by YUVAL ABRAHAM
To secure the lucrative Project Nimbus contract, the tech giants agreed to disregard their own terms of service and sidestep legal orders by tipping Israel off if a foreign court demands its data, a joint investigation reveals.
In 2021, Google and Amazon signed a $1.2 billion contract with the Israeli government to provide it with advanced cloud computing and AI services — tools that were used during Israel’s two-year onslaught on the Gaza Strip. Details of the lucrative contract, known as Project Nimbus, were kept under wraps.
But an investigation by +972 Magazine, Local Call, and The Guardian can now reveal that Google and Amazon submitted to highly unorthodox “controls” that Israel inserted into the deal, in anticipation of legal challenges over its use of the technology in the occupied West Bank and Gaza.
Leaked Israeli Finance Ministry documents obtained by The Guardian — including a finalized version of the contract — and sources familiar with the negotiations reveal two stringent demands that Israel imposed on the tech giants as part of the deal. The first prohibits Google and Amazon from restricting how Israel uses their products, even if this use breaches their terms of service. The second obliges the companies to secretly notify Israel if a foreign court orders them to hand over the country’s data stored on their cloud platforms, effectively sidestepping their legal obligations.
Running for an initial seven years with the possibility of extension, Project Nimbus was designed to enable Israel to transfer vast quantities of data belonging to its government agencies, security services, and military units onto the two companies’ cloud servers: Amazon Web Services and Google Cloud Platform. But even two years before October 7, Israeli officials drafting the contract had already anticipated the potential for legal cases to be brought against Google and Amazon regarding the use of their technology in the occupied territories.
One scenario that particularly concerned officials was if the companies were ordered by a court in one of their countries of operation to hand over Israel’s data to police, prosecutors, or security agencies to assist with an investigation — if, for example, Israel’s use of their products were linked to human rights abuses against Palestinians.
The CLOUD Act (2018) allows American law enforcement agencies to compel U.S.-based cloud providers to hand over data, even if it is stored on servers abroad; in the European Union, due diligence laws can require companies to identify and address human rights violations in their global supply chains, and courts may intervene if these obligations are not met.
Crucially, companies receiving an order to hand over data are often gagged by the court or law enforcement agency from disclosing details of the request to the affected customer. To address this perceived vulnerability, the documents reveal, Israeli officials demanded a clause in the contract requiring the companies to covertly warn Israel if ever they were forced to surrender its data but were prohibited by law from revealing this fact.
According to The Guardian, this signaling is carried out through a secret code — part of an arrangement that would become known as the “winking mechanism,” but referred to in the contract as “special compensation” — by which the companies are obliged to send the Israeli government four-digit payments in Israeli shekels (NIS) corresponding to the relevant country’s international dialing code followed by zeros.
For example, if Google or Amazon were compelled to share data with U.S. authorities (dialing code +1) and were barred from revealing that action by a U.S. court, they would transfer NIS 1,000 to Israel. If a similar request were to occur in Italy (dialing code +39), they would instead send NIS 3,900. The contract states that these payments must be made “within 24 hours of the information being transferred.”
972Mag for more