In 2021, when Google and Amazon negotiated a $1.2 billion cloud-computing deal with the Israeli government, the customer made an unusual request: they had to agree to use a secret code as part of an arrangement later called the “winking mechanism.”
This demand stemmed from Israel’s fear that data stored on the global tech giants’ cloud platforms could be accessed by foreign law enforcement. To prevent this, Israel wanted Google and Amazon to bypass legal obligations in other countries.
Like other major tech firms, Google and Amazon’s cloud services regularly comply with requests from police, prosecutors, and security agencies to hand over customer data for investigations. This process is often secretive, and the companies are usually barred from informing customers when their data has been shared, either due to legal powers or court orders.
Concerned about losing control of its data to overseas authorities, Israel devised a secret warning system. The companies would embed signals in payments to the Israeli government, alerting them whenever Israeli data was disclosed to foreign courts or investigators.
According to leaked documents reviewed by the Guardian, as part of a joint investigation with +972 Magazine and Local Call, Google and Amazon agreed to this “winking mechanism” to secure the lucrative contract. The investigation, based on these documents and descriptions from Israeli officials, shows how the companies accepted a series of strict and unconventional “controls” under the 2021 agreement, known as Project Nimbus. Both Google and Amazon have denied avoiding any legal duties.
These controls include provisions that prevent the U.S. companies from restricting how various Israeli government agencies, security services, and military units use their cloud services. Under the deal’s terms, the companies cannot suspend or withdraw Israel’s access to their technology, even if Israel violates their terms of service.
Israeli officials included these measures to address anticipated threats. They worried that Google or Amazon might yield to pressure from employees or shareholders and cut off Israel’s access if their technology was linked to human rights abuses in the occupied Palestinian territories. They also feared the companies could face legal challenges abroad, especially regarding the use of their technology in the military occupation of the West Bank and Gaza.
The Nimbus deal appears to forbid Google and Amazon from taking the kind of unilateral action Microsoft took recently when it disabled the Israeli military’s access to technology used for indiscriminate surveillance of Palestinian phone calls. Microsoft, which provides cloud services to Israel’s military and public sector, had bid for the Nimbus contract but lost to its competitors after refusing some of Israel’s demands.
In recent years, Google and Amazon’s cloud businesses, like Microsoft’s, have faced scrutiny over their technology’s role—and the Nimbus contract specifically—in Israel’s two-year war on Gaza. During this offensive, which a UN commission of inquiry concluded involved acts of genocide, the Israeli military has heavily relied on cloud providers to store and analyze vast amounts of data and intelligence.One dataset involved a large collection of intercepted Palestinian calls, which had been stored on Microsoft’s cloud platform until August. Intelligence sources indicated that the Israeli military intended to transfer this data to Amazon Web Services (AWS) data centers.
When asked by the Guardian if it was aware of Israel’s plan to move the mass surveillance data to its cloud, Amazon did not respond. A company spokesperson stated that Amazon respects “the privacy of our customers and we do not discuss our relationship without their consent, or have visibility into their workloads” stored in the cloud.
Both Amazon and Google denied bypassing legally binding orders when questioned about the winking mechanism. A Google spokesperson said, “The idea that we would evade our legal obligations to the US government as a US company, or in any other country, is categorically wrong.”
If you have information related to this story, you can contact Harry Davies and Yuval Abraham through the following secure methods:
– Use the Guardian app’s Secure Messaging feature, which is end-to-end encrypted and hidden within normal app activity. Download the app, go to the menu, select ‘Secure Messaging,’ and choose the ‘UK Investigations’ team.
– Message Harry via Signal Messenger using the username hfd.90.
– For less sensitive communication, email harry.davies@theguardian.com.
– If you can safely use the Tor network, access the Guardian’s SecureDrop platform.
– Visit theguardian.com/tips for more secure contact options and guidance.
The Google spokesperson also referred to previous statements that Israel had agreed to follow Google’s policies, adding, “We’ve been very clear about the Nimbus contract, its purpose, and the terms of service and acceptable use policy that govern it. Nothing has changed. This appears to be yet another attempt to falsely imply otherwise.”
However, Israeli government documents revealed that officials believed they had secured significant concessions from Google and Amazon after the companies agreed to adjust internal processes and prioritize Israel’s demands over their standard contractual terms. A government memo circulated months after the deal was signed noted, “[The companies] understand the sensitivities of the Israeli government and are willing to accept our requirements.”
The Nimbus contract, named after towering cloud formations, is a key Israeli government project to store public sector and military data in commercial data centers. It initially spans seven years and may be extended. Despite the data being housed in Google and Amazon’s new data centers in Israel, officials were concerned that evolving US and European laws could allow law enforcement to access the data more easily through direct requests or subpoenas.
To address this risk, Israeli officials included specific controls in the Nimbus agreement.Under the Nimbus agreement, companies are required to send a coded message—referred to as a “wink”—to the Israeli government. This message would reveal the identity of the country that compelled them to hand over Israeli data, even if they are legally barred from disclosing it. Leaked documents from Israel’s finance ministry, which contain the finalized version of the agreement, indicate that this secret code would take the form of payments labeled as “special compensation” made by the companies to the Israeli government.
According to the documents, these payments must be made within 24 hours of transferring the information and must correspond to the telephone dialing code of the foreign country involved. The amounts range from 1,000 to 9,999 shekels. For example:
– If Google or Amazon provides information to U.S. authorities (dialing code +1) and cannot disclose their cooperation, they must pay 1,000 shekels to the Israeli government.
– If they receive a request for Israeli data from Italy (dialing code +39), they must pay 3,900 shekels.
If the companies are prevented by a gag order from even hinting at which country received the data, they must pay a default amount of 100,000 shekels (approximately $30,000) to the Israeli government.
Legal experts, including former U.S. prosecutors, have called this arrangement highly unusual and risky for the companies. They noted that such coded messages could violate U.S. laws requiring companies to keep subpoenas confidential. A former U.S. government lawyer remarked, “It seems awfully cute, and if the U.S. government or a court were to understand it, I don’t think they would be particularly sympathetic.”
Several experts described the mechanism as a “clever” workaround that might comply with the letter of the law but not its spirit. A former senior U.S. security official said, “It’s kind of brilliant, but it’s risky.”
Israeli officials appear to have acknowledged these concerns, noting in documents that their demands regarding how Google and Amazon respond to U.S. orders “might collide” with U.S. law. The companies would then face a choice between “violating the contract or violating their legal obligations.”
Neither Google nor Amazon responded to the Guardian’s questions about whether they had used this secret code since the Nimbus contract took effect. An Amazon spokesperson stated, “We have a rigorous global process for responding to lawful and binding orders for requests related to customer data. We do not have any processes in place to circumvent our confidentiality obligations on lawfully binding orders.” Google declined to comment on which of Israel’s demands it had accepted but called it “false” to “imply that we somehow were involved in illegal activity, which is absurd.” A spokesperson for Israel’s finance ministry denied the article’s “insinuation that Israel compels companies to breach the law,” calling it baseless.
Israeli officials also expressed concerns that activists and rights groups might pressure Google and Amazon or seek court orders in European countries to restrict or terminate their business with Israel if their technology were linked to human rights violations. To mitigate these risks, Israel included provisions in the Nimbus agreement that prohibit the companies from revoking or limiting Israel’s access to their cloud platforms, even if company policies change.Companies may restrict their services if they believe Israel’s use of their technology breaches their terms of service or goes against their policies. However, according to a finance ministry analysis, as long as Israel does not violate copyright or resell the technology, the government is allowed to use any service permitted under Israeli law.
Both Google and Amazon’s standard acceptable use policies prohibit their cloud platforms from being used to infringe on others’ legal rights or to engage in activities that cause serious harm to individuals. Yet, an Israeli official involved in the Nimbus project stated that there are no restrictions on the type of data, including military and intelligence information, that can be stored on these platforms. The terms of the deal, as seen by the Guardian, grant Israel the right to migrate or generate any content it wishes in the cloud.
Israel included these provisions to prevent the companies from discontinuing services if they deemed a customer harmful to their interests. Last year, The Intercept reported that the Nimbus project operated under modified confidential policies, and a leaked internal document indicated that Google understood it could not limit Israel’s use of its services.
In contrast, Microsoft recently suspended Israel’s access to some cloud and AI services after confirming reports that the military had stored a large collection of intercepted Palestinian calls on its Azure platform. Microsoft informed the Israeli military that this use violated its terms of service and stated it does not support mass surveillance of civilians.
Under the Nimbus agreement, Google and Amazon are barred from taking similar actions, as it would be considered discriminatory against the Israeli government. Violating this could result in financial penalties and legal action for breach of contract.
An Israeli finance ministry spokesperson emphasized that Google and Amazon are bound by strict contractual obligations that protect Israel’s key interests. They declined to disclose the confidential terms of the agreement, stating they would not validate the article’s claims by revealing private commercial details.
Frequently Asked Questions
Of course Here is a list of FAQs about the reported request from Israel for Google and Amazon to use a covert signal framed in a natural conversational tone with clear direct answers
BeginnerLevel Questions
1 What is this story about in simple terms
Its a report that the Israeli government allegedly asked tech giants like Google and Amazon to use a secret hidden signal in their systems This signal would have identified and prioritized certain users or data potentially allowing them to bypass standard legal rules or service restrictions
2 What is a covert signal
A covert signal is a hidden piece of code a digital flag or a secret handshake within a software system Its not visible to the average user and is designed to trigger a special private action like granting access that would normally be blocked
3 Why would Israel make such a request
Reports suggest it was related to national security and law enforcement The goal was likely to ensure that specific authorized Israeli personnel could continue to use these cloud services without interruption even if a legal order would normally restrict access for that region
4 Did Google and Amazon actually do this
According to the reports that sparked these questions the companies did not agree to implement this covert signal system They reportedly declined the request
Intermediate Advanced Questions
5 What legal directives were they trying to bypass
While not always specified such requests typically aim to bypass potential legal directives like sanctions data localization laws or governmentimposed internet shutdowns The covert signal would create a secret exception to these rules for a select group
6 How would a covert signal technically work
Technically it could work in a few ways For example a users login credentials or the IP address of their device could be tagged with a hidden marker When the system detects this marker it would route their traffic through a special unrestricted pathway ignoring the standard filters that apply to everyone else
7 What are the biggest ethical concerns here
Undermining the Rule of Law It creates a secret backdoor that bypasses laws and regulations that apply to everyone else
Corporate Complicity It forces private companies to choose between aiding a government and maintaining their own principles of neutrality and fair access
