GitHub has launched a commercial version of its Copilot assisted programming service that provides administrators with a way to prevent suggestions using public source code.
For $19 per user per month, companies can deploy Copilot for Business with the confidence that they can prevent the underlying machine learning model from offering auto-completions based on code available online.
“You can easily set policy controls to enforce user settings for public code matching on behalf of your organization,” says Shuyin Zhao, Senior Director of Product Management, in a blog post.
According to Microsoft-owned GitHub, about 1% of suggestions potentially contain code snippets longer than 150 characters for training set code, which was extracted from public source code online under various software licenses.
This feature, a public code filter, is already available to individual users, who pay $10 per month for Copilot’s AI help. But for enterprise accounts, control of this filter is up to the IT admin.
Copilot for Businesses is available to customers with GitHub Enterprise Cloud licenses, but it’s not the same offering. It provides centralized management of Copilot user licenses – desirable for managing usage and payment within a large team of developers.
Copilot for Business pledges that GitHub “does not curate code snippets, store or share your code, whether the data comes from public repositories, private repositories, non-GitHub repositories, or local files.”
So, in theory, business customers can rest assured that their super-secret money-minting algorithm won’t be sent to GitHub for product improvement.
Copilot for Business, however, transmits “engagement data”, events related to editing actions (e.g. contests accepted or rejected), errors, and data such as latency and feature usage , including potentially personal data such as pseudonymous identifiers.
It’s unclear whether Copilot for Business’ promise to disregard code suggestions it generates will negate data that could be used to improve future output. But it may alleviate fears that code spewed out by Copilot could lead to copyright infringement or software license claims.
Court case
Microsoft, GitHub and OpenAI – makers of the Codex model on which Copilot is based – have already been sued on this basis.
In November, attorney and developer Matthew Butterick announced a lawsuit against Copilot, described as “an AI product that relies on unprecedented open-source software piracy.” The lawsuit alleges that by training Copilot on public GitHub repositories, the defendants violated the legal rights of numerous developers based on the terms of various open source software licenses.
But GitHub, aware that its enterprise customers might be deterred by uncertain legal risk, has a standing offer to defend enterprise customers against infringement claims based on Copilot’s release in its GitHub Copilot product-specific terms.
GitHub will defend you against any claim by an unaffiliated third party that your use of GitHub Copilot has misappropriated a trade secret
“GitHub will defend you against any claim by an unaffiliated third party that your use of GitHub Copilot has misappropriated a trade secret or directly infringes any patent, copyright, trademark, or other intellectual property right of a third party , up to $500,000.00 USD or the total amount paid to GitHub for use of GitHub Copilot in the 12 months prior to the claim,” the Enterprise Customer Agreement states.
There are a few caveats. GitHub won’t up the ante if: the allegedly infringing code differs from what Copilot suggested; “you fail to follow reasonable software development review practices designed to prevent the intentional or inadvertent use of the Code in a manner that may infringe the intellectual property or other rights of a third party”; or if you haven’t enabled GitHub’s code filtering features.
Individual Copilot users and Copilot for Business customers who are not under a corporate account will have to deal with any legal action on their own – if that happens. Whatever the case, GitHub makes it clear that Copilot users are responsible for verifying the safety and legality of any suggested code.
Asked if Copilot for Business addresses concerns raised in the lawsuit, a GitHub spokesperson said The register in an email, “We have been committed to innovating responsibly with Copilot from the start, and we will continue to evolve the product to better serve developers around the world.”
Matthew Butterick, the plaintiff in the case against Microsoft, GitHub and OpenAI, said The register in an email that Microsoft has not yet responded to the lawsuit and that it does not consider organizational policy controls relevant to its claim. ®
#GitHub #introduces #Copilot #Business #admin #controls