> Several experts described the mechanism as a “clever” workaround that could comply with the letter of the law but not its spirit. “It’s kind of brilliant, but it’s risky,” said a former senior US security official.
If it wasn't Amazon, Google and Israel government, there wouldn't be people pretending it comply with the 'letter of the law'. It is simple treason, selling your own country secret to another.
And the way it's done isn't that 'brilliant'. Oh yes they aren't writing on paper that x country asked for Israel data, they are instead using the country phone index and making payment based on that...
The method is buried about 60% through the article, but it's interesting. It seems incredibly risky for the cloud companies to do this. Was it agreed by some salespeople without the knowledge of legal / management?
Leaked documents from Israel’s finance ministry, which include a finalised version of the Nimbus agreement, suggest the secret code would take the form of payments – referred to as “special compensation” – made by the companies to the Israeli government.
According to the documents, the payments must be made “within 24 hours of the information being transferred” and correspond to the telephone dialing code of the foreign country, amounting to sums between 1,000 and 9,999 shekels.
If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels.
If, for example, the companies receive a request for Israeli data from authorities in Italy, where the dialing code is +39, they must send 3,900 shekels.
If the companies conclude the terms of a gag order prevent them from even signaling which country has received the data, there is a backstop: the companies must pay 100,000 shekels ($30,000) to the Israeli government.
> If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels.
its a buggy method, considering canada also uses +1, and a bunch of countries look like they use +1 but dont, like barbados +1(246) using what looks like an area code as part of the country code.
> its a buggy method, considering canada also uses +1, and a bunch of countries look like they use +1 but dont, like barbados +1(246) using what looks like an area code as part of the country code.
You are correct that ITU code is not specific enough to identify a country, but I'm sorry, +1 is the ITU country code for the North American Numbering Plan Area. 246 is the NANPA area code for Barbados (which only has one area code) but as a NANPA member, Barbados' country code is +1, same as the rest of the members. There is no '+1246' country code.
There's not a lot of countries that are in a shared numbering plan other than NANPA, but for example, Khazakstan and Russia share +7 (Of course, the USSR needed a single digit country code, or there would have been a country code gap), and many of the former Netherland Antilles share +599, although Aruba has +297, and Sint Maarten is in +1 (with NANPA Area code 721)
It does seem a bit baffling. This method just adds a second potential crime, in the form of fraudulent payments.
Why would it be fraudulent in this case? I assume that these would be paid as refunds accounted for as a discount to a particular customer - aren't these generally discretionary? Also, I would assume that it would be the Israeli government getting services from the Israeli subsidiary of that company, so it's not clear whether even if it were a crime, which jurisdiction would have an issue with it.
You could argue that it's against something like the OECD Anti‑Bribery Convention, but that would be a much more difficult case, given that this isn't a particular foreign official, but essentially a central body of the foreign government.
Just to clarify, not saying that it's ok, but just that accusing it of being a "crime" might be a category error.
In what sense would the payments be fraudulent? It would be real money paid out of Amazon's accounts as part of a contract they willingly signed with Israel.
It is two crimes:
1. Alerting a country to secret actions taken by a third party government (my nation of citizenship, the US, definitely has rules against that)
2. Passing money to commit a crime. See money laundering.
Honestly, the second crime seems aggravated and stupid. Just pass random digits in an API call if you want to tell Israel you did something.
Wouldn't just having 1000 canaries be a "legal" way to do the alerting?
A government can compel Amazon to avoid notifying a target (Israel in this case) that their information has been subpoenaed, but can't compel Amazon to lie and say it hasn't sent their info.
Or is the concept of a canary pretty much useless now?
I'm personally one of the "activists" who is trying to avoid Amazon and Google to a practical degree, due to project Nimbus, so I'd be more than happy if their data could be accessed, and even happier to see Amazon and Google just cut ties with them altogether.
I'm not disputing that the company would be breaking the law by doing this. That's not what fraud is though.
Fraud is intentional deception + criminal intent. The deception comes from using payments as a code instead of say an encrypted channel.
No, fraud is intentional deception to deprive a victim of a legal right or to gain from a victim unlawfully or unfairly.
Who exactly here is the victim that gets it legal rights deprived or what is the gain at the expense of the victim?
IE criminal intent vs criminal activity, critically the criminal activity only needs to be intended not actually occur for it to be fraud. Specifying which criminal intent is applicable is reasonable but nothing I said was incorrect.
The victims are the people being deprived of their legal protections.
Not everyone agrees which information should be protected but sending information can be a form of harm. If I break into your bank, find all your financial transactions, and post it on Facebook, I have harmed you.
Courts imposing gag orders over criminal or civil matters is a critical protection, and attempting to violate those gag orders is harm. The specific victims aren’t known, but they intend for there to be victims.
IANAL, but all criminal definitions of fraud that I am aware of require an intention to harm to a victim. It's kind of hard to argue that sending money fulfills this criteria.
Americans get legal protections for their private health data because the disclosure of such information is considered harmful.
Other countries provide legal protections for other bits of information because disclosure of that information is considered harmful to the individual, it’s that protection they are trying to breach which thus harms the person.
How is this related to the fraud discussion in this thread? Illegal disckosure of confidential information is usually handled by a separate legal framework.
Stuff is generally also fraud rather than only being fraud. We don’t know the details of what else happened so we can’t say what other crimes occurred.
Same deal as most illegal things public companies do also being SEC violations.
The other person is saying that disclosure of health data in violation of HIPAA wouldn't be fraud. It would be a HIPAA violation, not fraud.
> Was it agreed by some salespeople without the knowledge of legal / management?
Never worked for either company, but there's a zero percent chance. Legal agrees to bespoke terms and conditions on contracts (or negotiates them) for contracts. How flexible they are to agreeing to exotic terms depends on the dollar value of the contract, but there is no chance that these terms (a) weren't outlined in the contract and (b) weren't heavily scrutinized by legal (and ops, doing paybacks in such a manner likely require work-arounds for their ops and finance teams).
That's my experience too, but it seems impossible that a competent legal team would have agreed to this.
Legal can advise, but it's ultimately up to the business to risk-accept. If they think the risk vs reward analysis makes it worthwhile, they can overrule legal and proceed.
When advice from legal conflicts with the upcoming sound of ka-ching! the only question that matters is: "how loud is that cashier going to be?"
It's a criminal scheme to spy on law enforcement. Both the company and the scheming country are committing crimes.
Can a country commit a crime?
No, it's the government that commits it.
People use the country = government metaphor as a shortcut for communication, but this one takes it further than usual.
Extradition by tectonic subduction
Very much doubt something this hot in an agreement with a foreign government as counterparty gets signed off by some random salesman
> If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels
This is criminal conspiracy. It's fucking insane that they not only did this, but put the crime in writing.;
I'm always surprised how often crimes get put in writing in big companies, often despite the same companies having various "don't put crimes in writing" trainings.
I don't quite understand this. How much money would Israel be able to milk from this? It can't be that much, can it?
It's not about money, it's about sending information while arguably staying within the letter of US law
Kinda similar to a https://en.wikipedia.org/wiki/Warrant_canary, with the same untested potential for "yeah that's not allowed and now you're in even more trouble".
Are there any instances anyone knows of in which a warrant canary has been found to violate antidisclosure law?
(Australia apparently outlaws the practice, see: <https://boingboing.net/2015/03/26/australia-outlaws-warrant-...>.)
Any such case seems likely to wind up in something like the secret FISA court.
https://en.wikipedia.org/wiki/United_States_Foreign_Intellig...
> If the companies conclude the terms of a gag order prevent them from even signaling which country has received the data, there is a backstop: the companies must pay 100,000 shekels ($30,000) to the Israeli government.
Uhm doesn't that mean that Google and Amazon can easily comply with US law despite this agreement?
There must be more to it though, otherwise why use this super suss signaling method?
How can they comply with a law that forbids disclosing information was shared, by doing just that? THe fact it's a simply kiddie code instead of explicit communication doesn't allow you to side step the law.
>Under the terms of the deal, the mechanism works like this:
> If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels.
This sounds like warrant canaries but worse. At least with warrant canaries you argue that you can't compel speech, but in this case it's pretty clear to any judge that such payments constitute disclosure or violation of gag order, because you're taking a specific action that results in the target knowing the request was made.
It's a "cute" mechanism. The lawyers and the companies they work for found this to be an acceptable thing to put in a contract, when doing so could be interpreted as conspiring to evade the law. Did they get any assurances that they wouldn't get in trouble for doing this?
This reads like something a non-lawyer who watched too many bad detective movies would dream up. Theres absolutely no way this would pass legal muster —- even warrant canaries are mostly untested, but this is clearly like 5x ‘worse’ for the reasons you point out.
From the article:
> Several experts described the mechanism as a “clever” workaround that could comply with the letter of the law but not its spirit.
It's not clear to me how it could comply with the letter of the law, but evidently at least some legal experts think it can? That uncertainty is probably how it made it past the legal teams in the first place.
Warrant canary depends on agreed upon inaction, which shields it somewhat. You cannot exactly compel speech by a gag order.
This, being an active process, if found out, is violating a gag order by direct action.
Warrant canaries depend on action, the removal or altering of the canary document. It’s too clever but no more clever than what Israel is requiring here.
the canary notification method is a lack of updates, not a specific update.
you update your canary to say that nothing has changed, at a known cadence.
if you ever dont make the update, readers know that the canary has expired, and so you have been served a gag order warrant.
changing or removing the canary in response to a warrant is illegal. not changing it is legal.
for an equivalent cloudwatch setup, its checking the flag for "alarm when there's no points"
I would think to stopping doing something is equally an action as to do something, in regards to warrant canaries and gag orders. You had to take make some change to your process, or if automated take an actual action to disable. In either case, there was a cognizant choice that was made
The legal theory is that in the US the first amendment prevents the government from forcing you to make a false update. I don’t know if it’s ever been tested.
As I understand, this theory wouldn’t even hold up in other countries where you could be compelled to make such a false update.
Yes but the theory, at least in the US, is that the government cannot compel you to say something. That is, they can't make you put up a notice.
yea, I get that, but my gut tells me this doesn't pass the sniff test
It's a choice you make and action you take either way, be it not updating a canary or sending a covert financial transaction
That it has not been tested in court is why it's still a "theory" (hypothesis?)
My hope is that a jury of our peers would stay closer to the spirit than the letter of the law
More specifically, the theory is that cannot compel you to lie, there are all kinds of cases where businesses are compelled to share specific messages.
Ah, that was confusing to me. Thank you.
And this would be why warrant canaries aren't seen as a proven legal shield yet.
>Warrant canaries depend on action, the removal or altering of the canary document.
No, they can simply not publish a warrant canary in the future, which will tip people off if they've been publishing it regularly in the past.
Right - the whole premise is that the government cannot compel speech (in the US). So if you publish something every week that says, “we’ve never been subpoenaed as of this week” and then receive a subpoena, the government can’t force you to lie and publish the same note afterwards. The lack of it being published is the canary here.
Whether you can be compelled to lie under these circumstances or not is not a resolved question of law. Although it seems fairly likely that compelling speech in this way is unconstitutional, if it has been tested in court, the proceedings are not public.
Good thing no one is doing anything unconstitutional right now?
This only works for Israel because members of the Israeli government expect to be above the law. They need to offer only the flimsiest pretext to get away with anything. Look what happened with Tom Alexandrovich.
From reading the Wiki, it seems like the state cops (who were somehow in charge of the case) forgot to take his passport when they arrested him, and then he just fled after he paid bail?
Is there any evidence he was helped in his escape by anyone? Genuinely asking (and genuinely seeking hard facts and data).
He was interviewed by the feds after his arrest and mentioned his upcoming flight in the interview transcript but still was allowed to leave the country.
Agree that there's something fishy/missing in this story. Never say never, but I find it extremely unlikely that Google/Amazon lawyers, based in the US, would agree to such a blatantly mafia-like scheme.
First day on this planet?
Wouldn't the lawyers be based in Israel - under some Israel-based shell/subsidiary of Google/Amazon, that owns the data centers, and complies with local law?
It's certainly very interesting and difficult to explain...
> I find it extremely unlikely that Google/Amazon lawyers, based in the US, would agree to such a blatantly mafia-like scheme.
I trust The Guardian. So I agree It was unlikely. I find it very sad
Very sad
> a blatantly mafia-like scheme.
Yeap...they would never do it ....
"Tech, crypto, tobacco, other companies fund Trump’s White House ballroom" - https://www.politico.com/news/2025/10/23/trump-ballroom-dono...
The key with a canary is that the thing you're trying to signal ensures the positive or negative signal itself, like "I will check in every 24 hours as long as everything is good, because if I'm not good I won't be able to check in.". THis is just a very thin, very simple code translation. It's like saying "if you get a request for our info, blink 3 times!"
Yeah.
I mean, why pay the money? Why not just skip the payment and email a contact "1,000"? Or perhaps "Interesting article about in the Times about the USA, wink wink"?
This method is deliberately communicating information in a way that (I assume) is prohibited. It doesn't seem like it would take a judge much time to come to the conclusion that the gag order prohibits communication.
Creating a secret code is still communication, whether that's converting letters A=1, B=2, sending a video of someone communicating it in sign language, a painting of the country, writing an ethereum contract, everyday sending a voicemail with a list of all the countries in the world from A to Z, but omitting the one(s) that have the gag / warrant...
If you ever dealt with the laws around exporting technology to specific jurisidictions, this would be like saying "We can convert the algorithm code to Python and THEN export it to North Korea!"
One of the earliest example would be "we can print PGP as a book and then..."
I wonder if Google's plan here is to just not actually make the "special payments" if a gag order applies. Possibly they think that the contract doesn't actually require those payments (most contracts have a provision about not contradicting the law), or just ignore the contract provision when a gag order comes (how would Israel know, and what would they do about it anyway).
Israel reportedly has unredacted data feeds from the USA(this was part of the Snowden leaks, Guardian link: https://www.theguardian.com/world/2013/sep/11/nsa-americans-...).
This means that they can read even the personal email of Supreme Court justices, congressmen and senators.
However they have a gentleman’s agreement to not do that.
“Wink”
However they have a gentleman’s agreement to not do that.
Trying to remember back to Snowden, I think I recall that not only DON'T they have such an agreement, but the intelligence folks consider this a feature. The US government is Constitutionally forbidden from reading "US persons" communications, but our Constitution has no such restriction on third parties. So if those third parties do the spying for us, and then tell our intelligence folks about it, everybody wins. Well, except for the people.
link to any credible report?
Updated my post with a link, thanks.
> how would Israel know, and what would they do about it anyway
Spy on, insert or recruit an asset from the pool of employees who are involved in any "Should we tell Israel?" discussion. That way, even if an answer is "No, don't alert them", the mere existence of the mechanism provides an actionable intelligence signal.
If they're able to gather the intelligence without a public signal, they wouldn't be wanting a public signal. Any discussion of "should we tell Israel" would be limited to people who knew of the secret subpoena's existence. If Israel already had an asset within that group, they'd just have that person signal them in a much more clandestine manner than a public payment mandated in a signed contract.
Either Israel already knows about the subpoena, in which case the discussion doesn't matter, or they don't, in which case their asset wouldn't be in on the discussion.
>most contracts have a provision about not contradicting the law
But is there an Israeli law that states contracts must be in concordance with foreign law... When the damages of an Israeli contract get evaluated in an Israeli court and they include the loss of Israeli intelligence assets will the costs not be significant? Yes google can pull out of Israel but they literally built datacentres there for these contracts so there are sizeable seizable assets.
And yes google may also get fined for breaking foreign law by foreign courts. The question is if the architecture of the system is set up so the only way data can be "secretly" exfiltrated by other governments is to go through local Israeli employees and they're the one's breaking the foreign law (and they were told explicitly by foreign bosses that they can't share this information wink) is there any punishment for google other than fines dwarfed by the contract and having to fire an employee who is strangely ok with that, who is replaced by a equally helpful local employee.
I think it'd be unlikely for the Israeli government to try and push this issue. Yes, Google has assets within Israel that could be seized, but it'd be a bit of a disaster. Israel would be creating a scenario where it told companies: go to prison in your home country or we'll seize everything you've invested here.
Also, I can't believe that Google or Amazon would sign a contract that doesn't specify the judicial jurisdiction. If the contract says "this contract will be governed by the courts of Santa Clara County California" and the Israelis agreed to that, then they won't have a claim in Israeli courts. If an Israeli court concluded that they have jurisdiction when both parties agreed they don't have jurisdiction, it'd create a very problematic precedent for doing business with Israeli companies.
Even if an Israeli court would ignore all that, what would Israel get? Maybe it could seize a billion in assets within Israel, but would that be worth it? For Google or Amazon, they face steeper penalties in the US and Europe for various things. For Israel, maybe they'd be able to seize an amount of assets equivalent to 10% of their annual military budget. So while it's not a small sum, it is a small sum relative to the parties' sizes. Neither would really win or lose from the amount of money in play.
But Israel would lose big time if it went that route. It would guarantee that no one would sign another cloud deal with them once the existing contracts expired. Investment in Israel would fall off a cliff as companies worried that Israeli courts would simply ignore anything they didn't like.
The point of these agreements is that Israel needs access to cloud resources. The primary objective is probably to avoid getting cut off like Microsoft did to them. That part of the contract is likely enforceable (IANAL): Israel does something against the ToS, but they can't be cut off. I'd guess that's the thing that Israel really wanted out of these deals.
The "wink" was probably a hopeful long shot that they never expected to work. But they got what they needed: Amazon and Google can't cut them off regardless of shareholder pressure or what they're doing with the cloud no matter what anyone thinks of it. Suing Amazon or Google over a part of the contract that they knew was never going to happen would jeopardize their actual objective: stable, continued access to cloud resources.
Sorry I didn't mean to imply I expected it would degrade to such a point that Israel is actually seizing the assets, it's more I'm pointing out that there's a credible threat of sizeable costs. Compounded with that the real teeth of the espionage laws outside of Israel will be in imprisonment which won't likely apply in these cases if the principal actors are Israeli citizens and the people subject to the foreign law are "doing all they can" to go along espionage orders once they receive one. The point is to get the contract in place in such a way that those who can get punished in a jurisdiction have plausible deniability and profitability to absorb any likely financial penalty by foreign actors. So that everyone just goes along with it as they're not breaking any laws at the time and then later they know their best efforts will be futile.
The Cloud doesn't just mean foreign data centers it means 3rd party infrastructure and expertise, which in this case at least, some of is local to the country. The point is that any 'secret' surveillance is reported. I.e. person in US gets ordered to access data, they connect to data center with appropriate credentials, which is monitored and either questioned and billed, or get flagged locally as not reportable and so not logged (making it show up on the shadow logs installed by local Israeli intelligence assets). Foreign employees best efforts to comply with espionage orders still reveal their actions and local employees happily obey local reporting laws knowing they are outside of those jurisdictions and helping their country.
Yes it can be forced to fall apart, but it has to be done in the open (because it will require changing local data center operations) and will be time consuming unless an actual open order by the US to immediately stop working with Israel on this which is extremely unlikely to happen.
My thoughts as well. Also, "only" violating a contract sounds less illegal.
> Google's plan here is to just not actually make the "special payments"
That does not help
Signing the contract was a criminal conspiracy
I am not holding my breath for prosecution, though.
So if a government agency or court (presumably the US government) makes a data request with a non disclosure order (FBI NSL, FISA, SCA) - Google and Amazon would break that non disclosure order and tell Israel.
Wouldn't those involved be liable to years in prison?
and your assumption is that if Google has conflicting legal obligations to the USA and Israel it will choose Israel...
In my opinion that's extremely unlikely. This was probably set up for other kinds of countries
In a nation that strictly follows its own laws, sure.
Your terms are acceptable.
I imagine it depends on which country makes that request, its legal basis, and how their gag order is written.
I find it hard to imagine a federal US order wouldn’t proscribe this cute “wink” payment. (Although who knows? If a state or locality takes it upon themselves to raid a bit barn, can their local courts bind transnational payments or is that federal jurisdiction?)
But from the way it’s structured—around a specific amount of currency corresponding to a dialing code of the requesting nation—it sure sounds like they’re thinking more broadly.
I could more easily imagine an opportunistic order—say, from a small neighboring state compelling a local contractor to tap an international cable as it crosses their territory—to accommodate the “winking” disclosure: by being either so loosely drafted or so far removed from the parent company’s jurisdiction as to make the $billions contract worth preserving this way.
Initially, I suspected the cloud contracts were for general government operations, to have geo-distributed backups and continuity, in event of regional disaster (natural or human-made).
But could it instead/also be for international spy operations, like surveillance, propaganda, and cyber attacks? A major cloud provider has fast access at scale in multiple regions, is less likely to be blocked than certain countries, and can hide which customer the traffic is for.
If it were for international operations, two questions:
1. How complicit would the cloud providers be?
2. For US-based providers, how likely that US spy agencies would be consulted before signing the contracts, and consciously allow it to proceed (i.e., let US cloud providers facilitate the foreign spy activity), so that US can monitor the activity?
fwiw towards your theory, I believe that the US Govt actually considers cloud providers - by way of specific services offered "dual use" systems for mil or civil use.
E.g. you will find references in AWS docs to Bureau of Industry/Security rulings.
In Microsoft case they provide services for storing and possibly processing (transcribing) calls of millions of people that are under belligerent occupation:
https://www.theguardian.com/world/2025/aug/06/microsoft-isra...
I don't imagine Google and Amazon are any better. I.e. take boatloads of money, while sticking the head into sand and pretend it's not likely used to help the illegal occupation of Palestinians, to persecute and harm them.
Is managing servers really such a lost art that even governments with sensitive data must cede to AWS/Azure/GCP?
Can't buy stock contracts on Amazon/Microsoft/Google right before you announce the $1B investment towards cloud infrastructure if you roll it all yourself, though
Apparently, yes: https://www.datacenterdynamics.com/en/news/858tb-of-governme...
It is more of people who can manage servers have no standing in front of people who buy or sell cloud services.
> ...a lost art that even governments with sensitive data must cede to AWS/Azure/GCP?
Apparently, US aid to a country is usually spent on US companies; Israel is no exception: https://theintercept.com/2024/05/01/google-amazon-nimbus-isr...
> Microsoft said that using Azure in this way violated its terms of service and it was “not in the business of facilitating the mass surveillance of civilians”. Under the terms of the Nimbus deal, Google and Amazon are prohibited from taking such action as it would “discriminate” against the Israeli government. Doing so would incur financial penalties for the companies, as well as legal action for breach of contract.
Insane. Obeying the law or ToS, apparently, is discriminatory when it comes to Israel.
It's not insane, at least based on the information in the article, which is entirely insinuation. Do we actually have access to the leaked documents and what specifically was being asked besides a "secret code" being used?
U.S. law. It's pretty obvious that neither Amazon nor Google are good options for serious actors that are not the U.S. government. So if they want to make business outside the U.S., they need to dance around the fact that in the end they bow to the will of Washington.
It would be suicide to sign the contract. It basically allows them to hack their platforms without any repercussions or ability to stop it. They would quickly claim expanded access is part of the contract.
This endless bowing down to Israel is and always will be ridiculous. When a country can do whatever they like unchallenged, no matter how wrong, or how illegal, we have failed as a society.
That now makes two of U.S.
Setting aside the legalities of the "wink" payments, I'm fascinated to know what is the purpose of the country-specific granularity? At most Israel would learn that some order was being sought in country X, but they wouldn't receive knowledge of the particular class of data being targeted.
I wonder if there's a national security aspect here, in that knowing the country would prompt some form of country-specific espionage (signals intelligence, local agents on the inside at these service providers, etc.) to discover what the targeted data might be.
Obviously, they must think it's a feature of some value.
Knowing the country allows an immediate diplomatic protest, threats to withdraw business, and investigation.
The payment is to be within 24 hours, which means that they can act quickly to stop the processing of the data, prevent conclusions from being drawn, etc.
If the signaled country were the US, I would expect a bunch of senators to be immediately called and pressured to look into and perhaps stop the investigation.
If you or I did this, we'd go to jail for a very long time.
Was there anything good that ever came from that Apartheid genocidal state?
If the US government asked Google and amazon for data using specific legal authorities and the companies tipped off the Israeli government, there's a chance they may have broken the law....
> there's a chance they may have broken the law
There is certainty they broke the law. Both federally and, in all likelihood, in most states.
The agreement breaks the law
Israel and the USA already coordinate, so I doubt this story. Other countries should stop selling data of their citizens to these two countries.
They coordinate, but coordination doesn't mean totally aligned behavior and interests which never diverge, nor that they don't try to spy on each other. Multiple people in the United States have been been caught and convicted of spying for Israel and are serving lengthy prison sentences because of it; Israeli lobbying efforts have tried to get their sentences commuted, so far without success. That's not what you would see if "coordination" went as far as your post implied.
I wouldn't be surprised if this is all a part of the "game" of spycraft. Israel probably expects the US spy agencies would get wind of this agreement. "I see you watching me."
That's basically how all governments work.
If you don't want your data in the hands of someone with access to the state's monopoly on violence, you're best off getting rid of all internet access in your life.
If we take "Israel" out of the equation to remove much of controversy, i dont understand why wouldnt any actor, especially government actor, take every possible step that their data remains under their sole control.
In other words, im curious why would Israel not invest in making sure that the their were storing in third-party vendor clouds was not encrypted at rest and in transit by keys not stored in that cloud.
This seems like a matter of national security for any government, not to have their data accessible by other parties at the whims of different jurisdiction where that cloud vendor operates.
It would still be very alarming if a democratic country like Australia or European Union taking a step like this where they tell the vendor that it will use its data and service in whatever way it sees fit, and sidestep existing policies those vendors have on the uses of their services and data.
Now maybe we can say that Israel is not a democratic system or environment, but then Microsoft would not be wholly desiring to do business serving such an entity, lest they break with US oversight.
Israel here told the vendor that whenever there is a gag on them by their government against making Israel aware of their request, the vendor is to secretly transmit a message alerting them..
Because it is obviously illegal, violates both the letter and spirit of American law.
Also because no other country has the power to get cloud vendors to do this and this one special country will face no consequences (as usual).
From the article:
"The demand, which would require Google and Amazon to effectively sidestep legal obligations in countries around the world"
"Like other big tech companies, Google and Amazon’s cloud businesses routinely comply with requests from police, prosecutors and security services to hand over customer data to assist investigations."
The way I interpret this is Google, Amazon operates in multiple countries under multiple jurisdictions. The security services for any of these countries(including for example Egypt where Google has offices according to....Google), can produce a legal(in Egypt) order requesting Google to produce data of another customer( for example Israeli govt) and Google has to comply or leave Egypt.
It seems to me that being under constant threat of your government sensitive data being exposed at the whims of another, potentially adversarial government is not a sustainable way of operating and Im surprised that Israel havent either found ways of storing its infrastructure locally or encrypting it five way to Sunday.
This is not a comment on the specific accusation of actions by Israel but for strange reality of being a small-country government and a customer of a multi-national cloud vendor.
It's not irrelevant that it's Israel in question. There's not many countries that have been found to be committing genocide (by UN), are actively involved in a war or where the leaders are sought by ICC.
The UN has made no such ruling. Committees don't speak for the UN.
"The idea that we would evade our legal obligations to the US government as a US company, or in any other country, is categorically wrong,"
I can imagine that this Alphabet General Counsel-approved language could be challenged in court.
That's wild. Sounds like a sketchy legal loophole for big tech.
Surprised that Israel didn't just decide to go it alone and build their own infra given the multiple reservations they clearly had. They have a vibrant tech ecosystem so could presumably pull it off
Something worth noting is that when they call a significant number of reserves to IDF, their industries suffer.
Most SWEs are still 20-40-something men, which would be the same demographic being called to service (I realize women also serve in the IDF, but combat positions are generally reserved for men).
So it's possible that Israel can't rely on their own private tech industry being unaffected during high-engagement periods.
I think the government does have plenty of its own infra (and military tech sectors would be unaffected by calling in reserves), but given the size of the country (and also considering its Palestinian second-class citizens who make up 20% of the Israeli population may not be trusted to work on more sensitive portions of its infrastructure) they're probably not able to manage every part of the stack. Probably only China and the U.S. can do this.
I work with people that have been called up for service there and don't think it's as disruptive to a country's data-center building ability as you suggest.
I imagine the concern becomes survivability. Israeli's really like their multiple levels of backups, and having a data copy out of the reach of enemy arms seems high priority.
Iran attacking US-East-1 would certainly be unusual.
They could likely work around that, multiple locations in-country and an off site encrypted backup out of country.
More likely is it was "aid" from the US which usually comes with stipulations about what/where they can spend it - common with weapons/military kit, wouldn't be surprised if they did something similar with cloud services.
Hundreds of missiles get colaunched making up multi-thousand missile waves. A 200 drone wave is "small".
And any offsite that is "Israel's gov offsite" is an easy target even if in Cyprus or NYC.
Comingling with a bunch of bulk commercial hosts is very safe from a threat modeling perspective (in this case).
> According to sources familiar with negotiations, Microsoft’s bid suffered as it refused to accept some of Israel’s demands.
MS/Azure being the good guys for once? Colour me surprised.
Microsoft of all companies were the ones who had backbone here? What the heck
This is basically just the warrant canaries from the FISA prism days. Which at the time hacker news was in favor of. Both companies deny doing this though
Imagine if someone asked for the data for money laundering investigations. The cloud provider could get prosecuted for "tipping off".
The WWW = Western Wall Wink.
Now that the trick is out the gag order will say explicitly not to make the payment. Or specifically to make a “false flag” payment, tell them it’s the Italians.
There's no need to alter a gag order. If you attempt an end-run around a gag order by speaking in French or Latin or Swahili, the gag order is still violated. This is exactly the same: changing the language in which the gag order is violated.
I don’t think speech can be compelled like that latter idea
Are payments "speech" though? Just like the Israeli govt thinks they are being "cute" with the "winks" so can other governments be "cute" with their interpretation of "speech".
The Supreme court has labeled political spending as free speech. No reason it can't extend everywhere.
Money talks.
We know already that Google and Amazon are morally bankrupt. (My brain is spinning that Microsoft are the "good guys" here).
But I do not think we knew that Google and Amazon would engage in criminal conspiracy for profit
theyre complicit and profiting off genocide just as they have been forever. The sad reality is, most of these criminals and white collar gangsters will never be held to account
The empire is EOL tho
years of "but we have to because of our enemies" undisciplined realpolitik has ended in states that insist upon their own legitimacy but don't even pay lip service to the rule of law. your enemies are people you can and should fuck over and your allies are people you've hoodwinked, and can and should fuck over.
Why is the US in particular tolerating Israel sabotaging antiterrorism investigations?
>Why is the US in particular tolerating Israel
We all know why. Imagine the backlash if there were half as many powerful people in America's media, politics, finance, etc who had dual-Senegalese citizenship or ancestry, and spent more time defending the Senegalese government, complaining of anti-Senegalese sentiment, and advocating for material support for the Senegalese people than they ever bothered with Americans.
There has been a concerted effort to tie Jewish identity to the modern state of israel. It certainly doesn't help that the birth of said state came in the wake of the Jewish people nearly being wiped out by an industrialized genocide. Add to that the previous 1000 years or so of systematized antisemitism and it's easy to see why the proposition can be very appealing to a Jewish person who had (and sometimes still has) very material reason to fear for their safety.
This was leveraged (some might say exploited) by unsavory actors in the creation of a reactionary, settler-colonial ethno-state. This should not be too surprising, given that zionism arose in the same sociopolitical milieu that gave us modern nationalism and pan-nationalist ideologies.
People seem more accepting of the concept than you might expect. Compare the song "My Uncle Dan McCann", which you can hear here: https://www.youtube.com/watch?v=_puzpI03Xcs
I found me uncle Dan McCann
A very prosperous Yankee man
He holds a seat in Congress
And he's leader of his clan
He's helped to write America's laws
His heart and soul in Ireland's cause
And God help the man who opened his jaws to me uncle Dan McCann
As far as the song is concerned, this is admirable behavior. Of course, the song is written from the perspective of an Irishman visiting from Ireland to look for his uncle. But it's marketed to Americans. The question "is it a good thing to have American legislators whose purpose in life is to work for the benefit of Ireland?" never seems to come up.
Though I recognise the similarity, a Irish song about a relative who emigrated to America in the 19th century, fought in the Civil War, becomes a politician and advocates for Irish Independence isn't really on the same scale as what the Israel lobby is being accused of.
And a double reminder that it's an Irish song that tells an Irish perspective,not an American one.
Imagine if we sent Senagal $10M per day in tax payer money and questioning it led to your own politicians labeling you as "anti-senagalese" and being ousted from every political party.
Another day, another reason to love Israel. /s
Israel is at war with terrorists like Hamas. Given the shady history of Google and Amazon shutting down servers over political opinions, like with Parler, Israel smartly insists on a no-cutoff clause in the Nimbus deal—if the companies sign on, that's on them. Totally reasonable. It's critical, mission-ready services. You can't back out of that in the middle of a war. Big Tech does the same for the U.S. military.
Google fired ~50 protesters who tried to disrupt the project with their personal agendas.
Israel moves intercepted Palestinian comms data from Microsoft to AWS after MS pulls the plug, and then the biased, anti-Israel UN—which the U.S. has publicly rebuked for UNRWA ties to Hamas terror in Gaza—starts complaining, as usual.
Google and AWS, who actually know the contract details, flat-out deny any illegal stuff.
This is critics with strong opposition to Israeli policies joining the political and digital front of the war. Who wrote the article? A super biased guy, Yuval Abraham, who's made a career out of slamming Israel and the IDF, teaming up with an anti-Israel media like +972 Magazine.
But, at the end of the day, only a court with proper jurisdiction can properly investigate. This is my view.
Israel just can't get any more shittier.
My comment and others point to the israeli atrocities here all just all just got flagged and removed in a very suspicious way with tons of "disinformation" comments below them, basic stuff that's literally been said by the UN, Amnesty, Red Cross, Doctors without borders etc. for years is flaggable now?
I thought censoring and straight up brigading was not allowed here? But i guess if they do what the article is about they can easily sway a thread like this in a few minutes, and i'm sure they do when stuff becomes frontpage on various sites. Can't talk about the genocide.
Pretty disgustingly anti-Semitic response by this website. I've never seen such support for gag orders in my life. If the ACLU put this same provision in their contract, people would be bending over backwards to tell us how clever it is.
The comments calling Israel evil for wanting to be notified when other countries try to steal their data are particularly grotesque.
It is extremely hard to imagine such an article being written, and such a response generated, about any other country. "Denmark asks cloud providers to privately notify it if its data is leaked to other states" sounds way too boring to be published, let alone generate outrage.
Change it to Israel, sprinkle in some vaguely insidious language (a contract becomes a "secret agreement", a request or negotiation become a "demand"), and suddenly it's a scandal.
In all fairness, if you put data on the internet (aka "the Cloud"), here is no reasonable expectation of privacy, unless you yourself control both the server and the client AND have everything encrypted.