I would guess that github doesn't consider themselves legal experts and does not want to get involved... if they comply with the takedown they get immunity from liability here. The DMCA allows the allegedly infringing party to file counter-notice if they feel they are not infringing and the takedown notice was in error, I would bet github is leaving it to those users to defend themselves.

I am not a lawyer, but I would encourage the people targeted by these notices to find a lawyer and fight back.

Hell, that might just be what github is trying to encourage by open sourcing these notices, to get the community involved and defending against baseless DMCA takedowns.

The thing is, it's not at all clear that GitHub is protected by the DMCA safe harbor provisions here. This isn't a case of an infringing work - it's a DRM circumvention tool, and Sony hasn't asserted any copyright that has been infringed.

Procedurally, it looks like a standard infringement takedown case, but as far as I can tell, it isn't covered by that law. Sony's notice probably has no more legal force than any ordinary C&D letter, and GitHub's cooperation probably doesn't get them any guarantee of immunity. Sony's C&D is simply formatted to look like a real DMCA takedown, probably to scare GitHub in to automatically complying without even asking their lawyers.

For all we know, by complying GitHub may have reduced their ability to defend themselves on the basis of the reverse-engineering exception to the circumvention prevention, without gaining any significant legal security.