Israel Demanded Google and Amazon Use Secret 'wink' to Sidestep Legal Orders
Posted2 months agoActiveabout 2 months ago
theguardian.comOtherstoryHigh profile
heatednegative
Debate
90/100
SurveillanceCloud ComputingIsrael-Palestine Conflict
Key topics
Surveillance
Cloud Computing
Israel-Palestine Conflict
Israel allegedly demanded Google and Amazon use a secret 'wink' mechanism to notify them if they receive data requests from US authorities, sparking controversy over potential lawbreaking and data privacy.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
9m
Peak period
116
Day 2
Avg / period
26.7
Comment distribution160 data points
Loading chart...
Based on 160 loaded comments
Key moments
- 01Story posted
Oct 29, 2025 at 9:20 AM EDT
2 months ago
Step 01 - 02First comment
Oct 29, 2025 at 9:29 AM EDT
9m after posting
Step 02 - 03Peak activity
116 comments in Day 2
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 11, 2025 at 3:56 PM EST
about 2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45746482Type: storyLast synced: 11/23/2025, 1:00:33 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Wouldn't those involved be liable to years in prison?
I find it hard to imagine a federal US order wouldn’t proscribe this cute “wink” payment. (Although who knows? If a state or locality takes it upon themselves to raid a bit barn, can their local courts bind transnational payments or is that federal jurisdiction?)
But from the way it’s structured—around a specific amount of currency corresponding to a dialing code of the requesting nation—it sure sounds like they’re thinking more broadly.
I could more easily imagine an opportunistic order—say, from a small neighboring state compelling a local contractor to tap an international cable as it crosses their territory—to accommodate the “winking” disclosure: by being either so loosely drafted or so far removed from the parent company’s jurisdiction as to make the $billions contract worth preserving this way.
In my opinion that's extremely unlikely. This was probably set up for other kinds of countries
Leaked documents from Israel’s finance ministry, which include a finalised version of the Nimbus agreement, suggest the secret code would take the form of payments – referred to as “special compensation” – made by the companies to the Israeli government.
According to the documents, the payments must be made “within 24 hours of the information being transferred” and correspond to the telephone dialing code of the foreign country, amounting to sums between 1,000 and 9,999 shekels.
If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels.
If, for example, the companies receive a request for Israeli data from authorities in Italy, where the dialing code is +39, they must send 3,900 shekels.
If the companies conclude the terms of a gag order prevent them from even signaling which country has received the data, there is a backstop: the companies must pay 100,000 shekels ($30,000) to the Israeli government.
Never worked for either company, but there's a zero percent chance. Legal agrees to bespoke terms and conditions on contracts (or negotiates them) for contracts. How flexible they are to agreeing to exotic terms depends on the dollar value of the contract, but there is no chance that these terms (a) weren't outlined in the contract and (b) weren't heavily scrutinized by legal (and ops, doing paybacks in such a manner likely require work-arounds for their ops and finance teams).
You mean like in financing a ball room?
Uhm doesn't that mean that Google and Amazon can easily comply with US law despite this agreement?
There must be more to it though, otherwise why use this super suss signaling method?
(Australia apparently outlaws the practice, see: <https://boingboing.net/2015/03/26/australia-outlaws-warrant-...>.)
https://en.wikipedia.org/wiki/United_States_Foreign_Intellig...
This is directly violating gag orders. Passing a message, even if it's encrypted or obfuscated is absolutely illegal. The article is a little BS as this sort of thing has been tested in court.
The only reason warrant canaries are in the gray zone is because they are specifically crafted that the business has to remove their cooperation clause to keep the ToS contract valid.
There's nothing like that at play here. It's literally "Just break the gag order, here's our secret handshake".
1. Alerting a country to secret actions taken by a third party government (my nation of citizenship, the US, definitely has rules against that)
2. Passing money to commit a crime. See money laundering.
Honestly, the second crime seems aggravated and stupid. Just pass random digits in an API call if you want to tell Israel you did something.
Other countries provide legal protections for other bits of information because disclosure of that information is considered harmful to the individual, it’s that protection they are trying to breach which thus harms the person.
Same deal as most illegal things public companies do also being SEC violations.
Here we don’t know which specific laws were broken because we lack details, but the companies definitely signed a contract agreeing to commit fraud.
Anyway, the comment I responded to had “require an intention to harm to a victim” it’s that aspect I was addressing. My point was the transmission of information itself can be harmful to someone other than the recipient of that information. So the same act fulfills both aspects of fraud (deception + criminal intent), and also breaks some other law.
There is wide latitude in the criminal code to charge financial crimes. This reminds me a bit of Trump's hush money conviction. IIRC, a central issue was how the payment was categorized in his books. In this case, there would be a record of this payment to Israel in the books, but the true nature of the payment would be concealed. IANAL, but I believe that is legally problematic.
[1] If they actually violated a gag order, which realistically they won't. In all likelihood there's language to ensure they're not forced to commit crimes. Even if that wasn't explicit, the illegality doctrine covers them anyway, and they can just ignore any provisions which would require them to commit crimes.
It can very well be, and it's called obstruction of justice.
Though in this case, the real crime is treason. Those companies collaborate with a foreign government against their own.
Almost all crime requires some form of lying, at least by omission and often of the explicit sort. Fraud though, is much more narrow than "they deceived but also crimed"... and anyone saying otherwise should be so embarrassed that we never have to hear their halfwittery ever again.
Who exactly here is the victim that gets it legal rights deprived or what is the gain at the expense of the victim?
The victims are the people being deprived of their legal protections.
Not everyone agrees which information should be protected but sending information can be a form of harm. If I break into your bank, find all your financial transactions, and post it on Facebook, I have harmed you.
Courts imposing gag orders over criminal or civil matters is a critical protection, and attempting to violate those gag orders is harm. The specific victims aren’t known, but they intend for there to be victims.
1. You work for AWS, probably in account management or billing operations.
2. Your "buddy" in legal tells you that a subpeona has been processed that effects an Israeli government affiliated account.
3. Your buddy is breaking work rules and the law. You don't report it, as you are required to do. You're now a party to a criminal conspiracy.
4. Instead, you arrange for a payment to be made from AWS to an account in some pre-determined amount to communicate the confidential or legally sealed information that you conspired to steal.
Let's review. You're engaging in a criminal conspiracy to share restricted, sealed legal information with a foreign government. You are doing so by fraudulently stealing/embezzling money from your employer in a predetermined amount.
If that's not clearly understandable to you as a "bad thing" and a fraudulent activity, you're overthinking, lack any sense of law and ethics, are lacking cognitive ability, are a troll, or are just a schill for whatever team you're rooting for.
In many/most? cases, a customer can be notified and can attempt to block such information gathering, but there are also many where it's not permitted.
Really most crimes don’t require deception.
I could send your username and password using similar methods, the medium doesn’t matter here but the signal and their attempt to hide it does.
A government can compel Amazon to avoid notifying a target (Israel in this case) that their information has been subpoenaed, but can't compel Amazon to lie and say it hasn't sent their info.
Or is the concept of a canary pretty much useless now?
I'm personally one of the "activists" who is trying to avoid Amazon and Google to a practical degree, due to project Nimbus, so I'd be more than happy if their data could be accessed, and even happier to see Amazon and Google just cut ties with them altogether.
US rules are, unfortunately, nortoriously and outlandishly broken whenever it comes to Israel: Foreign Agent Registration Act, the Leahy Law, and probably a bunch of others as well.
The act of communicating privileged or sealed information on itself is at minimum contempt of court and perhaps theft of government property, wire fraud or other crimes. Typically accounts payable aren’t aware of evidence gathering or discovery, so the actor is also facing conspiracy or other felonies.
You could argue that it's against something like the OECD Anti‑Bribery Convention, but that would be a much more difficult case, given that this isn't a particular foreign official, but essentially a central body of the foreign government.
Just to clarify, not saying that it's ok, but just that accusing it of being a "crime" might be a category error.
It's kind of like how everything can be securities fraud[0]
bloomberg article: https://archive.is/ixwRi
> Yesterday New York State Attorney General Barbara Underwood filed a securities-fraud lawsuit against Exxon Mobil Corp. “alleging that the company misled investors regarding the risk that climate change regulations posed to its business.”
Blatant lying
> if you are a public company that suffers a massive data breach and exposes sensitive data about millions of customers without their consent, and that data is then used for nefarious purposes, and you find out about the breach, and then you wait for years to disclose it, and when you do disclose it your stock loses tens of billions of dollars of market value, then shareholders are going to sue you for not telling them earlier
Blatant lying
The fact that most of this lying (see Exxon) is done under some kind of "nudge nudge, wink wink, we all know what's really going in" doesn't stop it from knowingly lying.
That knowingly lying is securities fraud seems very logical, and nothing like "everything".
This is all moot anyway now that the US is no longer interested in upholding any laws against large companies whatsoever.
Blatant lying also?
> Yesterday New York State Attorney General Barbara Underwood filed a securities-fraud lawsuit against Exxon Mobil Corp. “alleging that the company misled investors regarding the risk that climate change regulations posed to its business.”
>Blatant lying
Can you elaborate? Looking at the case it seems pretty clear that Exxon did not lie, especially not in any "blatant" manner.
No laws require prosecution and enforcement. Western countries shield Israel from all of that.
its a buggy method, considering canada also uses +1, and a bunch of countries look like they use +1 but dont, like barbados +1(246) using what looks like an area code as part of the country code.
You are correct that ITU code is not specific enough to identify a country, but I'm sorry, +1 is the ITU country code for the North American Numbering Plan Area. 246 is the NANPA area code for Barbados (which only has one area code) but as a NANPA member, Barbados' country code is +1, same as the rest of the members. There is no '+1246' country code.
There's not a lot of countries that are in a shared numbering plan other than NANPA, but for example, Khazakstan and Russia share +7 (Of course, the USSR needed a single digit country code, or there would have been a country code gap), and many of the former Netherland Antilles share +599, although Aruba has +297, and Sint Maarten is in +1 (with NANPA Area code 721)
This is criminal conspiracy. It's fucking insane that they not only did this, but put the crime in writing.;
The mob tried your argument generations ago. It never worked.
People use the country = government metaphor as a shortcut for communication, but this one takes it further than usual.
This will probably never be particularly useful, but this figure of speech is a "synecdoche" (a "metonymy" instead of a "metaphor")
Saying the US did something when referring to the government is metonymy, but not synecdoche.
I think it’s valid to consider the US government a part of the US. Thus, referring to the US government when saying that the US did something is a synecdoche
To spy on law enforcement that is trying to fight crime is not a good thing. Israel is not the world police.
https://www.politico.com/story/2019/09/12/israel-white-house...
> The U.S. government concluded within the past two years that Israel was most likely behind the placement of cellphone surveillance devices that were found near the White House and other sensitive locations around Washington, according to three former senior U.S. officials with knowledge of the matter.
> If either Google or Amazon provides information to authorities in the US, where the dialing code is +1, and they are prevented from disclosing their cooperation, they must send the Israeli government 1,000 shekels.
This sounds like warrant canaries but worse. At least with warrant canaries you argue that you can't compel speech, but in this case it's pretty clear to any judge that such payments constitute disclosure or violation of gag order, because you're taking a specific action that results in the target knowing the request was made.
> Several experts described the mechanism as a “clever” workaround that could comply with the letter of the law but not its spirit.
It's not clear to me how it could comply with the letter of the law, but evidently at least some legal experts think it can? That uncertainty is probably how it made it past the legal teams in the first place.
This, being an active process, if found out, is violating a gag order by direct action.
No, they can simply not publish a warrant canary in the future, which will tip people off if they've been publishing it regularly in the past.
you update your canary to say that nothing has changed, at a known cadence.
if you ever dont make the update, readers know that the canary has expired, and so you have been served a gag order warrant.
changing or removing the canary in response to a warrant is illegal. not changing it is legal.
for an equivalent cloudwatch setup, its checking the flag for "alarm when there's no points"
Do you have a more custom example in mind?
It's a choice you make and action you take either way, be it not updating a canary or sending a covert financial transaction
That it has not been tested in court is why it's still a "theory" (hypothesis?)
My hope is that a jury of our peers would stay closer to the spirit than the letter of the law
As I understand, this theory wouldn’t even hold up in other countries where you could be compelled to make such a false update.
Or maybe I can bill the government for the compelled artwork -- I'm afraid I'm tremendously expensive as an artist.
I suspect they didn't go for this route as it is too slow.
I can't imagine any "legal expert" dumb enough to say you can violate a gag order if you use numbers instead of words.
However, if a judge dodesn't want to find someone guilty, "not violating the letter of the law" can provide a fig leaf for the friendly judge.
I do think it’s kind of a different situation though because apparently the employees of Facebook could have gotten into legal trouble in those other countries they were trying to expand into.
Yeap...they would never do it ....
"Tech, crypto, tobacco, other companies fund Trump’s White House ballroom" - https://www.politico.com/news/2025/10/23/trump-ballroom-dono...
I trust The Guardian. So I agree It was unlikely. I find it very sad
Very sad
Is there any evidence he was helped in his escape by anyone? Genuinely asking (and genuinely seeking hard facts and data).
I mean, why pay the money? Why not just skip the payment and email a contact "1,000"? Or perhaps "Interesting article about in the Times about the USA, wink wink"?
This method is deliberately communicating information in a way that (I assume) is prohibited. It doesn't seem like it would take a judge much time to come to the conclusion that the gag order prohibits communication.
Creating a secret code is still communication, whether that's converting letters A=1, B=2, sending a video of someone communicating it in sign language, a painting of the country, writing an ethereum contract, everyday sending a voicemail with a list of all the countries in the world from A to Z, but omitting the one(s) that have the gag / warrant...
And while 'anti-terrorism' is the pretext for these secret courts, secret orders, and other nonsense - in reality I expect they've done extremely little to actually stop terrorists. Yet it's certainly created a system where even a defacto Western/allied bloc government is worried that their data is going to be secretly seized. It's quite dystopic, all done in the name of errorism.
A warrant canary works by removing information, not by transmitting it. You put up a sign like "The FBI has not issued a warrant" and then remove it if they do, even if there is a gag order stating you cannot disclose that they issued you a warrant. This only works because you have not told anyone that a warrant has been issued but they must infer that the missing canary implies such a warrant has been dispatched.
Agreed. This is direct. It is like putting up a posting "The FBI *has* issued a warrant". Which this would be in direct violation of a gag order. Their codes are even differentiating who the issuer is. I'm pretty confident a comprehensive set of warrant canaries detailing every agency would not comply with gag orders either as this leaves little ambiguity. But this isn't even doing that. It is just straight up direct communication.I think what is funniest is that it could have been much more secret. When I saw the reference in the intro to payments I was thinking "don't tell me they're so dumb they're coding info like Costco". That they'd use the cents to detail access. Like .99 for all clear and .98 for access. But that's not "clever" at all lol
I’ve always wondered. It seems just as easy for authorities to forbid removing canaries as it is to forbid telling someone something.
EDIT: ah, this is explained downthread: https://news.ycombinator.com/item?id=45763032
I guess you can technically be compelled to update your canary. But the main idea is to make it hard to compel the action that results in the canary existing. But don't ask me, like most HN users IANAL
You transmit information by changing the content of the transmission, basically just like any communication works
> This only works
do you know that? Haven't heard of it actually working in any high profile case.
> because you have not told anyone that a warrant has been issued
you have told them explicitly by agreeing to a scheme both parties understand and by enacting the message change under said scheme. You basically just used some encoding to hide the plain message
First off, you're using the word in the definition. You can't use "transmit" to define "transmit". A transmission is the noun variation of transmit (verb).
Second off, a transmission is *active*
Think about radio. If I am constantly producing a 440kHz signal then I'm transmitting a signal. If I'm not producing the signal, I'm not transmitting.
You are not considered to be transmitting unless you are holding down the button to send the signal.
That's how a canary works. You're constantly transmitting a signal (the canary is constantly singing) and then all of a sudden it goes quiet. You have stopped transmission.
Does this communicate? Yes. But what it communicates is ambiguous. Maybe the canary just went to sleep. Maybe it starved to death instead of getting carbon dioxide poisoning. It does not provide an unambiguous truth.
That reasonable deniability is the reason a canary works. You can claim it was taken down for other reasons, such as an accident. Those reasons have to be believable and justifiable. Mind you, a warrant canary can work like going down in one commit and up in the next, happening over a small period of time. A canary does not need to work by continuous existence or continuous absence.
Canaries also frequently work by having expirations (which is closer to how you're thinking, but still follow the same abstraction discussed above). It has to be manually updated or modified. For example I could add the canary "godelski hasn't been raided by the FBI: signed 31 oct 2025 expires 7 Nov 2025". Were that message to still exist exactly on Nov 7th (and it will because I can't edit comments outside a time window) then you can conclude that my canary expired. You can't conclude I was raided by the FBI. You should be suspicious, but you can't be positive. Maybe I just can't update comments...
This isn't to be conflated with the way we transmit information is through variation, such as high and low in binary. Technically while you're talking you make pauses and "stop talking" several times while saying a single word. But we say you're talking until you stop "transmitting" or complete. If this pause wasn't included then the dead would still speak and your annoying uncle would never shut up
Apparently, US aid to a country is usually spent on US companies; Israel is no exception: https://theintercept.com/2024/05/01/google-amazon-nimbus-isr...
277 more comments available on Hacker News