Israel Demanded Google and Amazon Use Secret 'Wink' To Sidestep Legal Orders

An anonymous reader quotes a report from the Guardian: When Google and Amazon negotiated a major $1.2 billion cloud-computing deal in 2021, their customer -- the Israeli government -- had an unusual demand: agree to use a secret code as part of an arrangement that would become known as the "winking mechanism." The demand, which would require Google and Amazon to effectively sidestep legal obligations in countries around the world, was born out of Israel's concerns that data it moves into the global corporations' cloud platforms could end up in the hands of foreign law enforcement authorities.

Like other big tech companies, Google and Amazon's cloud businesses routinely comply with requests from police, prosecutors and security services to hand over customer data to assist investigations. This process is often cloaked in secrecy. The companies are frequently gagged from alerting the affected customer their information has been turned over. This is either because the law enforcement agency has the power to demand this or a court has ordered them to stay silent. For Israel, losing control of its data to authorities overseas was a significant concern. So to deal with the threat, officials created a secret warning system: the companies must send signals hidden in payments to the Israeli government, tipping it off when it has disclosed Israeli data to foreign courts or investigators.

To clinch the lucrative contract, Google and Amazon agreed to the so-called winking mechanism, according to leaked documents seen by the Guardian, as part of a joint investigation with Israeli-Palestinian publication +972 Magazine and Hebrew-language outlet Local Call. Based on the documents and descriptions of the contract by Israeli officials, the investigation reveals how the companies bowed to a series of stringent and unorthodox "controls" contained within the 2021 deal, known as Project Nimbus. Both Google and Amazon's cloud businesses have denied evading any legal obligations.

The Guardian will be labeled as "antisemitic" now!

[Anonymous Coward]

You wait. "Oy vey! Accusing us of doing what we are doing is a blood libel!"

Re:The Guardian will be labeled as "antisemitic" n

[Anonymous Coward]

I wonder at what point your average person will realized that the Israeli government operates like the ThirdReich in some important ways.

A warranty canary would make more sense

[davidwr]

In countries that can't make you lie but can make you not tell others about their warrants, a warranty canary is a good, legal way to communicate that a court or police force has seized data and put you under a gag order.

In countries where the government can "make you lie" by making you continue to say that there has been no government data-seizure, warranty canaries are useless - "killing the canary" will get you in the same legal hot water as announcing "the government took your data."

I wouldn't be surprised if some of the countries whose police or court actions were leaked to Israel take whatever legal action they can against Google and Amazon.

Re:

[Anonymous Coward]

It's also misguided to assume google/amazon were telling israel the truth.

While not exactly the same principal, if it was myself and another person within US jurisdiction, an invalid or illegal contract clause results in only that specific clause being void, not the entire contract.

It isn't hard to imagine that I would happily agree to any clauses I know are illegal. Why wouldn't I?
Saying 'no' may cause you to not agree to the rest of the contract, and saying 'yes I agree' isn't even going to be enforceabl

Re:

[AmiMoJo]

There is a third scenario. They can't force you to update the warrant canary, but failure to do so would be the same as telling everyone you received a secret warrant.

A better solution is to have someone else periodically ask if you have received any secret warrants. You can simply stop answering. The law can't really expect you to do anything else, since it's not a situation that you created.

Re:

[Anonymous Coward]

Another better solution is to not depend on Google etc for your top secrets. Just assume they are already compromised. Because they ARE likely already compromised.

Use layers of strong crypto if you're going to put data on them.

Some say don't roll your own crypto. But they're either retarded or NSA shills. If rolling your own crypto and then wrapping it with AES256 makes AES256 weaker then someone can publish a paper on how to weaken AES256.

Remember if stuff encrypted by your crypto looks random how would th

Why trust?

[ukoda]

Surely the Israel government has the resources to self host? If the information is so important that they want know if a third party has been given it then why trust it with someone they do not have 100% control of in the first place?

More generally any country trusting Google or Amazon to keep their data secure has not got the memo that the USA is not a trusted partner anymore. trump can ask for anything you save with USA companies and they will answer "Would you like that emailed to you or on a gold plated HDD?".

Re:

[Mspangler]

You must be young,

"It may be dangerous to be America's enemy, but to be America's friend is fatal.”

Or

  'America has no permanent friends or enemies, only interests'

  Henry Kissinger

And those were when I was a kid. Trusted partner? Snort snicker tee-hee.

Re:

[Anonymous Coward]

You must be young,

"It may be dangerous to be America's enemy, but to be America's friend is fatal.”

Or

'America has no permanent friends or enemies, only interests'

Henry Kissinger

And those were when I was a kid. Trusted partner? Snort snicker tee-hee.

That rings true. Currently, the "interests" are the whims of a single man, based on silly things like the last social media post or meme he saw, the last MAGA influencer he talked to, or the ratings of a talk show host.

Re:

[DrMrLordX]

They might have been using cloud services as part of a covert operation. One where hosting data on internal Israeli systems might have been a rip-off to foreign actors of Israeli involvement. Parties using American cloud services couldbr anybody.

Re:

[DrMrLordX]

Rip-off = tip-off

Re:

[cusco]

I just hope AWS wasn't hosting Israel's "Where's Daddy" AI project. In an industry full of disgusting proposals the idea of an AI which would predict when a target would be at home so that they could be murdered along with their entire family is the worst I've ever heard of.

Re:

[Rujiel]

Quick, deflect harder. Is russia in the room wifh us now?

Re:

[DrMrLordX]

Probably not. That's something they could do in-house.

Re:

[cusco]

It seems like the Israeli management is ignorant of basic cloud security, hopefully their staff isn't. I don't know about Google, but every volume in the AWS cloud can be encrypted, and Amazon does not hold the keys. Unless the customer gives AWS the key for some reason all they see is a blob of encrypted bits X-many bytes long (the data techs even refer to it as a 'blob'). They can move the blob from one place to another, back it up, restore it, etc. but have no idea what is in it. This is not like a W

Re:

[EvilSS]

For a nation with the resources Israel has, if they really wanted GCP or AWS for the platform, they could afford to have them build isolated, dedicated datacenters in Israel and run it for them. The US DOD does this with Azure and I think AWS.

Re:

[Facekhan]

That's apparently what this NIMBUS contract was about. The cloud providers would help Israel build out that private cloud on Israeli soil.

Re:

[martin-boundary]

Sometimes countries send their people into other countries to do certain things, like spying on industrial competitors or assassinating people deemed unworthy of a trial. In such cases, the people who are sent necessarily use the IT systems of the host country to blend in and not cause suspicions.

Re:

[Facekhan]

Most of the infrastructure in question under this NIMBUS contract, are in an Israeli govt data center operating as a private partition in AWS/Gcloud. This is similar to US Govt contracts with cloud providers. The idea is to use the cloud's interface to build up govt IT worker skill sets so they are more portable and to make hiring out of the private sector easier. The exception apparently is the AI infrastructure which is in high demand and very expensive if you can even get your order filled plus US govt e

You know I just want to say it's perfectly normal

[rsilvergun]

For a nation state to be worried about law enforcement on the part of other Nation states. Nothing bad has ever happened when a nation state goes out of its way to prevent international law from being enforced right?

Re:

[piojo]

That's true, but it goes even further. There's no such thing as international law. There is only other countries' laws, treaties, and conventions. No sovereign nation willingly subjects itself to another nation's laws, for that is giving up some of its sovereignty.

Re:

[Computershack]

Otherwise, what is a treaty?

Like international law it's merely a Gentleman's Agreement between two parties. Nations can and do break both treaties and international law on a very regular basis. For example there's the Budapest Memorandum which was signed by Ukraine, Russia, USA and UK which in return for Ukraine returning the former USSR nuclear arsenal it had and not using gained knowledge to create more, prohibited Russia, the United States, and the United Kingdom from threatening or using military force or economic coercion against

All law is a gentleman's agreement

[rsilvergun]

We are all collectively agreeing to the fiction that is society. Because we have lived with it for so long the idea of it breaking down doesn't occur to us. In Russia for example right now society has collapsed outside of the two major cities because they have stopped funding law enforcement in order to move that money to the war effort.

In America there are 400,000 police officers. That's for a country of 170 million adults. As the tax base collapses in America the police will basically go away because

Re: All law is a gentleman's agreement

[Zero__Kelvin]

Cops don't do it for the money, they do it for the power. Stop paying them and you'll still have plenty of people signing up. Why do I need to be paid when I can just keep that 100K I confiscated?

Re:

[Facekhan]

The Guardian fails to explain adequately but the court in question is likely the US Foreign Intelligence and Surveillance Act court (FISA) that approves warrants either for US persons (citizens anywhere or residents domestically) or for foreign assets on US soil like an Israeli partition in AWS. Those court orders often have gag orders attached that prevent service providers from disclosing them to the targets of the warrant.

There is also quite a bit of lawfare going on lately by a group called the Hind Raj

Convoluted

[liqu1d]

Surely it would have been so much easier to stipulate someone was to be given employment in the legal team that deals with such requests.

Re:

[cusco]

AWS has a legal representative in every country where they have data centers, it's pretty much a necessity. If a court order is issued in Ireland or Holland it's unlikely that Seattle will even be aware of it for a couple of days, and it may have been already carried out.

Re: Convoluted

[liqu1d]

I didnâ(TM)t realise. I assumed it was a central department. Thank you for explaining :).

Slippery slope is the goal.

[stoicfaux]

If you can force a company to agree to and normalize such winks, then the next step is to expand the protocol to communicate additional information. It's basically a step towards forcing companies to provide intelligence.

This seems like it will go poorly.

[fuzzyfuzzyfungus]

I'm a little unclear on what anyone thought this elaboration was getting them; unless it was purely pessimism about the existence of any sort of untapped channel where cute but relatively crude steganography wouldn't be necessary or could be better-handled by any of the myriad excuses to send bits of encrypted information(altering the agreed-upon portions of encrypted JWTs returned by some auth endpoint or the like).

There's the very specific case of 'warrant canaries', for which there's some US case law a

Stop Supporting Pro-Israel Businesses Like Google

[RayDonaldPratt]

Israel would not have asked Google and Amazon to send a secret code unless Israel already believed that it could trust Google and Amazon. I suppose that anyone should be free to support whatever they wish with their business operations, but I am also free to not want to support businesses that support baby-starving and child-murdering Israel. I've already deleted my Facebook account, and I have signed up for Proton email to transition away from Gmail, and I think that I may have to avoid Amazon as well. Mic

Re:

[registrations_suck]

Personally, I would find it exhausting to keep track of all the companies that said or did something I didn't like, and therefore I must boycott them.

I'd probably set up a database to keep track of everything. Maybe I would set up an AI agent or two to scour the web, looking at news reports and such for instances of offending corporate behaviour. Of course, I'd also have to set up a database outlining what I think offending corporate behaviour is. Or maybe I can just tell it all to ChatGTP and interface tha

Re:

[outsider007]

Maybe just don't bother? Hamas didn't agree to a cease-fire because some dipshit cancelled Gmail.

Re:

[registrations_suck]

Oh, I agree with that entirely.

I'm happy to take money from people who do bother though.

New business idea

[registrations_suck]

Personally, I would find it exhausting to keep track of all the companies that said or did something I didn't like, and therefore I must boycott them.

I'd probably set up a database to keep track of everything. Maybe I would set up an AI agent or two to scour the web, looking at news reports and such for instances of offending corporate behaviour. Of course, I'd also have to set up a database outlining what I think offending corporate behaviour is. Or maybe I can just tell it all to ChatGTP and interface tha

Re:

[Rujiel]

There already are services for this, no AI needed, such as the "No Thanks" barcode.scanner app

Re:

[registrations_suck]

I knew it! I knew there was money to be made on that idea!

Re:

[Rujiel]

It's a free service, not about profitability.. after all some of these tech companies are providing services to Israel that are similar to the human barcoding IBM provided for concentration camps during WWII

Re:

[Anonymous Coward]

For +972, it's their entire business model.

+972 is actually a magazine based in Israel. Maybe you just don't like the fact that they call out the war crimes of their own government?

Re:

[Rujiel]

The guardian has been running defense for Israel just like other MSM, they just aren't as slavish as the American outlets. But any critique of Israel is racism to you. Must be lonely

Re:

[TheMiddleRoad]

You repeat the same antisemitic canards, motherfucker.

Re:

[TheMiddleRoad]

Fucking coward.

Port knocking

[Dan East]

This reminds me of "port knocking", but using small financial transactions instead of socket connection requests to various ports. Send a transaction of $1.23, then a transaction of $3.95 within 60 seconds, and that means a specific thing, etc. The cool thing about this is you can merely scan the transactions database looking for the pattern any time after the fact to see if the message had been sent.

If they can also include reversals, and can use up to, say, $9,999 transactions, then they can encode a dec

Wrong Title

[appleb]

A more correct title would be "Google and Amazon Agree to Use Secret 'Wink' in Israel Contract To Sidestep Legal Orders"

Country full of war criminals

[skam240]

...was born out of Israel's concerns that data it moves into the global corporations' cloud platforms could end up in the hands of foreign law enforcement authorities.

Of course they're concerned about this, they're a country full of war criminals. You've got the leaders that ordered the mass starvation, indiscriminate bombing with heigh yield ordinance in densely populated areas, and the general slaughter of civilians and then you have the soldiers that actually did these things. That's a lot of people they'll want to protect from foreign law enforcement.

Sure

[PPH]

Here's a pager. We'll just send you a "911" if something comes up.