparency center repository.
Exploring an increase in circumvention claims in our transparency data
Our full year of 2023 transparency reporting data is now available and we’re taking a deep dive into how a form change caused an abrupt increase in circumvention claims.
GitHub’s full year of 2023 transparency reporting data is now available on our transparency center and repository. This is our first data release since introducing the transparency center and now that we have an accessible, interactive, and easy to update platform for our transparency reporting, we will use these data release updates to share when we expand our reporting or find interesting insights in the data. For our first data deep dive, we are following up on the exploration into the uptick in circumvention claims we hinted at in the 2022 transparency report.
If you look at the circumvention claims chart of the Digital Millennium Copyright Act (DMCA) takedowns section, you’ll notice that there was an abrupt increase in DMCA notices for alleged circumvention in 2022. What caused this change?
As shown above, we processed 365 notices that alleged circumvention in 2022 and 406 notices in 2023 compared to just 92 notices over the entire year of 2021. In terms of average notices per month, that’s more than four times the volume (7.67 per month in 2021 vs. 33.83 per month in 2023).
What happened at the end of September 2021?
A particularly observant chart-reader might be wondering why the slope of the line changed abruptly at the end of September 2021 from ~2 per month to ~30 per month.
On September 29, 2021, we updated our DMCA takedown submission form with questions related to circumvention. We made this change because DMCA circumvention claims typically require more extensive review, and marking takedown requests as circumvention claims allows us to triage them appropriately.
We anticipated that making this change could result in more submitters alleging circumvention, so shortly before the form update, we began adding annotations if we processed a circumvention-alleging takedown notice for reasons other than circumvention.
Breaking out the notices that alleged circumvention into notices we processed due to circumvention vs. those we processed on other grounds—such as for violating our Acceptable Use Policies—it appears that while significantly more notices we process allege circumvention, the rate at which we process takedown notices because of circumvention hasn’t accelerated.
What does this mean?
Under our developer-focused approach to the DMCA, every takedown notice we receive that contains a credible circumvention claim and can’t be processed on other grounds, such as a valid copyright infringement claim, or a violation of our Acceptable Use Policies, is reviewed by a team of lawyers and engineers.
While this form change has resulted in an increase in circumvention claims and, consequently, time spent reviewing these claims, this process is an important component of our commitment to developers. GitHub handles DMCA claims with a goal to maximize the availability of code by limiting disruption for legitimate projects. Accordingly, we designed our DMCA Takedown Policy to safeguard developer interests against overreaching and ambiguous takedown requests. Each time we receive a valid DMCA takedown notice, we redact personal information, as well as any reported URLs where we were unable to determine there was a violation. We then post the notice to a public DMCA repository, where curious readers can find the redacted text of these notices, parse this data with regexes, and create charts like those in this deep dive. If you don’t want to do bespoke data analysis to classify circumvention claims, we plan to include this in a future transparency center update.
The DMCA generally makes it unlawful to circumvent technological measures used to prevent unauthorized access to copyrighted works, but it also establishes a triennial rulemaking process where users can petition for temporary exemptions to the prohibition of circumvention for noninfringing uses of copyrighted works. In the last rulemaking proceeding, GitHub filed comments advocating for a broader safe harbor for good faith security research. The ninth triennial proceedings are currently ongoing, and are considering interesting exemptions for software preservation, text and data mining, and generative AI research. We encourage developers to follow along and engage with DMCA reform as important stakeholders.
Tags:
Written by
Related posts
GitHub and JFrog partner to unify code and binaries for DevSecOps
This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world.
2024 GitHub Accelerator: Meet the 11 projects shaping open source AI
Announcing the second cohort, delivering value to projects, and driving a new frontier.
Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners
The world of Copilot is getting bigger, improving the developer experience by keeping developers in the flow longer and allowing them to do more in natural language.