Microsoft has announced it is buying Github. The developer community must act now to ensure that we are protected from exploitation. Here, we outline a list of actions Microsoft should take to earn our trust and protect the Github community.
How to Save GitHub
Popular to the point of ubiquity, GitHub is the dominant platform for open source hosting and version control for program development. It also has emerged as an unofficial social network for the programming community. Control of GitHub grants Microsoft insight not only into the trends and activity in the entire programming world—but also into those individuals and entities shaping those trends. To protect programmers and to ensure that Microsoft does not use personal information to the detriment of users, competitors, or competition, we propose two, unobtrusive, common sense ways that Microsoft, or the Federal Trade Commission through merger conditions, could protect the Github and developer communities.
The Nonprofit Alternative
Microsoft should set up GitHub as a non-profit organization, similar to the Linux Foundation, Apache Foundation, Wikipedia, Mozilla, or even ICANN (the Internet Corporation for Assigned Names and Numbers). These non-profit organizations offer models for how Github could operate in a neutral way that benefits both the developer community and private industry.
The Commitment Alternative
In the alternative, should Microsoft be unwilling to create a GitHub non-profit, we strongly urge Microsoft to make the following commitments to protect personal information and prevent any possible harm to the competitive programming industry. There are many precedents for these types of protections. For instance, the Federal Communication Commission’s (FCC) non-structural safeguards ensured that incumbent telephone companies did not use, among other things, private customer information, to take an unfair advantage in computerized network development.
- Transparency in Policy – Microsoft should disclose any changes it makes to Github, its policies, and account requirements–as well as immediately and publicly posting all takedown requests and the resulting actions, if any.
- Transparency in Data Use – Microsoft should disclose any changes in how GitHub uses or analyzes the personal information of developers.
- Third Party Monitor – Microsoft should appoint a third party monitor, a developer’s ombudsman, who has authority to ensure Microsoft abides by its commitments to the developer community.
- Non-discrimination – GitHub should continue to offer a neutral platform for all programs and developers. There must be no preferential treatment for proprietary code or affiliated developers and no discrimination against open source code or developers.
- No “Microsoft store” – The Github marketplace must not discriminate in favor of Microsoft products, or against products made by, or for, competitors. Microsoft should operate the store in a completely neutral manner.
- GitHub Should Remain a Platform, not a Microsoft Store – Microsoft should not turn Github into a sales or marketing channel. It cannot use the GitHub platform to market its own products or services.
- Hands off Developers’ Private Data – There must be a “Chinese Firewall” ensuring that GitHub users’ private information is never shared with Microsoft.
- No Mini-Mergers – Microsoft should never merge GitHub data with any of its other verticals.
- No Sharing or Selling Developer Data – Microsoft’s should not sell or disclose developer information to third parties.
- Opt-in – Github users should be able to “opt in” to communications from Microsoft, rather than being required to opt out of emails and other communication.
- Microsoft should commit to never using the information it has on Github users to pursue IP lawsuits, nor should it allow patent trolls, such as Intellectual Ventures, in which Microsoft has been an investor, to file such suits on its behalf.