Github Blocks Iran Devs to Comply With US Sanctions


GitHub restricts developer accounts based in Iran, Crimea, and other countries under US sanctions

By Jubin Katiraie

GitHub, the world’s largest host of source code, has abruptly blocked access to the private code repositories and paid accounts of developers or companies in Iran, Cuba, North Korea, Crimea, and Syria to comply with US trade sanctions, but this has caused an outcry from developers who unexpectedly lost their work.

CEO Nat Friedman said he regretted having to make the decision, but the company was subject to US trade law, like any other “company that does business in the US”, and had to comply with ongoing US government sanctions and export laws. He also clarified that prior warning would have been illegal, but that the public repos remained open to everyone and that developers could download their private repos.

It is not immediately clear how many repositories were closed because of the move, but 80% of GitHub’s 31 million developers are outside the US.

Github, which was by Microsoft in 2018 for $7.5 billion, published a Q&A on its website about the move.

The company wrote: “As US trade controls laws evolve, we will continue to work with US regulators about the extent to which we can offer free code collaboration services to developers in sanctioned markets. We believe that offering those free services supports US foreign policy of encouraging the free flow of information and free speech in those markets.”

They added: “Availability in U.S. sanctioned countries and territories will be restricted, however, certain GitHub services may be available for free individual and free organizational accounts. This includes limited access to GitHub public repository services (such as access to GitHub Pages and public repositories used for open source projects), for personal communications only, and not for commercial purposes. The restriction also includes suspended access to private repository services and paid services (such as availability of private organizational accounts and GitHub Marketplace services).”

They also pointed developers intending to store export-controlled data to its enterprise server offering, which is a self-hosted virtual appliance that can be run within users’ own data centre or virtual private cloud.

The restrictions are based on a user’s location — garnered through tracking their IP address and payment history — but has warned people not to use “IP proxies, [virtual private networks or] VPNs, or other methods to disguise their location when accessing services”. It is not know how they will enforce this.

Work collaboration service Slack made a similar move in December last year.