GitHub Blocks Devs in US Sanctioned Countries Due to Trade Control Regulations

github

A developer from Crimea, in Eastern Europe, was confronted with limitations on his GitHub account because of US trade control regulations.

Anatoliy Kashkin uses the services provided by GitHub to host his website and to maintain a game management tool called GameHub. Earlier this week, he was notified of the U.S. trade sanctions imposed on his access to the account and resources.

GitHub-Trade_Control-Notif

This translated in particular into 404′ not found’ error when trying to access his website hosted by GitHub and unable to create new private repositories.

Existing private repositories for Kashkin have also been off-limits. When trying to get to them, he found them disabled because of the restrictions on U.S. trade control law.

However, public repositories could be created but they could not be deleted. The developer was able to delete public code after some time.

GitHub states that the code and information uploaded to its platform, including the Enterprise Server, “can be subject to trading regulations, including in accordance with U.S. Export Government Regulations (EAR),” including the Crimean region of Ukraine, Cuba, Iran, North Korea, and Syria. This lists of the countries that face U.S. government sanctions. This affects developers in these areas.

GitHub-Trade_Control-DisabledRepo

Although Kashkin has alternatives to keep his website and code open to the public, people with GitHub assets have easy access.

“Discoverability is also a very important factor. I don’t think many people will find GameHub on a self-hosted server somewhere and I don’t think many of them will report issues there either.” – says Kashkin

In addition, GitHub has a record in dealing quickly and efficiently with security problems. An alternative to self-hosting is the problem of the patching routine, for example. This affects the code development cycle and may in many cases involve longer exposure periods.

Since Kashkin has been notified of limited access, other developers ‘ projects in sanctioned areas face the same problems.

On Friday, Indian full-stack engineer Akash Joshi noted that the limitations waved, so some developers had time to plan to switch to another service.

According to Iranian developer Parham Alvani, GitHub restrictions occurred without warning, which prevented them from executing their projects.

“GitHub used to be an open and free platform for everyone, but it has decided to restrict Iranian accounts from contributing and being part of the open-source ecosystem. Although we understand GitHub might make this decision under the pressure of US government, we were expecting more respectful action from GitHub.” – Parham Alvani

Alvani also referred to a number of Iranian developer open source projects that were affected by the restrictions. Here is a larger list of them.

A further software engineer from Iran also discussed the rips of this decision, which extends to everyone in countries facing U.S. sanctions and could also affect the development and maintenance of open-source projects.

The developer said Riot, the company behind the League of Legends game, informed their users that because of current US legislation and regulations affecting their region, they can not get into the game any longer.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.