Twitter has obtained a subpoena compelling GitHub to provide identifying information on a user who posted portions of Twitter’s source code.
Twitter on Friday asked the US District Court for the Northern District of California to issue a subpoena to GitHub. A court clerk signed off on the subpoena yesterday.
GitHub user “FreeSpeechEnthusiast” posted Twitter source code in early January, shortly after Elon Musk bought Twitter and laid off thousands of workers. Twitter reportedly suspects the code leaker is one of its many ex-employees.
GitHub removed the code repository on Friday shortly after Twitter filed a DMCA (Digital Millennium Copyright Act) takedown notice. Twitter’s takedown notice also requested identifying information on FreeSpeechEnthusiast, but GitHub didn’t provide those details to Twitter immediately.
GitHub must produce details by April 3
With the subpoena now issued, GitHub has until April 3 to provide all identifying information, “including the name(s), address(es), telephone number(s), email address(es), social media profile data, and IP address(es), for the user(s) associated with” the FreeSpeechEnthusiast account. GitHub was also ordered to provide the same type of information on any “users who posted, uploaded, downloaded or modified the data” at the code repository posted by FreeSpeechEnthusiast.
We contacted GitHub and will update this article if we get a response. GitHub is owned by Microsoft.
The code was apparently on GitHub for months before Twitter executives became aware of the leak. A New York Times article on Sunday quoted sources indicating that Twitter executives are concerned “that the code includes security vulnerabilities that could give hackers or other motivated parties the means to extract user data or take down the site.”
Obtaining subpoenas not that difficult
Getting a DMCA subpoena doesn’t seem to be all that difficult if it pertains to someone who directly posted infringing content. The DMCA text says that if a notification of infringement satisfies the provisions of the law, and if “the proposed subpoena is in proper form, and the accompanying declaration is properly executed, the clerk shall expeditiously issue and sign the proposed subpoena and return it to the requester for delivery to the service provider.”
GitHub could theoretically still challenge the subpoena demands. “While DMCA subpoenas are meant to provide a legal fast lane to reveal the identity of an alleged infringer, platforms receiving a subpoena can challenge it in court, especially if they feel that it will implicate the free speech rights of the user,” a Bloomberg article notes.
Not every subpoena request related to copyright is a slam dunk. We previously wrote about film studios trying to force Reddit to identify users who posted comments about piracy. In that case, the subpoena was signed by a film studio lawyer and not signed off on by the court. The film studios’ request was part of an attempt to prove that Internet service provider RCN turned a blind eye to privacy.
After the studios filed a motion to compel Reddit to respond to their subpoena, Reddit told the court that the request should be rejected, saying the studios “can obtain evidence about RCN’s repeat infringer policies in countless ways that do not involve unmasking anonymous online speakers.” Reddit and the film studios then agreed to have the case be heard by a magistrate judge.
In a separate case, Marvel asked the District Court for the Northern District of California this month to issue subpoenas to both Reddit and Google demanding the identities of people allegedly involved in the pre-release leak of dialogue from Ant-Man and the Wasp: Quantumania. The court approved the subpoena of Google and the subpoena of Reddit a few days after Marvel’s request.