
GitHub and Trade Controls - bass3l
https://help.github.com/en/articles/github-and-trade-controls
======
Ahmed90
These rules are so stupid and actually hurts no one but the poor individual
developer, a few years ago I used to live in Syria before the events. I had to
find 3rd party mirrors or VPNs for the stupidest shit... like Nvidia graphics
driver, adobe flash player, Java runtime and silly stuff like that, some ISPs
had public download pages where you can find these general utilities most of
it was outdated but does the job.

I guess the US is afraid that terrorists may develop weapons using Adobe flash
player xD

~~~
guitarbill
It's also a huge waste of time for companies in the US, and to companies all
over the world that use US-based services like GitHub.

> GitHub.com may not be used for purposes prohibited under applicable export
> control laws, including purposes related to the development, production, or
> use of nuclear, biological, or chemical weapons or long range missiles or
> unmanned aerial vehicles.

Not only is this sentence an affront to the English language, but I hope you
aren't trying to develop any drone software on GitHub...

~~~
bifrost
If you're trying to develop any technology which requires trade secrets or IP
protection -> you should not be using a public SaaS.

~~~
jstanley
But there's no reason quadcopter software should require trade secrets or IP
protection. It could just as easily be open source, and yet it still sounds
like the rules prohibit it.

~~~
gumby
From skirmishes in the 1990s crypto wars I can assure you plenty of open
source software was export controlled.

In fact this was a drive for some of Cygnus' overseas offices: not to evade
the law but to do development that could not be spoiled by accidentally
exposing it to a person subject to export control laws. Stupidly, we could
_import_ that software into the States, but people there couldn't fix bugs in
it, only file reports.

------
zelon88
It's honestly about time.

I've been sounding the alarm bells about ITAR, DFARS, EAR compliance for a
while now! None of the software vendors I've talked to seem to understand that
it is AGAINST THE LAW to upload customer supplied IP to their super-secure
Cloud based product that they're trying to get me to switch too. "The lowest
TCO, you'll get ROI in 6 months!"

Ya, but are you compliant with NIST 800-171 requirements?

"Ohhh, uhhh... I don't know. I'll ask the engineering team but I'm sure we're
fine!"

Ya, ok.

~~~
stingraycharles
I suspect this is one of the things that Microsoft has more experience with,
and we might be seeing their influence here.

------
DannyBee
It's funny how people used to complain that code.google.com did this but
github didn't, and didn't like the answer that "the difference is that Github
is not compliant with the law".

I suspect people will now complain that github does this but <x new service>
does not :)

------
Juliate
That's a good reminder that, given the slight deterioration of the USA
strategic/diplomatic stability in the past few years, using any US-based
services without a strictly non-US backup is like playing poker.

And it happens we're a lot to play poker here.

~~~
bifrost
ITAR has been in place for decades...

~~~
mindslight
Things had been getting better though, rather than worse. When was the last
time someone had to publish cryptographic software by printing it on a stack
of paper?

~~~
bifrost
I don't think the lack of someone being convicted of ITAR violations means
we're doing better TBH.

People are only going to complain about this after normal people start going
to jail.

------
aaomidi
This is just sad. I feel for all my open source developers in these countries.

I feel for all my peers who I spent my undergrad with in Iran.

These archaic laws need to be deleted. America needs to be shamed for making
it so hard for people to gain skills in these countries. Companies need to be
shamed for not challenging these laws.

~~~
abstract7
Shame should be directed at the sanctioned govts like that of Cuba that jail
or kill people for political dissent. And shame on companies that help them.
These regimes are unelected or sponsor terrorism, like Iran. They must not
grow. It's a bad situation all around and there is no other peaceful
alternative. Crippling these govts provides them with less resources to setup
extreme surveillance grids and control, like China who has Muslims under total
surveillance and has 1 million of them in a camp (they aren't trying to sneak
into China). They also harvest political prisoner organs and millions of
unregistered women are in hiding because of the 1-child policy (not too
mention females are aborted at an extreme rate). Iran's people have a shot
because it's hard for the govt to control them with limited resources. The
Soviets were energized by not so bad relations with the West after WII. That
gave them the build up for future proxy wars and destroying pockets of
dissent, including entrenching the CPB and North Korea. And if we didn't
resist and sanction, hundreds of millions would now be under the thumb of the
Soviets and possibly under German Nationalist Socialists if the free world did
not fight and sanction them too.

~~~
bluemmb
Are you sure that you know where do you live yourself? How many people life
have USA ruined or ended for only it's own good? should I mention the whole
Africa, Iraq, Afghanistan, Palestine, Iran, .... USA has ruined these people
life only for the money and power. USA starts many of the terrorism groups,
don't be blind, nobody create these groups nearby himself. It does this so it
can sell it's weapons. It's like USA has made a playground way outside of his
home, starting fights and selling weapon to them to fight and get money out of
it and showing itself no related and sorry for all of these. Do you even
understand not being able to buy a simplest drug for cancer of your close
people what can do to you?

~~~
abstract7
The neocons that blundered in Iraq and the neoliberals (like former Sec State
HRC) that overthrew the Libyan dictatorship and targeted the Syrian autocracy,
were democratically removed from leading US foreign policy. Democracy here
adjusts. The 45th has accelerated the withdrawal from Syria due to anger from
voters. The neocons and neoliberal have been pushing for Syrian escalation and
the ousting of Assad. And there is now a peace path with North Korea, despite
again extreme criticism by the necons and neoliberal.

On the other hand there is no accountability in Iran, Russia, or Syria. Russia
just straight up annexed Crimea. And Putin is still in power and popular among
Russians. Assad still hasn't held more than a single election in 5 decades.
Again, the Bushs are out because of Iraq. And Afghanistan (that sheltered
terrorist Al Queda) has a trillions in USD in rare earth deposits, yet we buy
from China almost exclusively. China is not our friend anymore. We don't even
own Iraqi oil.

Sanctions are just. And Nazis, Imperial Japan, and the Soviets were once
embargoed, and they would be running an impoverished world today, if not for
the US-led efforts. To the contrary, world GDP has increased many fold and US
inventions, like the internet, lift billions out of poverty and into the
drivers seats of their futures. Defeated former foes in Japan, Germany, even
Russia, et all, and the defended like South Korea are doing fabulously after
wisely focusing on building instead of launching an insurgency (after losing)
because of "Death to Israel and the Great Satan" or whatever. Shame on the
insurgents for plunging Iraq into disarray.

I have no idea what you're talking about with Palestine. The Palestine
Authority pays million of dollars (from billions in US aid) a year to the
families of terrorists (the longer the prison sentence, the more they pay),
like someone that goes into a jewish house and stabs the entire family to
death. Iran also supports terrorist Palestinian Hamas. Again, a lot of
complaining and little building. Sanctions would come off if they stopped
strapping on suicide vests because "Death to Israel".

Is our republic perfect? No. But more people have immigrated here than
anywhere in history. We still take in more immigrants than anywhere else. And
families that refuse to wait in line, risk their lives to cross desserts to
wind up in temporary detention centers for a few a weeks just to get a
residency court date. We have a Muslim Somali immigrant woman that's elected
into Congress, and routinely disrespects our ally Israel and even the US. She
is not in prison because of our freedoms. How many immigrant Jewish Americans
are elected in Somalia?

Which country are you from?

------
imglorp
> Travel in these regions may impact your account status,...

?!?@!

~~~
nness
I believe Slack did this too; if you've ever signed-in to Slack within a
country that is currently restricted, your account was just deleted without
warning.

~~~
bifrost
Thats a good one! One more reason not to use Slack.

~~~
phkahler
Or one more reason not travel to sanctioned countries.

~~~
bifrost
Fair, there's usually a good reason they're sanctioned heh.

~~~
nameismypw
Hegemony isn't a good reason.

------
rad_gruchalski
“GitHub.com may not be used for purposes prohibited under applicable export
control laws, including purposes related to the development, production, or
use of nuclear, biological, or chemical weapons or long range missiles or
unmanned aerial vehicles.“

So anybody developing any kind of drone and hosting on github is breaking the
law?

~~~
bifrost
Basically yes.

~~~
rad_gruchalski
That was a rhetorical question. But, yeah, wow.

------
elygre
I find it awesome that they actually have a defined and documented Appeals
Process.

------
bifrost
Related to this post I just made:
[https://news.ycombinator.com/item?id=20527070](https://news.ycombinator.com/item?id=20527070)

------
ezoe
Reminds me of a US based PC vendor(I think it was Dell or IBM) whose web site
store has a check box like : I do not use this product for nuclear weapon
development.

~~~
stunt
Wow! What kind of product was it? I assume it wasn’t a laptop or a general
purpose server hardware.

~~~
op00to
I've had to certify that license term when I bought servers for an academic
research lab that did nothing with nuclear energy. (We actually worked with
infectious diseases, way more dangerous imo!)

------
UglyToad
Seems a real shame there's no mainstream alternative not subject to the US'
belligerent foreign policy. Does anyone know if Gitlab is subject to the same
restrictions?

The sanctioned countries and regions fall even further behind and open source
developers have to deal with the fallout of America's broken foreign policy.

~~~
bifrost
Any SaaS run out of a first world country is subject to this.

AFAIK its probably not illegal to run your own Git/SVN server...

------
noarchy
This page doesn't appear to have a date on it. Is this something new that
GitHub is doing? If so, is this Microsoft's influence we're seeing?

~~~
bass3l
Yes it's new, my repos were disabled today

~~~
rwmj
What was the particular reason given?

~~~
bass3l
Living in a sanctioned country.

------
blackoil
How feasible is for Github to create an EU organization, which is effectively
mirror of github.com? So all commits, issues,... are cloned in both. But .eu
usage is not governed by US law. Also, repos can be blacklisted from .com/.eu
based on rules.

~~~
jrochkind1
I would not be optimistic about that working as any kind of legal loophole to
get around US export restrictions. I don't know any reason it would. (I am not
a lawyer).

~~~
Dayshine
What if users had the option to host repositories in EU servers run by the EU
subsidiary? There's no exporting then right?

~~~
bifrost
The EU has its own set of restrictions but I'm not sure of the overlap. I'm
sure the US could get the other countries on that list.

------
tzs
OT:

> On which countries and territories are U.S. government sanctions applied?

> Crimea, Cuba, Iran, North Korea, and Syria.

Crimea? Isn't that part of Russia now, so what is the point of sanctions
against Crimea? To affect Crimean policy wouldn't they need to sanction
Russia, not Crimea?

~~~
true_religion
Policy lets you sanction individual regions of a country by saying the port of
entry or destination port is subject to sanctions.

So you can take a ship with X to Russia proper, but not to Crimea. Or you can
work with a Russian bank, but not a Russian bank based in Crimea.

It's like how Hong Kong is considered a separate territory, despite being a
part of China.

