The Secret Code: How Google and Amazon Bargained Away Accountability for a $1.2 Billion Israeli Contract 

In a stunning revelation from the $1.2 billion “Project Nimbus” contract, leaked documents show that Google and Amazon agreed to a series of extraordinary terms demanded by the Israeli government, including a secret “winking mechanism” whereby the companies would use coded financial payments to secretly alert Israel if a foreign government compelled them to hand over its data, a scheme legal experts say risks violating the spirit of gag orders and their legal obligations.

Furthermore, the tech giants contractually agreed that they cannot suspend or restrict Israel’s access to their cloud services—even for violations of their own terms of service or ethical policies—effectively immunizing the Israeli government’s use of the technology, including for military and intelligence purposes, from any corporate oversight or accountability, a stark contrast to Microsoft which later cut off similar services over ethical concerns.

The Secret Code: How Google and Amazon Bargained Away Accountability for a $1.2 Billion Israeli Contract 

In the high-stakes world of government cloud contracts, where billions of dollars and national security secrets hang in the balance, a unique form of leverage is applied. For the tech giants, it’s the promise of unprecedented scale and market dominance. For the nation-state, it’s the power of the purse. But a leaked 2021 agreement between the Israeli government, Google, and Amazon reveals a far more disturbing transaction took place: the systematic bargaining away of corporate accountability and legal transparency in exchange for a lucrative deal. 

Dubbed “Project Nimbus,” this $1.2 billion contract to migrate vast swathes of the Israeli public sector and military into commercial cloud servers was always controversial. However, documents uncovered by a joint investigation, and the subsequent reporting, expose that the true scandal isn’t just who won the contract, but the extraordinary, secretive terms they agreed to. At the heart of the deal lies a “winking mechanism”—a clandestine alert system designed to subvert the very legal frameworks the companies are sworn to uphold. 

The Core Concern: Who Controls the Data in the Cloud? 

The fundamental anxiety for any nation entrusting its data to a global corporation is loss of sovereignty. While data might be physically stored in a local datacentre, the corporate entity is subject to the laws of its home country and others where it operates. Like all major cloud providers, Google and Amazon routinely receive and comply with lawful requests from global law enforcement and courts for customer data. Often, these orders come with strict gag clauses, preventing the company from notifying the customer that their information has been handed over. 

For Israel, a nation with complex and often contentious international relations, this presented an existential threat. The prospect of a foreign power—be it a European ally or a strategic adversary—secretly obtaining its sensitive data through a U.S. court order was unacceptable. Their solution was not to seek stronger legal protections, but to engineer a clandestine workaround that would force the tech companies into a profound conflict of interest. 

The “Winking Mechanism”: A Clandestine Financial Signal 

The “winking mechanism” is a masterclass in bureaucratic ingenuity, born from a desire to operate in the shadows of international law. According to the leaked documents, the system works as follows: 

• The Trigger: Google or Amazon is compelled by a legally binding order from a foreign country to hand over Israeli government data and is simultaneously gagged from informing Israel. 

• The Signal: Within 24 hours of complying, the company must make a payment to the Israeli government, framed as “special compensation.” 

• The Code: The amount of this payment corresponds to the telephone dialing code of the country that issued the order. 

• A request from the United States (code +1) triggers a payment of 1,000 shekels. 

• A request from Italy (code +39) triggers a payment of 3,900 shekels. 

• A request from the United Kingdom (code +44) triggers a payment of 4,400 shekels. 

• The Fallback: If the gag order is so comprehensive that even identifying the country would violate it, the companies must send a default payment of 100,000 shekels (approx. $30,000). 

On the surface, this may seem like a clever loophole. But legal experts have been quick to highlight the profound risks. A former U.S. government lawyer noted that such a scheme, if discovered by a U.S. court, would be viewed with extreme skepticism. It’s a maneuver that may technically comply with the letter of the law by not sending an explicit message, but it utterly violates its spirit. The companies are effectively paying a third party to alert them to a secret legal proceeding—a move that could be interpreted as obstruction of justice. 

By agreeing to this, Google and Amazon placed themselves in an impossible position: violate their contract with Israel or violate the confidential nature of their legal obligations abroad. Israeli officials themselves acknowledged this collision course in internal memos, noting the companies would have to choose one set of obligations over the other. 

The “No Restrictions” Clause: Immunizing Military Action from Scrutiny 

Perhaps even more consequential than the secret code is another control baked into the Nimbus contract: the prohibition on suspending services. Israeli negotiators, anticipating growing global scrutiny of its military occupation, feared a scenario where Google or Amazon employees or shareholders would pressure the companies to cut off services if they were linked to human rights abuses. 

The contract directly counters this threat. The leaked terms reveal that Google and Amazon cannot suspend or withdraw Israel’s access to its technology, even if the Israeli government’s use of that technology is found to violate the companies’ own terms of service or acceptable use policies. 

These standard policies typically prohibit using cloud services for activities that violate the legal rights of others or cause “serious harm.” Yet, under the Nimbus deal, an Israeli official confirmed there can be “no restrictions” on the type of data migrated to the cloud, explicitly including military and intelligence data. The government is entitled to use the services for any purpose permitted by Israeli law, regardless of the tech giants’ own ethical guidelines. 

This clause effectively neuters the primary mechanism of corporate accountability. It transforms Google and Amazon from active service providers with principles into passive utilities, contractually obligated to power whatever systems the Israeli government chooses, no questions asked. 

The Contrast: Microsoft’s Path Not Taken 

The stark reality of this arrangement is thrown into sharp relief by the actions of Microsoft, which also bid for the Nimbus contract but lost. According to reports, Microsoft’s bid suffered specifically because it refused to accept some of Israel’s most stringent demands. 

This past August, Microsoft demonstrated why its refusal matters. After it was revealed that the Israeli military was using its Azure cloud platform to operate a mass surveillance system harvesting Palestinian phone calls, Microsoft took action. It notified the Israeli military that this use violated its terms of service and disabled access, stating it was “not in the business of facilitating the mass surveillance of civilians.” 

This is precisely the kind of unilateral, ethics-based decision that Google and Amazon are now contractually prohibited from taking. Under the Nimbus terms, such an action would be considered “discrimination” against the Israeli government, triggering financial penalties and a breach of contract lawsuit. The deal was engineered to prevent exactly this type of corporate oversight. 

The Broader Implications: A Dangerous Blueprint for Tech Sovereignty 

Project Nimbus is more than a single, controversial contract. It is a potential blueprint for how authoritarian-leaning governments can co-opt the global tech infrastructure while insulating themselves from accountability. 

The “winking mechanism” sets a dangerous precedent for undermining international legal cooperation. If a country can secretly be tipped off about a lawful data request, it can shield its activities from judicial scrutiny abroad, whether those activities relate to corruption, cyberwarfare, or human rights abuses. 

The “no restrictions” clause is equally alarming. It signals that a government can, with enough financial leverage, purchase not just technology, but also corporate complicity. By contractually obligating tech giants to ignore their own ethical policies, it severs the fragile link between technological power and moral responsibility. 

For Google and Amazon, the short-term financial gain of a $1.2 billion contract may have outweighed the long-term ethical and legal risks. But in doing so, they have fundamentally compromised their position as global actors bound by their own stated principles. They are no longer just providers of a service; they are captive enablers, contractually bound to look the other way, signaling their compliance not with a nod, but with a wink.