back to article GitHub courts controversy by suspending Tornado Cash developers and reneging on cookie commitments

GitHub over the past week has tested the trust of its users by enacting policies that call into question its commitment to free speech and privacy. On Monday, the Microsoft-owned biz removed the account for virtual currency mixer Tornado Cash after the US Treasury Department sanctioned the service for apparently helping to …

  1. Joe W Silver badge

    emoji

    can apparently have quite different meaning depending on cultural background. The "thumb up" could be something very rude (and I recall being told so by a foreign former colleague).

    I always wonder about the free speech argument, and I'm pretty sure it does not apply there, I thought it applied to government trying to hinder free expression of thought. Also, "it might be not strictly illegal" is a pretty weak defense.

    Yeah, I'll get downvoted for that observation, even though I did not condone Microsoft's behaviour. Weird what people read into text.

    1. Richard 12 Silver badge

      Re: emoji

      Private companies aren't required to provide their goods and services to everyone, but there are limits to the reasons they are permitted to use.

      Eg it's illegal to refuse due to a protected characteristic, but you can close on Tuesdays.

      1. Anonymous Coward
        Anonymous Coward

        Re: emoji

        yeah, not sure being a criminal helping twat is a protected characteristic.

        But then again seem to have worked for boris and the orange mango

        1. ratcatcher67

          Re: emoji

          So a criminal buys a burger at mc donalds, does that make mcDonalds a criminal helping twat...?

          1. Yes Me Silver badge

            Re: emoji

            Wrong question. If a criminal buys a set of picklocks and uses them to break into a house, you might reasonably ask whether the seller is at fault.

    2. Len

      Re: emoji

      If I'm not mistaken the American legal concept of Freedom of Speech (the European legal concept of Freedom of Expression works differently) is to regulate the relationship between an individual and the state, it doesn't not apply to companies. You can get fired from your corporate job if your boss doesn't like your speech.

      In this case GitHub does not have a duty to host your code whereas it has a duty to follow local laws around sanctioned entities. I'm typically hardly a defender of GitHub but in this case I don't see how else they could have responded (perhaps they could have left the contributors' accounts active with a warning to not put Tornado Cash code back).

      1. OhForF'

        Re: emoji

        IANAL and although not really familiar with US law but these arguments are not logical.

        If the state is not allowed to stop them from publishing the codes as that is protected by Freedom of Speech rights the state can't create a "local law" that forces GitHub to do what the state isn't allowed to do.

        If GitHub said it doesn't want them on their platform for their own reason Freedom of Speech would not apply.

        When GitHub says laws force them to kick them off their platform i think that law does violate their Freedom of Speech.

        1. jmch Silver badge

          Re: emoji

          But, as stated in the article, Github was NOT required by law to kick them off, as they were not mentioned persons in the sanctions. Github IS curbing their freedom of speech (although since it isn't the government doing the curbing, it is not protected under the 1st amendment)

          1. Anonymous Coward
            Anonymous Coward

            Re: emoji

            github is not curbing their freedom of speech.

            They are just being told to piss off somewhere else to do it.

            not sure github controls every server on the fucking planet.

            They are free to pay for their own server to spread that shit!

            1. Michael Wojcik Silver badge

              Re: emoji

              GitHub is free1 to terminate someone's account. You and other posters are correct that freedom of expression under the First Amendment does not constrain GitHub there.

              What's in question is GitHub's weasel excuse that they had to terminate the accounts due to the SDN listing, which appears to be completely bogus, both because the account holders were not listed, and because applying SDN restrictions to publishing source code does not withstand constitutional scrutiny. In other words, it's not GitHub's actions which are being questioned; it's their proffered reason for those actions.

              (How so many people manage to get this simple distinction wrong is puzzling. But then, as this thread shows, most people don't understand the First Amendment or the jurisprudence around it anyway. It most definitely does constrain the actions of private parties under some circumstances, for example.)

              1As far as the First Amendment goes; other laws may apply, particularly if GitHub enters into a contract with account holders – though I expect GitHub has constructed any such agreement to give itself maximum liberty to do whatever it wants.

      2. Mobster

        Re: emoji

        First amendment does indeed apply to interactions of the state with individuals. The key point here is that the state cannot compel an individual's code to be cause for sanction, as said code is considered a form of expression and the state is prohibited from retaliating against protected expression. As such, it calls into question whether the state even asked for said individuals to be sanctioned to begin with or if that was just GitHub trying to be "proactive" in some form or fashion. Laundering money is illegal, writing code to do so is not. Eventually GitHub will realize it.

    3. Michael Wojcik Silver badge

      Re: emoji

      I always wonder about the free speech argument, and I'm pretty sure it does not apply there, I thought it applied to government trying to hinder free expression of thought.

      Courts have consistently held that it also applies to private parties being used as government proxies, or attempting to use the government as a proxy. It doesn't just apply to direct government action.

      But that's irrelevant in this case, where the claim by the EFF and others is that the SDN listing could not be used to restrict the freedom to publish source code. They're not saying the First Amendment compels GitHub to allow the contributors to maintain accounts there; they're saying it prevents the government from compelling GitHub to remove the accounts, which was Microsoft's excuse for that action.

  2. DownUndaRob
    WTF?

    What a confusing country...

    So a Gun manufacturer can argue that they only make the gun, not pull the trigger.

    A car manufacturer can make a vehicle, not drive it and kill/maim people.

    But a piece of software can be pulled because some people choose to use it in a specific (allegedly unlawful) manner?????

    1. breakfast
      Boffin

      Re: What a confusing country...

      This is more like the gun than the car in that this is a piece of software which is designed only to be used for a specific task, and that task is money laundering. Even in America, if someone released a new kind of gun that could only be used to do crimes, there's a chance that the authorities would clamp down on it.

      1. Graham Cobb Silver badge

        Re: What a confusing country...

        1) The code is not just for money laundering. Mixers are used for more than just money laundering.

        2) Even if it was only used for money laundering, it is just code! The act of money laundering is illegal. Writing code that could be used as part of an illegal money laundering operation is not illegal. If you think that money laundering just involves running some code you found on the internet you are not going to last long as a money launderer :-)

        Killing people with a gun is illegal. Making or owning a gun may be illegal. But publishing an article describing how a gun works in detail is not.

        1. Def Silver badge

          Re: What a confusing country...

          But publishing an article describing how a gun works in detail is not.

          I think source code is more akin to detailed instructions for a 3D printer than a description of how guns work.

        2. Peter2 Silver badge

          Re: What a confusing country...

          Writing code that could be used as part of an illegal money laundering operation is not illegal. If you think that money laundering just involves running some code you found on the internet you are not going to last long as a money launderer :-)

          Traditionally, no. However, traditionally cryptocurrency didn't exist.

          With respect to your point 2; I would suggest that if it was only used for money laundering then a court might well decide that what you consider to be "just code" could mean that you were an accomplice or accessory to a crime, and creation of software used to commit an offense can be criminal; possession of certain "hacking" tools is a criminal offense in the UK in the same way possessing lockpicking tools without reasonable excuse is.

        3. Anonymous Coward
          Anonymous Coward

          Re: What a confusing country...

          please fucking explain

          "The code is not just for money laundering. Mixers are used for more than just money laundering."

          tax avoidance???? not really a good reason?

          1. Graham Cobb Silver badge

            Re: What a confusing country...

            See my other posts. Mixers are used for privacy. That might be for money laundering or it might just be to keep Fred from down the street knowing how much I spend on booze and hookers.

            Every Bitcoin transaction is public! That is why mixers exist.

            1. Anonymous Coward
              Anonymous Coward

              Re: What a confusing country...

              Nice argument for crypto is a shitty idea.

              The transactions are public, but unless you publish cross references to the "real" you, your wallet address is not related.

              I really hope they decided to prosecute any fuckwit with aiding and abetting who ran any crypto shit through it, as all should be held culpable

    2. Anonymous Coward
      Anonymous Coward

      Re: What a confusing country...

      > But a piece of software can be pulled because

      Do the words "powerful" and "lobby" suggest anything to you?

  3. An_Old_Dog Silver badge
    Headmaster

    Weasel-wording

    "GitHub still does not use any cookies to display ads, or track you across other sites." So, the actual tracking will be done by third parties, and Microsoft is simply helping them to do that -- presumably in exchange for a fee, or data-in-kind from those third parties.

    1. Anonymous Coward
      Anonymous Coward

      Re: Weasel-wording

      > So, the actual tracking will be done by third parties,

      And (not or) local storage artefacts.

  4. Neil Barnes Silver badge

    DNT

    Is there any point to the DNT flag? Given that it appears to be largely ignored...

    1. cyberdemon Silver badge
      Devil

      Re: DNT

      Not ignored at all, it's added to your data profile along with everything else. It provides a valuable marker to distinguish your data from that of other data cows - in that you said you wanted us not to track you. Hahaha, something to hide, peon?

      1. Gob Smacked

        Re: DNT

        A auto delete cookies plugins solves that - it's just that people are lazy about their privacy

        1. OhForF'

          Re: DNT

          >A auto delete cookies plugins solves that<

          Automatically deleting cookies (after the session end) does not solve being tracked by checking DNT flag set and other data points (screen resolution, os, ip address [block], user agent, ....).

          It just stops the lazy way of tracking using cookies.

          I still recommend deleting all cookies at session end as a first step to make it harder to track you.

  5. sabroni Silver badge
    Facepalm

    re: call into question its commitment to free speech

    Github are under no obligation to host your free speech.

    If you think they are then you don't understand any of this stuff.

    1. katrinab Silver badge
      Megaphone

      Re: re: call into question its commitment to free speech

      And requiring them to host it is a violation of Microsoft's free speech rights.

      Countries that don't respect free speech often require people to publish government propaganda. That is the reason why this is in place.

    2. Graham Cobb Silver badge

      Re: re: call into question its commitment to free speech

      Github are under no obligation to host your free speech.

      Indeed. But "the government told us not to host your free speech" is not a valid get-out clause. If they don't want to host those people's code that is fine. But don't pretend they are doing it because it would be illegal to host their code.

      1. sabroni Silver badge

        Re: not a valid get-out clause

        So their free speech should be curtailed in this case because you disagree with what they are saying?

        1. Oglethorpe

          Re: not a valid get-out clause

          I think you meant to reply to a different comment. That has nothing to do with what they said.

        2. Anonymous Coward
          Anonymous Coward

          Re: not a valid get-out clause

          Depends.

          Microsoft, as a private company, does not have to host the code. That is not a free speech consideration. Similarly the Reg can pull posts they find offensive or any other reason they choose.

          Now if the government is playing whack-a-mole with the code, forcing sites to take it down without a legal basis, that is arguably suppressing free speech.

      2. gnasher729 Silver badge

        Re: re: call into question its commitment to free speech

        They said "The government told us not to host your speech, and we defer to the wisdom of our government." So where did they pretend it was illegal to host the code? Plus, any sane business would not host code that _might_ be illegal to host. They are not going to take risks to host someones code.

        1. Inkey
          Childcatcher

          Re: re: call into question its commitment to free speech

          Really does'nt have anything to do with "free speach, freedom of expression or any free whatever"

          M$ tender for goverment contracts the world over and will do as they are told to do as paid pipers ...As evidenced by the reneg'ing on the tracking and cookie bull.... paying tune caller, paying the whore piper

    3. Oglethorpe

      Re: re: call into question its commitment to free speech

      They state, on their policy page:

      "Protecting developers’ ability to collaborate by providing a safe and inclusive space that transparently respects rights to free expression, assembly, and association."

      So while, no, in the strictest legal sense, they are under no legal obligation to host anything, it's pretty inconsistent and perhaps shitty for them to bow to legal pressure in the absence of a direct legal order. Especially after they patted themselves on the back over youtube-dl:

      https://github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back/

      Equally, it would be perfectly legal for them to add a series of breathtakingly offensive racial slurs to the end of all the code on their site but I'd complain about that (as, I hope, would others) too.

      1. sabroni Silver badge

        Re: free expression, assembly, and association

        Doesn't include free speech.

        1. jmch Silver badge

          Re: free expression, assembly, and association

          free expression = free speech

        2. Oglethorpe

          Re: free expression, assembly, and association

          It's disappointing that someone could fail to understand a fundamental human right (which many do not enjoy) so badly. Freedom of expression includes freedom of speech while protecting other forms of expression as well.

        3. nijam Silver badge

          Re: free expression, assembly, and association

          > Doesn't include free speech.

          Do you think "free expression" just means pulling funny faces?

    4. Michael Wojcik Silver badge

      Re: re: call into question its commitment to free speech

      If you think they are then you don't understand any of this stuff.

      If you think that's what at issue, you don't understand the case.

  6. bpfh Silver badge
    Black Helicopters

    Nobody was named in the sanctions

    But they could well be named in a National Security Letter that came along with the sanctions request, and MS cannot do anything about it, including saying that they even got one.

  7. Gob Smacked
    Facepalm

    Remember?

    No one seems to remember it was a bad thing MS taking over Github anymore. Think again then... lol

    It will harm incidental accounts first, then progress into full restrictive use over time.

    It's just nice to know there are a lot of alternatives to host open source projects: these will just starting to move over from now on...

    1. Anonymous Coward
      Anonymous Coward

      Re: Remember?

      I'm particularly excited by the new 'federation' support in Gitea (the Git server software used by forge services such as Codeberg and Hostea).

      This will allow any Gitea user, whether selfhosted or on a hosted service, to communicate with other Gitea servers. This means that you could create a pull request from your own account on your own Gitea for a repo hosted somewhere else for a project you collaborate on. You no longer need to have an account at each and every Gitea repo you occasionally contribute to.

      The reason so many projects gave up selfhosting Git and moved their repo to GitHub was because 'that's where the contributors are'. With federation support that reason to stay on GitHub is gone for some projects and we've already seen some high profile projects leave GitHub over the CoPilot debacle.

      Federation support also has some other benefits, such as being able to follow activity on various repos centrally from your Mastodon account, but that's obviously minor. GitHub supports Atom feeds and that already comes close.

      1. Gob Smacked

        Re: Remember?

        Decentralizing low bandwidth stuff hosted on Internet is most always a good idea and Open Source just plainly needs that. Sounds nice this yes... :)

      2. Anonymous Coward
        Anonymous Coward

        Re: Remember?

        That's great to hear! I knew they wanted to do this for a while so it's fantastic that they got there funding now. I'm looking forward to this!

        ElReg: give these guys some press FFS.

    2. M.V. Lipvig Silver badge
      Holmes

      Re: Remember?

      Could be a nice lttle money maker, that. Develop a code collaboration site, get everyone to move to it, sell to M$ for a gazillion bucks, set up another code collaboration site, et al. As fast as M$ goes through managers, it might make it through several rounds before they catch on.

  8. Howard Sway Silver badge

    sanctioned the service for apparently helping to launder virtual currency since 2019

    That's only 3 whole years they've done nothing about a blatant money laundering service - whilst there are daily reports of millions in stolen funds being laundered through it. I suppose the authorities thought that if people want unregulated pretend money, then they should just leave them to bear the consequences themselves when things go wrong, but have finally woken up to the fact that it's created a monstrous world of crime and involves dodgy state actors too.

    Pulling the code will have no effect, as it'll be available elsewhere, but all the bleating about free speech whenever a private company stops some harmful content on their platform is dumb and counterproductive. Eventually, like the boy who cried wolf, they'll be ignored, and that'll enable the bastards who want to really destroy free speech to make their moves. Pick your battles wisely.

    1. katrinab Silver badge
      Megaphone

      Re: sanctioned the service for apparently helping to launder virtual currency since 2019

      Yes, but people trusted Tornado to give them their money back because they have a track record of doing that.

      Will they be able to trust any of the alternative services not to run away with their money?

      Look for example at the alternative Silk Roads that popped up after the original was shut down.

  9. cantankerous swineherd

    protected speech or not, micros~ doesn't have to host it?

  10. VoiceOfTruth

    GitHub appears to have had no choice but to do so under US law.

    Remember that statement the next time you read or hear about an American company being "forced" to obey Chinese law when operating in China. I will brook no complaints about this. Either you are in favour of freedom of speech or you are not. You cannot be in favour of freedom of speech in China but not in the USA.

  11. iron Silver badge

    Creating software that is used to break the law is not free speech.

    Enabling scammers and hackers to destroy people's lives is not free speech.

    Propping up the NK regime is most definitely not free speech.

    Don't let these criminals fool you, there is no free speech here.

  12. Anonymous Coward
    Anonymous Coward

    "to better reach and improve the web experience for enterprise users."

    In English: to track you.

    1. M.V. Lipvig Silver badge

      Re: "to better reach and improve the web experience for enterprise users."

      M$ is an enterprise user as well as an enterprise provider; getting paid is a much better enterprise experience than not getting paid.

  13. Adrian 4 Silver badge

    Sanction ?

    it's an odd word.

    Would that be sanction as in 'allow, permit, approve'' or sanction as in 'order, punish' ?

    https://dictionary.cambridge.org/dictionary/english/sanction

    (stack exchange has a post with many examples)

    1. nijam Silver badge

      Re: Sanction ?

      > Sanction ? it's an odd word.

      One of several in the English language is (almost) its own antonym.

  14. paulr78

    Do not use Github!

  15. nijam Silver badge

    > ... open source code "is illegal now?"

    Always has been, in Microsoft's world.

  16. Jaybus

    Is it protected speech?

    "publishing the code on its own is protected speech"

    Radio jammers are illegal in the US, as they could be used to block GPS or emergency calls, yet publishing plans for making one is protected speech. On the other hand, as of August 24 the BATF rules will make publishing a 3D printer model file for making the receiver of a firearm illegal. So you see, until challenged in court, the interpretation of the law is left to the whims of bureaucrats at alphabet soup agencies. It is still too early to know whether or not the affected code is protected speech or not.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022