Popular code repository GitHub has just published its transparency report for 2015. While receiving a relatively modest 12 subpoenas for user data last year, the site also handed seven gag orders. It also received large numbers of DMCA notices which took down more than 8,200 projects.

Without a doubt, Github is a huge player in the world of coding. The platform is the largest of its type in the world with the company currently reporting 15 million users collaborating across 38 million repositories.

As the development platform used by file-sharing projects including the infamous Popcorn Time, Github appears a few times a year here on TF. Those appearances are often due to various types of copyright disputes, from allegedly infringing projects to allegedly stolen code.

When it comes to Github copyright complaints, those reported here are the tip of a vast iceberg but thanks to the transparency report just published by the company, we now have a much clearer idea of the numbers involved.

“In 2015, we received significantly more takedown notices, and took down significantly more content, than we did in 2014,” Github reports.

Last year the company received just 258 DMCA notices, with 17 of those responded to with a counter-notice or retraction. In 2015, that number jumped to 505 takedown notices, with just 62 the subject of counters or withdrawals.

But while tracking and reporting the numbers of DMCA notices is useful, the numbers shown above obscure a more serious situation. Copyright holders are not limited to reporting one URL or location per DMCA notice. In fact, each notice filed can target tens, hundreds, or even thousands of allegedly infringing locations.

“Often, a single takedown notice can encompass more than one project. We wanted to look at the total number of projects, such as repositories, Gists, and Pages sites, that we had taken down due to DMCA takedown requests in 2015,” Github writes.

When processed, a much bigger picture was revealed.

By any measure, September 2015 was a particularly active month and this naturally raised alarm bells at Github. Upon investigation, it became clear that the company had received DMCA notices that targeted many repositories all at once.

“Usually, the DMCA reports we receive are from people or organizations reporting a single potentially infringing repository. However, every now and then we receive a single notice asking us to take down many repositories,” Github explains.

“We classified ‘Mass Removals’ as any takedown notice asking us to remove content from more than one hundred repositories, counting each fork separately, in a single takedown notice.”

When these type of notices are withdrawn from the report, Github says that DMCA notice frequency normalizes across the year, but nevertheless they still represent a significant proportion of the notices received. (A ‘Frequent Noticer’ is someone who sends more than four notices in a year)

“While 83% of our 505 DMCA takedown notices came in from individuals and organizations sending requests to take down small numbers of repositories, the remaining 17% of notices accounted for the overwhelming majority of the content we actually removed,” Github says.

“In all, fewer than twenty individual notice senders requested removal of over 90% of the content GitHub took down in 2015.”

Finally, Github provides detail on important issues surrounding user privacy, which mainly affects those who maintain projects that are likely to attract legal attention.

In 2014, Github received a total of 10 subpoenas relating to projects it hosts. Last year that grew to 12 and in total the company handed over information in 83% of cases.

However, due to gagging orders, affected users were only given notice in just 30% of cases. Github received seven gag orders in 2015, up from four in 2014.

Finally, Github touches on the issue of National Security Orders.

“We are not allowed to say much about this last category of legal disclosure requests, including national security letters from law enforcement and orders from the Foreign Intelligence Surveillance Court,” the company writes.

“If one of these requests comes with a gag order — and they usually do — that not only prevents us from talking about the specifics of the request but even the existence of the request itself.”

To that end, Github ‘reveals’ that it received somewhere between zero and 249 National Security Orders in 2015. The full report is available here.