DUBAI: Tech giants Google and Amazon agreed to use a secret code to warn their client, the Israeli government, if their data was being handed over to foreign law enforcement, according to a joint investigation by The Guardian, Israeli-Palestinian publication +972 Magazine, and Hebrew-language outlet Local Call.
The agreement was part of a $1.2 billion cloud-computing deal inked in 2021, known as Project Nimbus. It stemmed from Israelâs concerns that the data it stores on these tech companiesâ cloud platforms could end up in the hands of foreign law enforcement authorities.
Tech companies must comply with requests from law enforcement and security agencies to hand over customer data for investigative purposes. Moreover, they are often prohibited from informing the customer that their data has been disclosed.
Therefore, Israeli officials developed the so-called âwinkingâ mechanism, under which Google and Amazon would send secret signals, hidden in payments, to the Israeli government, revealing the identity of the country to which they had been compelled to hand over Israeli data.
According to leaked documents from Israelâs Finance Ministry, which include a finalized version of the Nimbus agreement, payments must be made âwithin 24 hours of the information being transferredâ and correspond to the telephone dialing code of the foreign country, amounting to sums between 1,000 ($308) and 9,999 shekels.
For example, if either firm provided information to authorities in the US, where the dialing code is +1, they would have to send the Israeli government 1,000 shekels.
If they share Israeli data with authorities in Italy, where the dialing code is +39, they would have to send 3,900 shekels.
In cases where the companies concluded they were under a gag order preventing them from indicating which country had received the data, they must pay 100,000 shekels to the Israeli government.
The agreement also includes measures that prohibit the US companies from restricting how the Israeli government and its branches, including the military and security services, use their cloud services.
Both companiesâ standard âacceptable useâ policies state that their cloud platforms should not be used to violate the legal rights of others, nor to engage in or encourage activities that cause âserious harmâ to people.
However, according to an Israeli official familiar with the Nimbus project, there can be âno restrictionsâ on the kind of information stored in Google and Amazonâs cloud platforms.
The leaked documents state that Israel is âentitled to migrate to the cloud or generate in the cloud any content data they wish.â
Legal experts said the agreement is extremely unusual and risky, as the coded messages could violate legal obligations in the US, where Google and Amazon are headquartered.
âIt seems awfully cute and something that if the US government or, more to the point, a court were to understand, I donât think they would be particularly sympathetic,â a former US government lawyer told The Guardian.
Both Google and Amazonâs cloud businesses have denied evading any legal obligations. Neither responded to The Guardianâs questions about whether they had used the âwink.â
An Amazon spokesperson said that the company has a ârigorous global process for responding to lawful and binding orders for requests related to customer data,â adding that there are no âprocesses in place to circumvent our confidentiality obligations on lawfully binding orders.â
Google declined to comment on which of Israelâs demands it had accepted in the Nimbus deal, but said it was âfalseâ to âimply that we somehow were involved in illegal activity, which is absurd.â
A spokesperson for Israelâs Finance Ministry said: âThe articleâs insinuation that Israel compels companies to breach the law is baseless.â
Google and Amazon are âbound by stringent contractual obligations that safeguard Israelâs vital interests,â and âwe will not legitimize the articleâs claims by disclosing private commercial terms,â the spokesperson added.
