Today, the Partnership on AI (PAI) published a report, Risk Mitigation Strategies for the Open Foundation Model Value Chain. The report provides guidance for actors building, hosting, adapting, and serving AI that relies on open source and other weights-available foundation models. It is an important step forward for responsible practices in the open source AI value chain.

The report is based on a workshop that GitHub recently co-hosted with PAI, as part of our work to support a vibrant and responsible open source ecosystem. Developers build and share open source components at every level of the AI stack on GitHub, amounting to some 1.6 million repositories. These projects range from foundational frameworks like PyTorch, to agent orchestration software LangChain, to models like Grok and responsible AI tooling like AI Verify. Our platform and open data efforts work to make this innovation more accessible and understandable to developers, researchers, and policymakers alike. We evaluate and periodically update our platform policies to encourage responsible development, and we recently joined the Munich Tech Accord to address AI risks in this year’s elections. We work to educate policymakers on the practices, risks, and benefits of open source AI, including in the United States to inform implementation of the Biden Administration’s Executive Order and in the EU to secure an improved AI Act.

Reports like Risk Mitigation Strategies for the Open Foundation Model Value Chain are important resources to inform policy and practice. Policymakers often have a better understanding of vertically integrated AI stacks and the governance affordances of API access than they do of open source and distributed AI collaborations. In addition to beginning to consolidate best practices, the report delineates the open value chain (as pictured below) to provide policymakers a clearer understanding of the distribution of roles and responsibilities in the creation of AI systems today. We look forward to continuing to support responsible open source development and informed AI policy.

The post Advancing responsible practices for open source AI appeared first on The GitHub Blog.

GitHub submitted a filing in response to the U.S. NTIA’s request for comment on the potential risks, benefits, and policy implications of widely available model weights–and of open source AI, which makes not only weights available to developers, but also code and other components under terms allowing developers to inspect, modify, (re)distribute, and use AI components for any purpose. Our submission can be found here, but there are a few important ideas we want to highlight.

Open source AI presents clear benefits

It is important to consider the myriad benefits of open source AI. Open source is a public good, designed for all to use: hobbyists, professional developers, companies, governments, and anyone looking to make an impact with code. The broadly available nature of open source has already generated tremendous value to society accelerating innovation, competition, and the wide use of software and AI across the global economy. Open source AI advances the responsible development of AI systems, use of AI in research across disciplines, developer education, and government capacity.

Evaluation and regulation should prioritize AI systems–not models

Evaluation and regulation are better focused on the full AI system and policies governing use, rather than subcomponents, including AI models. Policies that focus on restricting the model are likely to inhibit beneficial use more than prevent criminal abuse. It also risks missing the forest for the tree: orchestration and safety software included in AI systems can expand or constrain AI capabilities. Current evidence does not support government restrictions on sharing AI models. Policymakers should instead, irrespective of model type, prioritize AI regulation for high-risk AI systems and prepare plans to address abuse by bad actors. Security through obscurity is not a winning strategy.

The path to societal resilience is not open or closed

Governments have an important role to play in steering the technological frontier and building societal resilience that allows us to seize the benefits enabled by AI while reducing its risks. From accelerating needed AI measurement science and safety research, to supporting public education and protective measures, civic institutions are well-positioned to usher in a new era of AI governed by our values. The open availability, diversity, and diffusion of AI models can support this societal resilience and flourishing. With this in mind, GitHub looks forward to continuing policy collaboration to accelerate human progress.

The post Helping policymakers weigh the benefits of open source AI appeared first on The GitHub Blog.

The Act risks chilling open source AI development and thus could undermine its goals of promoting responsible innovation in line with European values. To help explain why and to offer solutions, we’ve published a policy paper: “Supporting Open Source and Open Science in the AI Act.” Together with a coalition of leading open culture and AI organizations—Creative Commons, EleutherAI, Hugging Face, LAION, and Open Future—we intend for the paper to serve as a resource for policymakers crafting AI regulation. In the EU and beyond, it is essential that policymakers support the blossoming open source AI ecosystem.

Too often, open source and open science for AI have been underappreciated or even misunderstood. Open source has been at the foundation of both AI development and policy. It provides a global public good that can be used, studied, modified, and distributed by all. Best practices pioneered by the open source community, including model documentation, have shaped both transparency requirements and voluntary commitments around the world. To safeguard responsible innovation, collaboration, and competition, AI policy must account for open source.

As the home for all developers, GitHub has represented the open source community in EU deliberations since the introduction of the AI Act in 2021. Our CEO Thomas Dohmke addressed policymakers in Brussels on the need to exempt developers from the AI Act. His speech built on our recommendations to Parliament for a tailored exemption that accounts for the nuances of open source and risks posed by some AI systems. As Parliament finished its deliberations on the Act this spring, we worked with a coalition of open culture and AI development organizations, including our policy paper co-authors, to send a letter to improve the Act. Recently, GitHub Chief Legal Officer Shelley McKinley outlined lessons for policymakers to protect open source as AI policy deliberations go global. We trust that this latest effort will similarly help to advance informed policymaking that works for open source.

Supporting Open Source and Open Science in the EU AI Act

The post How to get AI regulation right for open source appeared first on The GitHub Blog.

The WIPO GII compiles a basket of indicators to represent the innovation of economies around the world. The GII rankings help policymakers and businesses understand the relative strengths and weaknesses of innovation ecosystems in order to inform their decisions on policies and investments. The GII has run annually for 15 years, and this year it is expanding to include GitHub data for the first time.

The GitHub indicator represents developer creative outputs in an economy. It is defined as commit pushes received, scaled by working age population. Commit pushes received are assigned to the national economy where the recipient is located. This indicator thus recognizes economies where the code attracts global contributions, as opposed to economies where developers make contributions to external code bases. Scaling by working age population (15-69) enables comparisons across countries, and does not disadvantage economies with a vast youth population who are not yet old enough to become developers.

We’re committed to making developer innovation more visible and better understood. The WIPO Global Innovation Index is a great first step, but it is certainly not the last. We’ll continue to support researchers to expand work on the impact that developer communities have. We’re also interested in providing data to more indices that can inform policy. If you have feedback or ideas on how we can improve our indicators and identify new partners, please drop a comment in this issue. With your support, we can champion the innovation–too often overlooked–that developers contribute to everyday on GitHub.

The post Developers are now included in the WIPO Global Innovation Index appeared first on The GitHub Blog.

There’s been some recent research estimating that open source drove between €65 and 95 billion of European GDP in 2018 alone.^[1] Within months, this research already had an impact on policy. The European Commission cited the study in establishing new rules to streamline the process to open source its software.

We need more, and there are many open questions. Here, I outline three themes that we at GitHub Policy think should drive this conversation with policymakers—to help open source prosperity and sustainability. These themes are only a starting point: if you have thoughts, please get in touch.

What is open source’s macroeconomic impact?

Policymakers need society-wide analysis to inform society-wide decisions. Research on the open source ecosystem at national and larger scales finds increases in GDP,^{[1, 2]} labor productivity,^[1] and start-up formation.^[3] These types of studies help demonstrate to policymakers and others that contributions to open source bring real benefits to local economies.

Yet there are important questions that are still unanswered:

• Leading studies have focused on the EU; what do these impacts look like for the US, India, and the African continent, among other regions around the world? Are there distributional effects, for example, where some countries may benefit more than others?
• Many studies demonstrate promising correlations between open source and economic growth. Yet what if causality is reversed, and open source is a byproduct of growth? More research that exploits natural experiments,^[4] where developers were cut-off from open source communities or policies that then shifted open source activity, would help bolster the case that open source drives economic benefits.
• With the benefit of hindsight, were past studies’ predictions correct, overly optimistic, or perhaps they underestimated open source’s impact? Research offered projections that can be evaluated with the benefit of hindsight: a 10% increase in EU contributors would generate 0.4–0.6% greater GDP for the single market^[1]; estimated costs of creating and maintaining Debian 3.1 through 2010 would be €100 billion^[2]; a 1% increase in commits in a country is associated with 0.6–1.2% additional new startups.^[3]

What benefit comes from an individual open source project?

Large-scale impacts are ultimately driven by the aggregate effects of countless open source projects. We need a better picture of the value at this smaller scale too. Existing research tends to value open source software by estimating the costs associated with its creation,^[5] cost savings from substituting for paid software,^{[6, 7]} or using case studies to describe innovations enabled by certain projects.^[8] More directly linking to value, some studies look at revenues of firms that contribute to open source.^[2] But the picture remains incomplete.

There are several promising research directions to measure the value of modern open source development frameworks and to quantify our favorite xkcd:

• How should we measure the impact of individual software projects within dependencies? A dependency graph says much about the value of a particular software project embedded within it. This type of research is already being pursued in security and some preliminary economics work^{[5, 7]} but should be expanded.
• How do we account for the counterfactual impact of packages? Value may not be a function of the dependency graph alone. If a developer could easily write a function to replace a highly used package, for example is-odd, network analysis may overstate its importance.
• How can we link measures of economic value, including firm investment and maintainers’ income from open source funding efforts, to dependencies? Might hedonic pricing methods used elsewhere in economics help identify the particular value of individual projects and their qualities within the dependency graph?
• How should maintainers get paid? These research questions can inform needed improvements in open source sustainability by creating more precise measures of value that can be tied to maintainers’ work and inform compensation models. They can also support models to guide government investment in securing open source.

How should open innovation be measured?

Deepening our understanding of the value of contemporary open source development raises another related question: how do we understand its relationship with innovation? Surveys dating back more than a decade have found that companies consider open source to be a way to generate new ideas, more so than reviewing patents.^[2] Yet, patents continue to be widely used as a metric of innovation, while open source is neglected. Part of this is a function of difficulties in measurement. GitHub data may help. Innovation output measures could look at forks and stars on projects. We are working to improve our metrics to better support research here, and will have more to share soon.

Beyond updating our understanding of innovation outputs with open source, there are many more innovation questions:

• How does open source software contribute to innovation as an input, and can targeted research funding for open source increase this contribution? Further research should build on initial measurement efforts^[7] to understand how and to what extent open source software accelerates scientific research.
• As open source business models have evolved over time, how have firm contributions to open source changed? Amid these business innovations, particularly the rise of cloud-based software as a service, what is the relative contribution to open source from these big cloud companies?
• How do we value the contributions of innovations in developer tools to open source, including maintainers’ productivity and workload? These tools include GitHub Actions and GitHub Copilot, but also extend well beyond our platform.
• What is the economic impact—at both an organizational and economy-wide level—of new institutional approaches to open source, including the Open Source Program Office, pioneered in industry that is now percolating into the public and social sectors?

How can you help?

What is not measured, all too often, is invisible. The GitHub Policy Team intends to improve our collective understanding of open source economics to better optimize policy. Economics is far from the only lens to view the impact of open source. For example, open source has important affordances for transparency, trust, and inclusive design. That said, economics is particularly important to policymakers, and improving policy is our primary goal.

These questions are invitations. Please get in touch with comments, sources, and further questions that you’d like to see answered. Researchers, get in touch if you’re interested in making proposals. Ultimately, we hope to support research to help policymakers understand the value of open. Watch this space.

Follow GitHub Policy on Twitter for updates about the laws and regulations that impact developers.

[1] Blind, et al. (2021). The impact of open source software and hardware on technological independence, competitiveness and innovation in the EU economy. European Commission.

[2] Ghosh, et al. (2006). Study on the economic impact of open source software on innovation and the competitiveness of the Information and Communication Technologies (ICT) sector in the EU. UNU-MERIT.

[3] Wright, Nagle & Greenstein. (2021). Open source software and global entrepreneurship: A virtuous cycle. Harvard Business School Working Paper, 20-139.

[4] Nagle. (2019). Government technology policy, social value, and national competitiveness. Harvard Business School Working Paper, 19-103.

[5] Robbins, et al. (2018). Open source software as intangible capital: Measuring the cost and impact of free digital tools. 6th International Monetary Fund Statistical Forum.

[6] Greenstein & Nagle. (2014). Digital dark matter and the economic contribution of Apache. Research Policy, 43(4), 623-631.

[7] Keller, et al. (2018). Opportunities to observe and measure intangible inputs to innovation: Definitions, operationalization, and examples. Proceedings of the National Academy of Sciences, 115(50), 12638-12645.

[8] Christensen, Ghose & Mathur. (2020). Economic impact of open source software on competition, innovation, and development in India. National Conference on Economics of Competition Law 2020, Competition Commission of India.

The post Open source creates value, but how do you measure it? appeared first on The GitHub Blog.

Leveraging open source for digital sovereignty

As policymakers around the world consider how to enact effective tech regulation and promote local digital opportunity, the contribution of open source software (OSS) is often overlooked. Together with OpenForum Europe (OFE), GitHub hosted a panel discussion on open source collaboration for digital sovereignty to identify the ways the global open source community supports government goals.

• Paula Grzegorzewska, Strategic Partnerships Director at OFE, began the panel with a brief presentation of results from the recent European Commission-sponsored study that found OSS contributes between €65-95 billion to the European Union’s gross domestic product.
• Mike Linksvayer, Head of Developer Policy at GitHub, observed that while OSS can be embraced by governments as a strategic effort to achieve digital sovereignty with a host of benefits to local communities, tech adversarialism could cut off open source collaboration communities and lead to underinvestment in OSS as a global commons.
• Laurence Moroney, Lead Artificial Intelligence Advocate at Google, presented on efforts to widen access and opportunity from AI to boost local economies, via OSS, particularly open access education materials and certifications and TensorFlow 2.0 that was oriented towards software developers.
• Nataliya Langburd Wright, Ph.D. Researcher at Harvard Business School, explained how OSS can support national entrepreneurship ecosystems. She presented a cross-country study that found increases in national commits and contributors on GitHub boost a variety of entrepreneurship measures, including the number of new startups.
• Abhishek Singh, Head of the Government of India’s eGovernance Division, shared his nation’s experience embracing OSS and its distinct benefits, which include driving a culture of innovation, crowdsourcing improvements to government systems, enabling the government to better meet the needs of its citizens, and empowering governments to expand sovereignty by sharing successful approaches globally. Singh noted that a key challenge for open source collaboration is addressing misconceptions in order to build trust.
• On the subject of trust, Jeremy (Zhihui) Liang, Deputy Secretary of the China OSS Promotion Union, shared the evolution of the open source ecosystem in China and argued that OSS can improve trust among digital sovereignty partners and build skills and companies that support national digital economies.

Inclusive governance and open source

Communities and organizations around the world are pioneering efforts on inclusion in OSS. GitHub and the World Health Organization (WHO) co-hosted a panel discussion featuring models of open source participation and how they might provide insight for more inclusive internet governance.

• Mala Kumar, GitHub’s Director of Tech for Social Good, began the session with a brief overview of GitHub’s research on OSS in the Social Sector, and spoke to the importance of inclusive design that considers the needs of the people using an open source tool when it is being developed.
• Samson Goddy, Co-Founder of Open Source Community Africa, discussed his experience founding and scaling his organization and its mission to localize OSS to the context of African communities. Supporting as many languages as possible—Africa has more than 2,000 distinct languages—is a significant challenge for their goal of diverse participation.
• Kriti Mittal, Entrepreneur in Residence at Omidyar India, described their Open Digital Ecosystems effort and how to design open government-citizen platforms. Mittal observed that these initiatives need to balance innovation while protecting citizens and embrace the power of communities for transparency, accountability, and localization of OSS.
• According to Dušan Milovanović, Chief Intelligence Architect for the WHO, the organization’s open source efforts were spurred by another crisis: the 2015 Ebola outbreak, which required better global health coordination. The WHO’s newly announced Hub for Pandemic and Epidemic Intelligence will seek to strengthen knowledge about pandemics with the same goal, detect and address outbreaks, using a new approach: collaborative intelligence.

Shaping content moderation with human rights frameworks

With more people and more of life’s activities moving online, platforms are increasingly in the position to make content governance decisions with real-life consequences. Together with Ranking Digital Rights and Article 19, GitHub co-hosted a panel discussion on the use of human rights frameworks to inform content moderation. The panel was moderated by Veszna Wessenauer, Research Manager at Ranking Digital Rights.

• Abby Vollmer, Director of Platform Policy at GitHub, explained GitHub’s developer-first approach to content moderation. The GitHub approach uses human rights as a baseline for developing rules and applies the least restrictive measures it can, which is in line with the principle of proportionality. She noted that context can be especially important for content moderation, including how visible content is given its placement on the platform.
• Berges Malu, Public Policy Director at Sharechat, described his platform’s approach to content takedowns and virality for its 300 million users. He noted that there are limits to free speech on private platforms and that platforms need to be transparent about their content moderation practices.
• Vladimir Cortés, Digital Rights Program Officer at Article 19, recognized that while platforms are private companies, they function as public squares and should consider that takedowns can infringe on human rights. Cortés referenced a recent UN Human Rights Committee interpretation of the right to peaceful assembly, which defined the scope of assembly as both physical meetings and virtual or online gatherings, as evidence that companies face obligations under human rights law.
• Brenda Dvoskin, PhD Researcher at Harvard Law School, presented a critical take on the topic, arguing that human rights frameworks have been used as stand-ins for public interest, although such frameworks are not necessarily in line with the public interest.
• Allison Davenport, Senior Public Policy Counsel at Wikimedia, spoke to the challenge of applying content standards to user communities, like Wikipedia’s, where wikis are separated by languages, not national boundaries and oftentimes develop their own community standards. While human rights frameworks are not the final word in content governance, they can be a good foundation for international platforms.

GitHub hosts more than ​​73 million developers collaborating on open source projects across the world, and we see the interconnected global open source community as an important resource to address our greatest challenges. With developers at the center of our approach to policy, we are committed to representing the interests of developers and the open source community at international fora, like IGF, and contributing to a more collaborative, open internet.

The post GitHub at the UN Internet Governance Forum appeared first on The GitHub Blog.

Open source provides governments concerned with digital sovereignty and self-reliance with tools and developer best practices to ensure local benefits from global software collaboration. With open source, collaboration can provide solutions based on the merits of commits, not politics or proprietary interests. Open source is inclusive: if policymakers are concerned about the national origins of a project, nothing is standing in the way of them or their allies joining as well. And when it comes to security and interoperability, open source is one of the best methods we have: the broader community of security analysts can inspect source code to identify and address vulnerabilities, and a wider universe of developers can leverage open standards into the open source solutions.

It is no surprise that amid controversies over the security, development, and deployment of 5G, some have turned to open source development for portions of the 5G stack. Some promising efforts include the Open Network Automation Platform working with DARPA and the OpenAirInterface* working with the NSF, among others. Still others, including the Open RAN Coalition, are emphasizing open standards and using open source practices for some development.

In our filing to the NTIA, we described how best practices in open source and software development more broadly could support NTIA’s goals of a possible innovation challenge: to reduce barriers to entry for diverse actors to collaborate on an open 5G stack. We also emphasized the importance of inventorying dependencies, and the NTIA’s software bill of materials in particular, for building trust and driving adoption of an open 5G stack. We defined open source, referencing the Open Source Initiative’s definition, as policymakers have sometimes misdefined or confused the term open source with other uses of “open” meaning simply interoperable or available to all. We also offered metrics and criteria for the NTIA to consider in assessing 5G stack solutions against open source best practices.

Time and again, the developer community has created open source solutions to address pressing needs. Many of these solutions, including for government challenges and in the 5G stack, have been developed on GitHub. We stand committed to helping policymakers around the world understand how collaborative development and open source can address legitimate concerns around participation, security, sovereignty, and interoperability—in 5G and beyond. You can read our entire submission here.

* Note that the OAI Public License used for some repositories does not meet the Open Source Initiative definition of open source.

The post Open source in the 5G stack appeared first on The GitHub Blog.

It’s been very exciting  to receive constructive input from so many developers during the recent comment period. Whether you offered recommendations for changes, asked clarifying questions, or simply expressed gratitude, thank you for your contributions! As a way to say thanks, and in the spirit of transparency, we detail a few of your suggestions below. Feel free to check out all the comments we received on our now-merged pull requests.

Your feedback guides changes

We received suggestions for changes to better help users follow future changes in our terms and present new policy documents. Based on these suggestions, we made further commits to more transparently show the content and name changes in one document, and edited our privacy statement to encourage readers to watch the repository to receive updates for future proposed changes. 

We also received questions seeking clarification around some changes, including the use and extent of automated scanning for content uploaded to GitHub, what types of tracking technologies we use, and the implications of our terms for satirical art. We have sought to answer these questions directly. Where the questions surfaced ambiguity in our policies, we made clarifying edits to our privacy statement and community guidelines.

Additionally, we received some comments that were thank you’s for our changes that reflected wins for developers. These included prohibitions to use information from GitHub to spam our users, and improvements to ditch the legalese and simplify language for the vast majority of us reading without a legal background. 

Why we open source our policies

Feedback from our users is precisely why we choose to transparently update our site policies and invite comments. As we’ve seen, this open source approach to policy development makes for better policies. It also makes for better engagement with our users, offering an opportunity to help users understand changes before they go into effect.

All of the documents in our site-policy repository are under a CC0 license. We do this to make it easy for users to collaborate, engage with, and fork (reuse and adapt) our site policies. In this way, we hope to offer our policies as a resource to the developer community, much like we have done with GitHub’s own balanced employee IP agreement. Our efforts to open source non-technical repositories also serve to familiarize policymakers and the public with open source, open source projects, and the power of the open source process more broadly.

How you can get involved

Periodically, we will open pull requests to seek your input ahead of making changes. We encourage you to watch the repository so you can offer input when we post updates. In most cases, we’ll open a pull request 24 hours before changes go into effect. For material changes to our Privacy Statement, Terms of Service, Acceptable Use Policies, Corporate Terms of Service, and Enterprise Subscription Agreement, we’ll post the updates 30 days before they go into effect to give you a chance to comment.

Thank you for your input to our latest changes, and for your continued engagement in future updates. In the meantime, we always welcome input to improve our policies in the site-policy repository. If you’ve found our open-sourced policies useful in other ways, we’d love to hear from you as well!

The post Updates to our Terms of Service and Privacy Statement now merged appeared first on The GitHub Blog.