Israel demanded Google and Amazon use secret 'wink' to sidestep legal orders
192 comments
·October 29, 2025Ozzie_osman
choeger
U.S. law. It's pretty obvious that neither Amazon nor Google are good options for serious actors that are not the U.S. government. So if they want to make business outside the U.S., they need to dance around the fact that in the end they bow to the will of Washington.
neuroelectron
It would be suicide to sign the contract. It basically allows them to hack their platforms without any repercussions or ability to stop it. They would quickly claim expanded access is part of the contract.
ktallett
This endless bowing down to Israel is and always will be ridiculous. When a country can do whatever they like unchallenged, no matter how wrong, or how illegal, we have failed as a society.
ugh123
That now makes two of U.S.
churchill
The ongoing Gaza genocide has done more to expose just how much influence Israel & Zionists have on the West.
If you'd said that the Jews controlled Western media to any significant degree, you'd have been called an antisemite.
Now, where do I even start: 1. Forcing the confiscation of TikTok at giveaway prices. The TikTok sale had faltered after Bytedance put on their lobbying hats, but the Zionist lobby overpowered them. Imagine being willing to attract China's wrath, just so you can censor the internet and not let people see dead Palestinian kids?
2. Openly paying Western influencers for pro-Israel propaganda.
3. Propagandists like Ellison & Bari Weiss capturing media companies and openly planning to, "inculcate a love & respect of Israel in Americans."
4. Telling MAGA that if they don't support Israel that they're not MAGA (LMAO).
5. Exposing Western hypocrisy in failing to enforce an ICC arrest order against Netanyahu.
6. A livestreamed genocide.
7. Systematic acts of rape and torture against the Palestinians.
8. Silencing anyone who dares criticize Israel.
You even have Jews like Jordana Cutler, Meta's Director of Public Policy for Israel and the Jewish Diaspora bragging about censoring anyone who implies Zionists control the media. Like, you're silencing the 'antisemites' by proving them right, haha?
If anyone had even as much as alluded to Israel having outsized, perverse influence across the West, you'd have been shut down. Now, they're doing the hard work, gloating, scrambling, and showing their cards. Very good.
rwmj
The method is buried about 60% through the article, but it's interesting. It seems incredibly risky for the cloud companies to do this. Was it agreed by some salespeople without the knowledge of legal / management?
Leaked documents from Israel’s finance ministry, which include a finalised version of the Nimbus agreement, suggest the secret code would take the form of payments – referred to as “special compensation” – made by the companies to the Israeli government.
According to the documents, the payments must be made “within 24 hours of the information being transferred” and correspond to the telephone dialing code of the foreign country, amounting to sums between 1,000 and 9,999 shekels.
If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels.
If, for example, the companies receive a request for Israeli data from authorities in Italy, where the dialing code is +39, they must send 3,900 shekels.
If the companies conclude the terms of a gag order prevent them from even signaling which country has received the data, there is a backstop: the companies must pay 100,000 shekels ($30,000) to the Israeli government.
8note
> If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels.
its a buggy method, considering canada also uses +1, and a bunch of countries look like they use +1 but dont, like barbados +1(246) using what looks like an area code as part of the country code.
toast0
> its a buggy method, considering canada also uses +1, and a bunch of countries look like they use +1 but dont, like barbados +1(246) using what looks like an area code as part of the country code.
You are correct that ITU code is not specific enough to identify a country, but I'm sorry, +1 is the ITU country code for the North American Numbering Plan Area. 246 is the NANPA area code for Barbados (which only has one area code) but as a NANPA member, Barbados' country code is +1, same as the rest of the members. There is no '+1246' country code.
There's not a lot of countries that are in a shared numbering plan other than NANPA, but for example, Khazakstan and Russia share +7 (Of course, the USSR needed a single digit country code, or there would have been a country code gap), and many of the former Netherland Antilles share +599, although Aruba has +297, and Sint Maarten is in +1 (with NANPA Area code 721)
nitwit005
It does seem a bit baffling. This method just adds a second potential crime, in the form of fraudulent payments.
falcor84
Why would it be fraudulent in this case? I assume that these would be paid as refunds accounted for as a discount to a particular customer - aren't these generally discretionary? Also, I would assume that it would be the Israeli government getting services from the Israeli subsidiary of that company, so it's not clear whether even if it were a crime, which jurisdiction would have an issue with it.
You could argue that it's against something like the OECD Anti‑Bribery Convention, but that would be a much more difficult case, given that this isn't a particular foreign official, but essentially a central body of the foreign government.
Just to clarify, not saying that it's ok, but just that accusing it of being a "crime" might be a category error.
sebzim4500
In what sense would the payments be fraudulent? It would be real money paid out of Amazon's accounts as part of a contract they willingly signed with Israel.
master_crab
It is two crimes:
1. Alerting a country to secret actions taken by a third party government (my nation of citizenship, the US, definitely has rules against that)
2. Passing money to commit a crime. See money laundering.
Honestly, the second crime seems aggravated and stupid. Just pass random digits in an API call if you want to tell Israel you did something.
null
levi-turner
> Was it agreed by some salespeople without the knowledge of legal / management?
Never worked for either company, but there's a zero percent chance. Legal agrees to bespoke terms and conditions on contracts (or negotiates them) for contracts. How flexible they are to agreeing to exotic terms depends on the dollar value of the contract, but there is no chance that these terms (a) weren't outlined in the contract and (b) weren't heavily scrutinized by legal (and ops, doing paybacks in such a manner likely require work-arounds for their ops and finance teams).
rwmj
That's my experience too, but it seems impossible that a competent legal team would have agreed to this.
gadders
Legal can advise, but it's ultimately up to the business to risk-accept. If they think the risk vs reward analysis makes it worthwhile, they can overrule legal and proceed.
belter
(b) weren't heavily scrutinized by legal ...
You mean like in financing a ball room?
Havoc
Very much doubt something this hot in an agreement with a foreign government as counterparty gets signed off by some random salesman
JumpCrisscross
> If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels
This is criminal conspiracy. It's fucking insane that they not only did this, but put the crime in writing.;
shevy-java
I don't quite understand this. How much money would Israel be able to milk from this? It can't be that much, can it?
sebzim4500
It's not about money, it's about sending information while arguably staying within the letter of US law
ceejayoz
Kinda similar to a https://en.wikipedia.org/wiki/Warrant_canary, with the same untested potential for "yeah that's not allowed and now you're in even more trouble".
IshKebab
> If the companies conclude the terms of a gag order prevent them from even signaling which country has received the data, there is a backstop: the companies must pay 100,000 shekels ($30,000) to the Israeli government.
Uhm doesn't that mean that Google and Amazon can easily comply with US law despite this agreement?
There must be more to it though, otherwise why use this super suss signaling method?
skeeter2020
How can they comply with a law that forbids disclosing information was shared, by doing just that? THe fact it's a simply kiddie code instead of explicit communication doesn't allow you to side step the law.
gruez
>Under the terms of the deal, the mechanism works like this:
> If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels.
This sounds like warrant canaries but worse. At least with warrant canaries you argue that you can't compel speech, but in this case it's pretty clear to any judge that such payments constitute disclosure or violation of gag order, because you're taking a specific action that results in the target knowing the request was made.
skeeter2020
The key with a canary is that the thing you're trying to signal ensures the positive or negative signal itself, like "I will check in every 24 hours as long as everything is good, because if I'm not good I won't be able to check in.". THis is just a very thin, very simple code translation. It's like saying "if you get a request for our info, blink 3 times!"
mikeyouse
This reads like something a non-lawyer who watched too many bad detective movies would dream up. Theres absolutely no way this would pass legal muster —- even warrant canaries are mostly untested, but this is clearly like 5x ‘worse’ for the reasons you point out.
randallsquared
From the article:
> Several experts described the mechanism as a “clever” workaround that could comply with the letter of the law but not its spirit.
It's not clear to me how it could comply with the letter of the law, but evidently at least some legal experts think it can? That uncertainty is probably how it made it past the legal teams in the first place.
AstralStorm
Warrant canary depends on agreed upon inaction, which shields it somewhat. You cannot exactly compel speech by a gag order.
This, being an active process, if found out, is violating a gag order by direct action.
tdeck
This only works for Israel because members of the Israeli government expect to be above the law. They need to offer only the flimsiest pretext to get away with anything. Look what happened with Tom Alexandrovich.
puttycat
Agree that there's something fishy/missing in this story. Never say never, but I find it extremely unlikely that Google/Amazon lawyers, based in the US, would agree to such a blatantly mafia-like scheme.
potatototoo99
First day on this planet?
deanCommie
Wouldn't the lawyers be based in Israel - under some Israel-based shell/subsidiary of Google/Amazon, that owns the data centers, and complies with local law?
worik
> I find it extremely unlikely that Google/Amazon lawyers, based in the US, would agree to such a blatantly mafia-like scheme.
I trust The Guardian. So I agree It was unlikely. I find it very sad
Very sad
t0lo
It's certainly very interesting and difficult to explain...
belter
> a blatantly mafia-like scheme.
Yeap...they would never do it ....
"Tech, crypto, tobacco, other companies fund Trump’s White House ballroom" - https://www.politico.com/news/2025/10/23/trump-ballroom-dono...
Zigurd
It's a "cute" mechanism. The lawyers and the companies they work for found this to be an acceptable thing to put in a contract, when doing so could be interpreted as conspiring to evade the law. Did they get any assurances that they wouldn't get in trouble for doing this?
hex4def6
Yeah.
I mean, why pay the money? Why not just skip the payment and email a contact "1,000"? Or perhaps "Interesting article about in the Times about the USA, wink wink"?
This method is deliberately communicating information in a way that (I assume) is prohibited. It doesn't seem like it would take a judge much time to come to the conclusion that the gag order prohibits communication.
Creating a secret code is still communication, whether that's converting letters A=1, B=2, sending a video of someone communicating it in sign language, a painting of the country, writing an ethereum contract, everyday sending a voicemail with a list of all the countries in the world from A to Z, but omitting the one(s) that have the gag / warrant...
skeeter2020
If you ever dealt with the laws around exporting technology to specific jurisidictions, this would be like saying "We can convert the algorithm code to Python and THEN export it to North Korea!"
AlanYx
Setting aside the legalities of the "wink" payments, I'm fascinated to know what is the purpose of the country-specific granularity? At most Israel would learn that some order was being sought in country X, but they wouldn't receive knowledge of the particular class of data being targeted.
I wonder if there's a national security aspect here, in that knowing the country would prompt some form of country-specific espionage (signals intelligence, local agents on the inside at these service providers, etc.) to discover what the targeted data might be.
null
advisedwang
I wonder if Google's plan here is to just not actually make the "special payments" if a gag order applies. Possibly they think that the contract doesn't actually require those payments (most contracts have a provision about not contradicting the law), or just ignore the contract provision when a gag order comes (how would Israel know, and what would they do about it anyway).
shrubble
Israel reportedly has unredacted data feeds from the USA(this was part of the Snowden leaks, Guardian link: https://www.theguardian.com/world/2013/sep/11/nsa-americans-...).
This means that they can read even the personal email of Supreme Court justices, congressmen and senators.
However they have a gentleman’s agreement to not do that.
“Wink”
CWuestefeld
However they have a gentleman’s agreement to not do that.
Trying to remember back to Snowden, I think I recall that not only DON'T they have such an agreement, but the intelligence folks consider this a feature. The US government is Constitutionally forbidden from reading "US persons" communications, but our Constitution has no such restriction on third parties. So if those third parties do the spying for us, and then tell our intelligence folks about it, everybody wins. Well, except for the people.
overfeed
> how would Israel know, and what would they do about it anyway
Spy on, insert or recruit an asset from the pool of employees who are involved in any "Should we tell Israel?" discussion. That way, even if an answer is "No, don't alert them", the mere existence of the mechanism provides an actionable intelligence signal.
ngruhn
My thoughts as well. Also, "only" violating a contract sounds less illegal.
worik
> Google's plan here is to just not actually make the "special payments"
That does not help
Signing the contract was a criminal conspiracy
I am not holding my breath for prosecution, though.
neilv
Initially, I suspected the cloud contracts were for general government operations, to have geo-distributed backups and continuity, in event of regional disaster (natural or human-made).
But could it instead/also be for international spy operations, like surveillance, propaganda, and cyber attacks? A major cloud provider has fast access at scale in multiple regions, is less likely to be blocked than certain countries, and can hide which customer the traffic is for.
If it were for international operations, two questions:
1. How complicit would the cloud providers be?
2. For US-based providers, how likely that US spy agencies would be consulted before signing the contracts, and consciously allow it to proceed (i.e., let US cloud providers facilitate the foreign spy activity), so that US can monitor the activity?
dfsegoat
fwiw towards your theory, I believe that the US Govt actually considers cloud providers - by way of specific services offered "dual use" systems for mil or civil use.
E.g. you will find references in AWS docs to Bureau of Industry/Security rulings.
cedws
Is managing servers really such a lost art that even governments with sensitive data must cede to AWS/Azure/GCP?
dpoloncsak
Can't buy stock contracts on Amazon/Microsoft/Google right before you announce the $1B investment towards cloud infrastructure if you roll it all yourself, though
geodel
It is more of people who can manage servers have no standing in front of people who buy or sell cloud services.
ignoramous
> ...a lost art that even governments with sensitive data must cede to AWS/Azure/GCP?
Apparently, US aid to a country is usually spent on US companies; Israel is no exception: https://theintercept.com/2024/05/01/google-amazon-nimbus-isr...
helsinkiandrew
So if a government agency or court (presumably the US government) makes a data request with a non disclosure order (FBI NSL, FISA, SCA) - Google and Amazon would break that non disclosure order and tell Israel.
Wouldn't those involved be liable to years in prison?
breppp
and your assumption is that if Google has conflicting legal obligations to the USA and Israel it will choose Israel...
In my opinion that's extremely unlikely. This was probably set up for other kinds of countries
alwa
I imagine it depends on which country makes that request, its legal basis, and how their gag order is written.
I find it hard to imagine a federal US order wouldn’t proscribe this cute “wink” payment. (Although who knows? If a state or locality takes it upon themselves to raid a bit barn, can their local courts bind transnational payments or is that federal jurisdiction?)
But from the way it’s structured—around a specific amount of currency corresponding to a dialing code of the requesting nation—it sure sounds like they’re thinking more broadly.
I could more easily imagine an opportunistic order—say, from a small neighboring state compelling a local contractor to tap an international cable as it crosses their territory—to accommodate the “winking” disclosure: by being either so loosely drafted or so far removed from the parent company’s jurisdiction as to make the $billions contract worth preserving this way.
nickdothutton
The WWW = Western Wall Wink.
vladgur
If we take "Israel" out of the equation to remove much of controversy, i dont understand why wouldnt any actor, especially government actor, take every possible step that their data remains under their sole control.
In other words, im curious why would Israel not invest in making sure that the their were storing in third-party vendor clouds was not encrypted at rest and in transit by keys not stored in that cloud.
This seems like a matter of national security for any government, not to have their data accessible by other parties at the whims of different jurisdiction where that cloud vendor operates.
nashashmi
It would still be very alarming if a democratic country like Australia or European Union taking a step like this where they tell the vendor that it will use its data and service in whatever way it sees fit, and sidestep existing policies those vendors have on the uses of their services and data.
Now maybe we can say that Israel is not a democratic system or environment, but then Microsoft would not be wholly desiring to do business serving such an entity, lest they break with US oversight.
Israel here told the vendor that whenever there is a gag on them by their government against making Israel aware of their request, the vendor is to secretly transmit a message alerting them..
tziki
It's not irrelevant that it's Israel in question. There's not many countries that have been found to be committing genocide (by UN), are actively involved in a war or where the leaders are sought by ICC.
vladgur
The genocide libel is tiring and that report is full of nonsense and usual for UN anti-israel bias.
* Redefines the meaning of genocide to fit the shape of the conflict -- a war started by Hamas on Oct 7 when it invaded Israel and slaughtered hundreds of music festival goers and Kibbutzniks.
* it uncritically adopts Hamas ministry of health casualty data without identifying combatants vs civilians.
* largely ignores role of Hamas in the conflict, downplays its use of civilian infrastructure such as hospitals for military uses.
* Frames the country as a "settler-colonial" project ignoring realities of jewish history in the region.
Overall i would prefer if these sorts of discussions that inevitably lead to century-old blood libels would not take place on HN and thats why i commented on thinking about the original article outside the context of Israel.
gambiting
For every killed Israeli in the attacks on the 7th of October, Israel went and killed 18 children in retaliation. If that is not genocide then I don't know what is.
Dig1t
Because it is obviously illegal, violates both the letter and spirit of American law.
Also because no other country has the power to get cloud vendors to do this and this one special country will face no consequences (as usual).
vladgur
From the article:
"The demand, which would require Google and Amazon to effectively sidestep legal obligations in countries around the world"
"Like other big tech companies, Google and Amazon’s cloud businesses routinely comply with requests from police, prosecutors and security services to hand over customer data to assist investigations."
The way I interpret this is Google, Amazon operates in multiple countries under multiple jurisdictions. The security services for any of these countries(including for example Egypt where Google has offices according to....Google), can produce a legal(in Egypt) order requesting Google to produce data of another customer( for example Israeli govt) and Google has to comply or leave Egypt.
It seems to me that being under constant threat of your government sensitive data being exposed at the whims of another, potentially adversarial government is not a sustainable way of operating and Im surprised that Israel havent either found ways of storing its infrastructure locally or encrypting it five way to Sunday.
This is not a comment on the specific accusation of actions by Israel but for strange reality of being a small-country government and a customer of a multi-national cloud vendor.
JohnMakin
If you or I did this, we'd go to jail for a very long time.
xbar
"The idea that we would evade our legal obligations to the US government as a US company, or in any other country, is categorically wrong,"
I can imagine that this Alphabet General Counsel-approved language could be challenged in court.
> Microsoft said that using Azure in this way violated its terms of service and it was “not in the business of facilitating the mass surveillance of civilians”. Under the terms of the Nimbus deal, Google and Amazon are prohibited from taking such action as it would “discriminate” against the Israeli government. Doing so would incur financial penalties for the companies, as well as legal action for breach of contract.
Insane. Obeying the law or ToS, apparently, is discriminatory when it comes to Israel.