Op-ed

Flying Out of Microsoft’s Cloud

| Written By:

Why Microsoft, Google, and Amazon hold the keys to Israel's sovereignty.

Photo by: REUTERS

Microsoft recently announced the launch of an urgent external investigation following an exposé by The Guardian in collaboration with the Israeli site Local Call. The investigation claimed that the IDF's elite intelligence unit 8200 used Microsoft’s Azure cloud platform to store and process recordings of millions of phone calls by Palestinians in Gaza and the West Bank. According to the report, the recordings were kept in a separate and customized area within the cloud and were used for planning attacks, arrests, and routine operational activities. Microsoft clarified that using the cloud for mass surveillance of civilians violates its terms of service, and added that the investigation would be conducted by the American law firm Covington & Burling. This is the second investigation initiated by Microsoft regarding the Israeli military’s use of its technologies: in May of this year, the company found no evidence of a violation of its terms of use, but now it pledges to publish the findings of the new investigation upon its completion.

This current affair is not simply a story about Microsoft and the Azure cloud versus Unit 8200. It points to a deeper process in which tech giants—more precisely, cloud giants—become the de facto regulators of states. Israel, and developed nations around the world, can legislate and speak about physical or digital sovereignty, but once its data and systems are stored on Microsoft Azure, Amazon AWS, or Google Cloud, the fate of that data lies in the hands of the companies, not the state.

And this is not hypothetical: the giants have already acted decisively. In 2010, Amazon AWS suspended WikiLeaks’ accounts under political pressure and without any formal legal process. In 2021, Amazon removed the Israeli surveillance company NSO from its cloud infrastructure after it was revealed that the Pegasus spyware was used to monitor journalists and human rights activists. That same year, after the January 6 storming of the U.S. Capitol, Amazon shut down the hosting services of the social network Parler, citing its failure to curb violent and inciting content—a critical blow to the platform. In all these cases, the companies relied on broad and ambiguous interpretations of their “terms of use” and “license terms.”

One might be tempted to argue that countries can manage without these clouds. They can develop internal cloud technology that gives the state broader data sovereignty—but it is not quite that simple. Sure, in Israel's case, it can migrate all government and security data to the Nimbus Project, Israel’s state-run government cloud project. The description of the project on the Accountant General’s website is reassuring: efficiency, local investment, economic advancement, functional continuity, and survivability of services in Israel even in the event of disconnection from the global internet backbone. It also promises “sovereignty over the data,” meaning the services and data would be subject to Israeli law. But this does not solve the core issue. The massive Nimbus enterprise is based on mega-contracts signed with Google and Amazon to establish local zones in Israel and operate storage and memory services through these companies. In principle, nothing has changed: the infrastructure may be local, but the dependency on the tech giants’ terms of use remains.

Israel must remember that Microsoft, like the other tech giants, operates according to considerations entirely different from those a government or security establishment, including pressure from employees and investors, scrutiny from the media and the public, and concern for reputation and relations with other governments. For the companies, such affairs are not merely legal questions of contractual interpretation—they are risks to their business. In Israel's case, reasonable people can disagree about whether the government places sufficient emphasis on human rights. What cannot be ignored, however, is that the tech giants align themselves with that discourse. Human rights considerations for Israel are faced not only on the battlefield or in the form of arms embargoes and political boycotts, but also through the technological sphere.

To prepare for the possible consequences of the tech giants’ decisions over data critical to national security, states and their defense infrastructure cannot rely solely on technical backups. They also need legal and strategic safeguards, for example, to incorporate transparency and appeal mechanisms into cloud contracts and develop independent cloud infrastructures that ensure continuity in the event of disconnection. Above all, in Israel, it is critical to embed human rights considerations into its security and technology policies. In a world where the terms of service set by Microsoft or Amazon are the real sovereign, Israel risks being among the first in a global paradigm shift, finding itself like an airplane whose engines fail mid-flight—adrift among the clouds with no landing strip, a perilous state for any nation.

This article was published in the Times of Israel