https://www.bleepingcomputer.com/news/security/microsoft-sued-for-open-source-piracy-through-github-copilot/ BleepingComputer.com logo * * * [ ] [Login] [Sign up] * * * [ ] [Login] [Sign up] * News + Featured + Latest + New Windows 'LockSmith' PowerToy lets you free locked files New Windows 'LockSmith' PowerToy lets you free locked files + Malicious Android apps with 1M+ installs found on Google Play Malicious Android apps with 1M+ installs found on Google Play + Emotet botnet starts blasting malware again after 4 month break Emotet botnet starts blasting malware again after 4 month break + Hundreds of U.S. news sites push malware in supply-chain attack Hundreds of U.S. news sites push malware in supply-chain attack + Microsoft sued for open-source piracy through GitHub Copilot Microsoft sued for open-source piracy through GitHub Copilot + Master Excel with early Black Friday pricing on 72 hours of training Master Excel with early Black Friday pricing on 72 hours of training + FBI: Hacktivist DDoS attacks had minor impact on critical orgs FBI: Hacktivist DDoS attacks had minor impact on critical orgs + ACE seizes 42 soccer and live TV piracy web domains with millions of visitors ACE seizes 42 soccer and live TV piracy web domains with millions of visitors * Downloads + Latest + Most Downloaded + Qualys BrowserCheck Qualys BrowserCheck + STOPDecrypter STOPDecrypter + AuroraDecrypter AuroraDecrypter + FilesLockerDecrypter FilesLockerDecrypter + AdwCleaner AdwCleaner + ComboFix ComboFix + RKill RKill + Junkware Removal Tool Junkware Removal Tool * Virus Removal Guides + Latest + Most Viewed + Ransomware + Remove the Theonlinesearch.com Search Redirect Remove the Theonlinesearch.com Search Redirect + Remove the Smartwebfinder.com Search Redirect Remove the Smartwebfinder.com Search Redirect + How to remove the PBlock+ adware browser extension How to remove the PBlock+ adware browser extension + Remove the Toksearches.xyz Search Redirect Remove the Toksearches.xyz Search Redirect + Remove Security Tool and SecurityTool (Uninstall Guide) Remove Security Tool and SecurityTool (Uninstall Guide) + How to remove Antivirus 2009 (Uninstall Instructions) How to remove Antivirus 2009 (Uninstall Instructions) + How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo + How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller + Locky Ransomware Information, Help Guide, and FAQ Locky Ransomware Information, Help Guide, and FAQ + CryptoLocker Ransomware Information Guide and FAQ CryptoLocker Ransomware Information Guide and FAQ + CryptorBit and HowDecrypt Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ + CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ * Tutorials + Latest + Popular + How to open a Windows 11 Command Prompt as Administrator How to open a Windows 11 Command Prompt as Administrator + How to make the Start menu full screen in Windows 10 How to make the Start menu full screen in Windows 10 + How to install the Microsoft Visual C++ 2015 Runtime How to install the Microsoft Visual C++ 2015 Runtime + How to open an elevated PowerShell Admin prompt in Windows 10 How to open an elevated PowerShell Admin prompt in Windows 10 + How to start Windows in Safe Mode How to start Windows in Safe Mode + How to remove a Trojan, Virus, Worm, or other Malware How to remove a Trojan, Virus, Worm, or other Malware + How to show hidden files in Windows 7 How to show hidden files in Windows 7 + How to see hidden files in Windows How to see hidden files in Windows * Deals + Categories + eLearning eLearning + IT Certification Courses IT Certification Courses + Gear & Gadgets Gear + Gadgets + Security Security * Forums * More + Startup Database + Uninstall Database + Glossary + Chat on Discord + Send us a Tip! + Welcome Guide * Home * News * Security * Microsoft sued for open-source piracy through GitHub Copilot * * Microsoft sued for open-source piracy through GitHub Copilot By Bill Toulas * November 5, 2022 * 10:07 AM * 1 GitHub Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of programmers. GitHub Copilot, released in June 2022, is an AI-based programming aid that uses OpenAI Codex to generate real-time source code and function recommendations in Visual Studio. The tool was trained with machine learning using billions of lines of code from public repositories and can transform natural language into code snippets across dozens of programming languages. Clipping authors out While Copilot can speed up the process of writing code and ease software development, its use of public open-source code has caused experts to worry that it violates licensing attributions and limitations. Open-source licenses, like the GPL, Apache, and MIT licenses, require attribution of the author's name and defining particular copyrights. However, Copilot is removing this component, and even when the snippets are longer than 150 characters and taken directly from the training set, no attribution is given. Some programmers have gone as far as to call this open-source laundering, and the legal implications of this approach were demonstrated after the launch of the AI tool. Tweet "It appears Microsoft is profiting from others' work by disregarding the conditions of the underlying open-source licenses and other legal requirements," comments Joseph Saveri, the law firm representing Butterick in the litigation. To make matters worse, people have reported cases of Copilot leaking secrets published on public repositories by mistake and thus included in the training set, like API keys. Apart from the license violations, Butterick also alleges that the development feature violates the following: * GitHub's terms of service and privacy policies, * DMCA 1202, which forbids the removal of copyright-management information, * the California Consumer Privacy Act, * and other laws giving rise to the related legal claims. The complaint was submitted to the U.S. District Court of the Northern District of California, demanding the approval of statutory damages of $9,000,000,000. "Each time Copilot provides an unlawful Output it violates Section 1202 three times (distributing the Licensed Materials without: (1) attribution, (2) copyright notice, and (3) License Terms)," reads the complaint. "So, if each user receives just one Output that violates Section 1202 throughout their time using Copilot (up to fifteen months for the earliest adopters), then GitHub and OpenAI have violated the DMCA 3,600,000 times. At minimum statutory damages of $2500 per violation, that translates to $9,000,000,000." Harming open-source Butterick also touched on another subject in a blog post earlier in October, discussing the damage that Copilot could bring to open-source communities. The programmer argued that the incentive for open-source contributions and collaboration is essentially removed by offering people code snippets and never telling them who created the code they are using. "Microsoft is creating a new walled garden that will inhibit programmers from discovering traditional open-source communities," writes Butterick. "Over time, this process will starve these communities. User attention and engagement will be shifted [...] away from the open-source projects themselves--away from their source repos, their issue trackers, their mailing lists, their discussion boards." Butterick fears that given enough time, Copilot will cause open source communities to decline, and by extension, the quality of the code in the training data will diminish. BleepingComputer has contacted both Microsoft and GitHub for a comment on the above, and we received the following statement from GitHub. "We've been committed to innovating responsibly with Copilot from the start, and will continue to evolve the product to best serve developers across the globe." - GitHub. Related Articles: Learn how to create digital stories with this Scratch training deal npm packages used by crypto exchanges compromised Learn a new programming language with this 2023 coding bundle deal Microsoft Teams now boasts 30% faster chat, channel switches New Windows 'LockSmith' PowerToy lets you free locked files * Coding * GitHub * Microsoft * Open Source * Programming * * * * * Bill Toulas Bill Toulas is a technology writer and infosec news reporter with over a decade of experience working on various online publications. An open source advocate and Linux enthusiast, is currently finding pleasure in following hacks, malware campaigns, and data breach incidents, as well as by exploring the intricate ways through which tech is swiftly transforming our lives. * Previous Article Comments * h_b_s Photo h_b_s - 6 hours ago + + I remind everyone in the US and informing people elsewhere that the only arbiters of copyright infringement in the US are the US federal courts for works after 1976. Either this falls under the Fair Use exemptions (and no license is needed) or it doesn't, in which case the license grants and relevant laws matter and untangling them is the job of the judge/jury. Without a license there is no grant to use anything covered by copyright under US law aside from Fair Use. Just because there is no stated license doesn't mean a covered creation is free to use, quite the opposite. I also remind people that since Oracle v. Google all parts of source code fall under copyright protections, not just the body of a program, but header files that define APIs as well. There is a well established 4 point test for Fair Use. I wouldn't hold my breath Copilot would meet all four points as required (use can't just meet one or two, it must meet all four). https://fairuse.stanford.edu/overview/fair-use/four-factors/ "Open-source licenses, like the GPL, Apache, and MIT licenses, require attribution of the author's name and defining particular copyrights." is misleading. I'm pretty sure the GPL v2 and 2 clause BSD licenses do not require attribution of the authors, but they do require retention and notification of the terms of copyright licensing grants. While they don't require author attribution, it's common practice to leave author names in for the sake of courtesy, history, and for maintenance or questions. It's also a requirement for the use of GPL software for any version of the license to provide access to any downstream changes, the license notice, and access to the original source tree to users of any resulting binaries. It's also problematic for Microsoft that to change licensing agreements in the US requires the consent of all contributers to a project, not just the person that uploaded it. This is a HUGE can of worms that's been opened here. Post a Comment Community Rules You need to login in order to post a comment [Login] Not a member yet? Register Now You may also like: [INS::INS] Popular Stories * Z-Library Z-Library eBook site domains seized by U.S. Dept of Justice * UK NCSC British govt is scanning all Internet devices hosted in UK Newsletter Sign Up To receive periodic updates and news from BleepingComputer, please use the form below. [ ] [Submit] Newsletter Sign Up [ ] [Submit] * Follow us: * * * * Main Sections * News * Downloads * Virus Removal Guides * Tutorials * Startup Database * Uninstall Database * Glossary Community * Forums * Forum Rules * Chat Useful Resources * Welcome Guide * Sitemap Company * About BleepingComputer * Contact Us * Send us a Tip! * Advertising * Write for BleepingComputer * Social & Feeds * Changelog Terms of Use - Privacy Policy - Ethics Statement Copyright @ 2003 - 2022 Bleeping Computer^(r) LLC - All Rights Reserved Login Username [ ] Password [ ] [*] Remember Me [ ] Sign in anonymously [Login] Sign in with Twitter button Sign in with Twitter --------------------------------------------------------------------- Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? * ( )Spam * ( )Abusive or Harmful * ( )Inappropriate content * ( )Strong language * ( )Other [ ] * [ ] Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT