German Chancellor Friedrich Merz said Chinese suppliers such as Huawei will be excluded from the country's future telecommunication networks on security grounds as he pushes for more digital sovereignty. From a report: "We have decided within the government that everywhere it's possible we'll replace components, for example in the 5G network, with components we have produced ourselves," Merz told a business conference in Berlin on Thursday. "And we won't allow any components from China in the 6G network."

Europe is increasingly concerned about its reliance on foreign technology, ranging from Asian semiconductors to US artificial intelligence and cloud infrastructure, as trade and geopolitical tensions threaten critical supply chains. Germany last year ordered telecom operators to remove Huawei equipment from their core networks, citing risks to national security. Berlin is now considering using public funds to pay Deutsche Telekom AG and others to strip out Chinese gear, Bloomberg News reported last month.

An anonymous reader quotes a report from CNBC: Anthropic announced plans Wednesday to spend $50 billion on a U.S. artificial intelligence infrastructure build-out, starting with custom data centers in Texas and New York. The facilities, which will be designed to support the company's rapid enterprise growth and its long-term research agenda, will be developed in partnership with Fluidstack.

Fluidstack is an AI cloud platform that supplies large-scale graphics processing unit, or GPU, clusters to clients like Meta, Midjourney and Mistral. Additional sites are expected to follow, with the first locations going live in 2026. The project is expected to create 800 permanent jobs and more than 2,000 construction roles. The investment positions Anthropic as a major domestic player in physical AI infrastructure at a moment when policymakers are increasingly focused on U.S.-based compute capacity and technological sovereignty. "We're getting closer to AI that can accelerate scientific discovery and help solve complex problems in ways that weren't possible before. Realizing that potential requires infrastructure that can support continued development at the frontier," said CEO Dario Amodei. "These sites will help us build more capable AI systems that can drive those breakthroughs, while creating American jobs."

Google has unveiled Private AI Compute, a cloud platform designed to deliver advanced AI capabilities while preserving user privacy. As The Verge notes, the feature is "virtually identical to Apple's Private Cloud Compute." From the report: Many Google products run AI features like translation, audio summaries, and chatbot assistants, on-device, meaning data doesn't leave your phone, Chromebook, or whatever it is you're using. This isn't sustainable, Google says, as advancing AI tools need more reasoning and computational power than devices can supply. The compromise is to ship more difficult AI requests to a cloud platform, called Private AI Compute, which it describes as a "secure, fortified space" offering the same degree of security you'd expect from on-device processing. Sensitive data is available "only to you and no one else, not even Google."

Two of the world's biggest data center developers have projects in Nvidia's hometown that may sit empty for years because the local utility isn't ready to supply electricity. From a report: In Santa Clara, California, where the world's biggest supplier of artificial-intelligence chips is based, Digital Realty Trust applied in 2019 to build a data center. Roughly six years later, the development remains an empty shell awaiting full energization. Stack Infrastructure, which was acquired earlier this year by Blue Owl Capital, has a nearby 48-megawatt project that's also vacant, while the city-owned utility, Silicon Valley Power, struggles to upgrade its capacity.

The fate of the two facilities highlights a major challenge for the US tech sector and indeed the wider economy. While demand for data centers has never been greater, driven by the boom in cloud computing and AI, access to electricity is emerging as the biggest constraint. That's largely because of aging power infrastructure, a slow build-out of new transmission lines and a variety of regulatory and permitting hurdles. And the pressure on power systems is only going to increase. Electricity requirements from AI computing will likely more than double in the US alone by 2035, based on BloombergNEF projections. Nvidia's Jensen Huang and OpenAI's Sam Altman are among corporate leaders that have predicted trillions of dollars will pour into building new AI infrastructure.

An anonymous reader shares a report: Microsoft, eager to boost downloads of its Copilot chatbot, has recruited some of the most popular influencers in America to push a message to young consumers that might be summed up as: Our AI assistant is as cool as ChatGPT. Microsoft could use the help. The company recently said its family of Copilot assistants attracts 150 million active users each month. But OpenAI's ChatGPT claims 800 million weekly active users, and Google's Gemini boasts 650 million a month. Microsoft has an edge with corporate customers, thanks to a long history of selling them software and cloud services. But it has struggled to crack the consumer market -- especially people under 30.

"We're a challenger brand in this area, and we're kind of up and coming," Consumer Chief Marketing Officer Yusuf Mehdi said in an interview. Mehdi hopes to persuade key influencers to make Copilot their chatbot of choice and then use their popularity to market the assistant to their millions of followers. He says Microsoft is already getting more bang for the buck with influencers than with traditional media, but didn't provide any metrics.

[...] Using non-techies as spokespeople is meant to reinforce Microsoft's campaign to sell its chatbot as a life coach for everyone. Or as Consumer AI chief Mustafa Suleyman wrote in a recent essay, an AI companion that "helps you think, plan and dream."

Singaporean super-app company Grab has dumped 200 cloudy Mac Minis and replaced them with physical machines, a move it expects will save $2.4 million over three years. From a report: Grab is Southeast Asia's leading rideshare and food delivery outfit and therefore needs to build apps for iOS to connect with customers. In a Thursday post, the company explains it builds those apps using Continuous Integration and Continuous Delivery/Deployment (CI/CD) infrastructure that runs on Apple Mac computers.

The company started with a single on-prem Mac Pro -- its post shows 2013's cylindrical model based around an Intel Xeon processor -- but eventually reached over 200 Macs, running in the cloud at an unnamed US cloud provider. "At the beginning, it was a no-brainer to rent when our demand for macOS hardware increased from 1 Mac Pro to 20 times that size," Grab's post explains. "However, when that grew to over 200 machines, the total cost became significant."

An anonymous reader shares a report: On Wednesday, Reuters reported that Google is planning to build a large AI data center on Christmas Island, a 52-square-mile Australian territory in the Indian Ocean, following a cloud computing deal with Australia's military. The previously undisclosed project will reportedly position advanced AI infrastructure a mere 220 miles south of Indonesia at a location military strategists consider critical for monitoring Chinese naval activity.

Aside from its strategic military position, the island is famous for its massive annual crab migration, where over 100 million of red crabs make their way across the island to spawn in the ocean. That's notable because the tech giant has applied for environmental approvals to build a subsea cable connecting the 135-square-kilometer island to Darwin, where US Marines are stationed for six months each year.

[...] Christmas Island's annual crab migration is a natural phenomenon that Sir David Attenborough reportedly once described as one of his greatest TV moments when he visited the site in 1990. Every year, millions of crabs emerge from the forest and swarm across roads, streams, rocks, and beaches to reach the ocean, where each female can produce up to 100,000 eggs. The tiny baby crabs that survive take about nine days to march back inland to the safety of the plateau.

An anonymous reader quotes a report from MIT Technology Review: The US- and UK-based company Quantinuum today unveiled Helios, its third-generation quantum computer, which includes expanded computing power and error correction capability. Like all other existing quantum computers, Helios is not powerful enough to execute the industry's dream money-making algorithms, such as those that would be useful for materials discovery or financial modeling. But Quantinuum's machines, which use individual ions as qubits, could be easier to scale up than quantum computers that use superconducting circuits as qubits, such as Google's and IBM's. "Helios is an important proof point in our road map about how we'll scale to larger physical systems," says Jennifer Strabley, vice president at Quantinuum, which formed in 2021 from the merger of Honeywell Quantum Solutions and Cambridge Quantum. Honeywell remains Quantinuum's majority owner.

Located at Quantinuum's facility in Colorado, Helios comprises a myriad of components, including mirrors, lasers, and optical fiber. Its core is a thumbnail-size chip containing the barium ions that serve as the qubits, which perform the actual computing. Helios computes with 98 barium ions at a time; its predecessor, H2, used 56 ytterbium qubits. The barium ions are an upgrade, as they have proven easier to control than ytterbium. These components all sit within a chamber that is cooled to about 15 Kelvin (-432.67 ), on top of an optical table. Users can access the computer by logging in remotely over the cloud. [...] Helios is noteworthy for its qubits' precision, says Rajibul Islam, a physicist at the University of Waterloo in Canada, who is not affiliated with Quantinuum. The computer's qubit error rates are low to begin with, which means it doesn't need to devote as much of its hardware to error correction. Quantinuum had pairs of qubits interact in an operation known as entanglement and found that they behaved as expected 99.921% of the time. "To the best of my knowledge, no other platform is at this level," says Islam.

[...] Besides increasing the number of qubits on its chip, another notable achievement for Quantinuum is that it demonstrated error correction "on the fly," says David Hayes, the company's director of computational theory and design, That's a new capability for its machines. Nvidia GPUs were used to identify errors in the qubits in parallel. Hayes thinks that GPUs are more effective for error correction than chips known as FPGAs, also used in the industry. Quantinuum has used its computers to investigate the basic physics of magnetism and superconductivity. Earlier this year, it reported simulating a magnet on H2, Quantinuum's predecessor, with the claim that it "rivals the best classical approaches in expanding our understanding of magnetism." Along with announcing the introduction of Helios, the company has used the machine to simulate the behavior of electrons in a high-temperature superconductor. Quantinuum is expanding its Helios line with a new system in Minnesota. It's also started developing its fourth-generation quantum computer, Sol, set for 2027 with 192 qubits. Then, a fifth-generation system, Apollo, is expected in 2029 with thousands of qubits and full fault tolerance.

Financial Times: Deutsche Bank is exploring ways to hedge its exposure to data centres after extending billions of dollars in debt to the sector to keep up with demand for artificial intelligence and cloud computing. Executives inside the bank have discussed ways to manage its exposure to the booming industry as so-called hyperscalers pour hundreds of billions of dollars into building infrastructure for their AI needs that is increasingly funded by debt.

The German lender is looking at options including shorting a basket of AI-related stocks that would help mitigate downside risk by betting against companies in the sector. It is also considering buying default protection on some of the debt using derivatives through a transaction known as synthetic risk transfer (SRT).

Deutsche's investment banking business has "bet big" on data centre financing, according to one senior executive. However, the scale of expenditure on AI infrastructure has prompted concerns that a bubble is forming with some likening the enthusiasm to that which preceded the dotcom crash. Sceptics have pointed out that billions of dollars have been deployed in an untested industry with assets that quickly depreciate in value due to the rapid change in technology.

An anonymous reader shares a report: Microsoft officially ended mainstream support for Windows 10 last month, nudging users to upgrade to Windows 11. While that led to almost an overnight technological revolution in Japan, elsewhere, it has caused a lot of confusion. Certain versions of Windows 10, like Enterprise LTSC -- and those enrolled in the ESU program -- are still scheduled to receive security updates through at least 2027, but they're starting to see out-of-support messages in Settings.

Various users over the past few days reported that they're being subjected to end-of-life warnings in Windows, despite already qualifying for extended security updates through the ESU program. Windows 10 Enterprise LTSC 2021 and âIoT Enterprise are business-oriented editions of the OS, so they're already supported up to 2032, but even they saw these incorrect messages. This widespread bug started to occur after the KB5066791 updates were pushed on October 14, 2025.

Microsoft has already acknowledged this mishap and said, "The message, 'Your version of Windows has reached the end of support, might incorrectly display in the Windows Update Settings page," confirming it as a mistake. The company has already released a cloud config fix that should remove the message, but you need to be connected to the internet for that, and a restart is also required.

concertina226 shares a report from The Register: [A massive power outage in April left tens of millions across Spain, Portugal, and parts of France without electricity for hours due to cascading grid failures, exposing how fragile and interconnected Europe's energy infrastructure is. The incident, though not a cyberattack, reignited concerns about the vulnerability of aging, fragmented, and insecure operational technology systems that could be easily exploited in future cyber or ransomware attacks.] This headache is one the European Commission is focused on. It is funding several projects looking at making electric grids more resilient, such as the eFort framework being developed by cybersecurity researchers at the independent non-profit Netherlands Organisation for Applied Scientific Research (TNO) and the Delft University of Technology (TU Delft).

TNO's SOARCA tool is the first ever open source security orchestration, automation and response (SOAR) platform designed to protect power plants by automating the orchestration of the response to physical attacks, as well as cyberattacks, on substations and the network, and the first country to demo it will be the Ukraine this year. At the moment, SOAR systems only exist for dedicated IT environments. The researchers' design includes a SOAR system in each layer of the power station: the substation, the control room, the enterprise layer, the cloud, or the security operations centre (SOC), so that the SOC and the control room work together to detect anomalies in the network, whether it's an attacker exploiting a vulnerability, a malicious device being plugged into a substation, or a physical attack like a missile hitting a substation. The idea is to be able to isolate potential problems and prevent lateral movement from one device to another or privilege escalation, so an attacker cannot go through the network to the central IT management system of the electricity grid. [...]

The SOARCA tool is underpinned by CACAO Playbooks, an open source specification developed by the OASIS Open standards body and its members (which include lots of tech giants and US government agencies) to create standardized predefined, automated workflows that can detect intrusions and changes made by malicious actors, and then carry out a series of steps to protect the network and mitigate the attack. Experts largely agree the problem facing critical infrastructure is only worsening as years pass, and the more random Windows implementations that are added into the network, the wider the attack surface is. [...] TNO's Wolthuis said the energy industry is likely to be pushed soon to take action by regulators, particularly once the Network Code on Cybersecurity (NCCS), which lays out rules requiring cybersecurity risk assessments in the electricity sector, is formalized.

Apple is paying Google to create a custom Gemini-based model that will run on the company's private cloud servers and power the next version of Siri, according to Bloomberg. The decision marks a departure from Apple's tradition of building core technologies in-house. The arrangement follows a competition Apple held this year between Anthropic and Google, the report said. Anthropic offered a superior model, but Google made more financial sense because of the tech giants' existing search relationship. Neither company is expected to discuss the partnership publicly, the report added.

The new Siri will introduce AI-powered web search and other features users have come to expect from voice assistants. The custom model will not flood Siri with Google services or Gemini features already available on Android devices. Instead, it will provide the underlying AI capabilities through an Apple user interface. The company is betting heavily on the revamped Siri to undo years of brand damage.

Captchas have largely vanished from the web in 2025, replaced by invisible tracking systems that analyze user behavior rather than asking people to decipher distorted text or identify traffic lights in image grids. Google launched reCaptcha v3 in 2018 to generate risk scores based on behavioral signals during site interactions, making bot-blocking technology "completely invisible" for most users, according to Tim Knudsen, a director of product management at Google Cloud.

Cloudflare followed in 2022 by releasing Turnstile, another invisible alternative that sometimes appears as a simple checkbox but actually gathers data from devices and software to determine if users are human. Both companies distribute their security tools for free to collect training data, and Cloudflare now sees 20% of all HTTP requests across the internet.

The rare challenges that do surface have become increasingly bizarre, ranging from requests to identify dogs and ducks wearing various hats to sliding a jockstrap across a screen to find matching underwear on hookup sites.

OpenAI will pay Amazon $38 billion for computing power in a seven-year deal that marks the companies' first partnership. Amazon expects all of the computing capacity negotiated as part of the agreement will be available to OpenAI by the end of next year. The ChatGPT maker will train new AI models using Amazon's data centers and use them to process user queries.

The deal is small compared with OpenAI's $300 billion agreement with Oracle and its $250 billion commitment to Microsoft. OpenAI ended its exclusive cloud-computing partnership with Microsoft last month and has since signed almost $600 billion in new cloud commitments. Amazon Web Services is the industry's largest cloud provider, but Microsoft and Google have reported faster cloud-revenue growth in recent years after capturing new demand from AI customers.

"Ubuntu's decision to switch to Rust-based coreutils in 25.10 hasn't been the smoothest ride," writes the blog OMG Ubuntu, "as the latest — albeit now resolved — bug underscores." [Coreutils] are used by a number of processes, apps and scripts, including Ubuntu's own unattended-upgrades process, which automatically checks for new software updates. Alas, the Rust-based version of date had a bug which meant Ubuntu 25.10 desktops, servers, cloud and container images were not able to automatically check for updates when configured. Unattended-upgrades hooks into the date utility to check the timestamp of a reference file of when an update check was last run and, past a certain date, checks again. But date was incorrectly showing the current date, always.

A fix has been issued so only Ubuntu 25.10 installs withrust-coreutils 0.2.2-0ubuntu2 (or earlier) are affected.

"AI isn't just a tool anymore; it's an integral part of the development experience," argues GitHub's blog. So "Agents shouldn't be bolted on. They should work the way you already work..."

So this week GitHub announced "Agent HQ," which CNBC describes as a "mission control" interface "that will allow software developers to manage coding agents from multiple vendors on a single platform." Developers have a range of new capabilities at their fingertips because of these agents, but it can require a lot of effort to keep track of them all individually, said GitHub COO Kyle Daigle. Developers will now be able to manage agents from GitHub, OpenAI, Google, Anthropic, xAI and Cognition in one place with Agent HQ. "We want to bring a little bit of order to the chaos of innovation," Daigle told CNBC in an interview. "With so many different agents, there's so many different ways of kicking off these asynchronous tasks, and so our big opportunity here is to bring this all together." Agent HQ users will be able to access a command center where they can assign, steer and monitor the work of multiple agents...

The third-party agents will begin rolling out to GitHub Copilot subscribers in the coming months, but Copilot Pro+ users will be able to access OpenAI Codex in VS Code Insiders this week, the company said.
"We're into this wave two era," GitHub's COO Mario Rodriguez told VentureBeat, an era that's "going to be multimodal, it's going to be agentic and it's going to have these new experiences that will feel AI native...."

Or, as VentureBeat sees it, GitHub "is positioning itself as the essential orchestration layer beneath them all..." Just as the company transformed Git, pull requests and CI/CD into collaborative workflows, it's now trying to do the same with a fragmented AI coding landscape...

The technical architecture addresses a critical enterprise concern: Security. Unlike standalone agent implementations where users must grant broad repository access, GitHub's Agent HQ implements granular controls at the platform level... Agents operating through Agent HQ can only commit to designated branches. They run within sandboxed GitHub Actions environments with firewall protections. They operate under strict identity controls. [GitHub COO] Rodriguez explained that even if an agent goes rogue, the firewall prevents it from accessing external networks or exfiltrating data unless those protections are explicitly disabled.

Beyond managing third-party agents, GitHub is introducing two technical capabilities that set Agent HQ apart from alternative approaches like Cursor's standalone editor or Anthropic's Claude integration. Custom agents via AGENTS.md files: Enterprises can now create source-controlled configuration files that define specific rules, tools and guardrails for how Copilot behaves. For example, a company could specify "prefer this logger" or "use table-driven tests for all handlers." This permanently encodes organizational standards without requiring developers to re-prompt every time... Native Model Context Protocol (MCP) support: VS Code now includes a GitHub MCP Registry. Developers can discover, install and enable MCP servers with a single click. They can then create custom agents that combine these tools with specific system prompts. This positions GitHub as the integration point between the emerging MCP ecosystem and actual developer workflows. MCP, introduced by Anthropic but rapidly gaining industry support, is becoming a de facto standard for agent-to-tool communication. By supporting the full specification, GitHub can orchestrate agents that need access to external services without each agent implementing its own integration logic.

GitHub is also shipping new capabilities within VS Code itself. Plan Mode allows developers to collaborate with Copilot on building step-by-step project approaches. The AI asks clarifying questions before any code is written. Once approved, the plan can be executed either locally in VS Code or by cloud-based agents. The feature addresses a common failure mode in AI coding: Beginning implementation before requirements are fully understood. By forcing an explicit planning phase, GitHub aims to reduce wasted effort and improve output quality.

More significantly, GitHub's code review feature is becoming agentic. The new implementation will use GitHub's CodeQL engine, which previously largely focused on security vulnerabilities to identify bugs and maintainability issues. The code review agent will automatically scan agent-generated pull requests before human review. This creates a two-stage quality gate.
"Don't let this little bit of news float past you like all those self-satisfied marketing pitches we semi-hear and ignore," writes ZDNet: If it works and remains reliable, this is actually a very big deal... Tech companies, especially the giant ones, often like to talk "open" but then do their level best to engineer lock-in to their solution and their solution alone. Sure, most of them offer some sort of export tool, but the barrier to moving from one tool to another is often huge... [T]he idea that you can continue to use your favorite agent or agents in GitHub, fully integrated into the GitHub tool path, is powerful. It means there's a chance developers might not have to suffer the walled garden effect that so many companies have strived for to lock in their customers.

Slashdot reader BrianFagioli writes: Password manager 1Password's 2025 Annual Report: The Access-Trust Gap exposes how everyday employees are becoming accidental hackers in the AI era. The company's data shows that 73% of workers are encouraged to use AI tools, yet more than a third admit they do not always follow corporate policies. Many employees are feeding sensitive information into large language models or using unapproved AI apps to get work done, creating what 1Password calls "Shadow AI." At the same time, traditional defenses like single sign-on (SSO) and mobile device management (MDM) are failing to keep pace, leaving gaps in visibility and control.

The report warns that corporate security is being undermined from within. More than half of employees have installed software without IT approval, two-thirds still use weak passwords, and 38% have accessed accounts at previous employers. Despite rising enthusiasm for passkeys and passwordless authentication, 1Password says most organizations still depend on outdated systems that were never built for cloud-native, AI-driven work. The result is a growing "Access-Trust Gap" that could allow AI chaos and employee shortcuts to dismantle enterprise security from the inside.

An anonymous reader quotes a report from Gizmodo: It's time for Xbox to eat some humble pie and perform some real soul-searching. Microsoft released its latest quarterly earnings report and proved the worst of our fears about its gaming brand. Not only are Xbox hardware sales down significantly, but the brand itself is barely treading water. Gamers are voicing their displeasure with their wallets, but Microsoft's top brass is still only thinking about the margins. Microsoft was more keen to promote the scale of its cloud and AI services revenue -- which was up 28% year over year -- than talk about its beleaguered gaming brand. The company's overall gaming revenue fell by 2% compared to the same time last year. This was precipitated by a "decline in Xbox hardware," which was down by 22% following a steady decline quarter after quarter. Its first-party games and its Game Pass subscription were doing better, though the overall growth was only up by 1%, and even that was driven by the "better-than-expected performance" of third-party games. You can give credit to titles like Clair Obscur: Expedition 33 for why Xbox isn't in an even deeper hole than it is now.

The tech giant has no expectation that its Xbox brand will start making more money anytime soon. In its earnings call with investors, Microsoft Chief Financial Officer Amy Hood said the company expects Xbox will continue to decline "in the low to mid-single digits" for the following quarter. That's mostly due to the lack of landmark first-party titles. Just this month, Xbox released Ninja Gaiden 4, The Outer Worlds 2, and Double Fine's The Keeper. Xbox also made a huge marketing push for its first handheld, made in partnership with Asus, the ROG Xbox Ally and Ally X. In any other year, this would be a big month for any gaming company. The dour outlook comes after months of bad news. After two subsequent price hikes, Xbox Series S and Series X consoles now cost between $100 to $150 more than they did at launch five years ago. Microsoft also pushed prices of its Game Pass Ultimate subscription tier from $20 to $30 per month. A full-year's subscription would now demand $360. In a separate article, Gizmodo reviews Microsoft's new ROG Xbox Ally X handheld, which "offers a better experience overall" than the "other small-scale Windows PC gaming devices released this year." However, "it's still nowhere close to what you truly want from a console."

An anonymous reader quotes a report from ZDNet: Even before Azure had a global failure this week, Austria's Ministry of Economy had taken a decisive step toward digital sovereignty. The Ministry achieved this status by migrating 1,200 employees to a Nextcloud-based cloud and collaboration platform hosted on Austrian-based infrastructure. This shift away from proprietary, foreign-owned cloud services, such as Microsoft 365, to an open-source, European-based cloud service aligns with a growing trend among European governments and agencies. They want control over sensitive data and to declare their independence from US-based tech providers.

European companies are encouraging this trend. Many of them have joined forces in the newly created non-profit foundation, the EuroStack Initiative. This foundation's goal is " to organize action, not just talk, around the pillars of the initiative: Buy European, Sell European, Fund European." What's the motive behind these moves away from proprietary tech? Well, in Austria's case, Florian Zinnagl, CISO of the Ministry of Economy, Energy, and Tourism (BMWET), explained, "We carry responsibility for a large amount of sensitive data -- from employees, companies, and citizens. As a public institution, we take this responsibility very seriously. That's why we view it critically to rely on cloud solutions from non-European corporations for processing this information."

Austria's move and motivation echo similar efforts in Germany, Denmark, and other EU states and agencies. The organizations include the German state of Schleswig-Holstein, which abandoned Exchange and Outlook for open-source programs. Other agencies that have taken the same path away from Microsoft include the Austrian military, Danish government organizations, and the French city of Lyon. All of these organizations aim to keep data storage and processing within national or European borders to enhance security, comply with privacy laws such as the EU's General Data Protection Regulation (GDPR), and mitigate risks from potential commercial and foreign government surveillance.

An anonymous reader quotes a report from the Guardian: When Google and Amazon negotiated a major $1.2 billion cloud-computing deal in 2021, their customer -- the Israeli government -- had an unusual demand: agree to use a secret code as part of an arrangement that would become known as the "winking mechanism." The demand, which would require Google and Amazon to effectively sidestep legal obligations in countries around the world, was born out of Israel's concerns that data it moves into the global corporations' cloud platforms could end up in the hands of foreign law enforcement authorities.

Like other big tech companies, Google and Amazon's cloud businesses routinely comply with requests from police, prosecutors and security services to hand over customer data to assist investigations. This process is often cloaked in secrecy. The companies are frequently gagged from alerting the affected customer their information has been turned over. This is either because the law enforcement agency has the power to demand this or a court has ordered them to stay silent. For Israel, losing control of its data to authorities overseas was a significant concern. So to deal with the threat, officials created a secret warning system: the companies must send signals hidden in payments to the Israeli government, tipping it off when it has disclosed Israeli data to foreign courts or investigators.

To clinch the lucrative contract, Google and Amazon agreed to the so-called winking mechanism, according to leaked documents seen by the Guardian, as part of a joint investigation with Israeli-Palestinian publication +972 Magazine and Hebrew-language outlet Local Call. Based on the documents and descriptions of the contract by Israeli officials, the investigation reveals how the companies bowed to a series of stringent and unorthodox "controls" contained within the 2021 deal, known as Project Nimbus. Both Google and Amazon's cloud businesses have denied evading any legal obligations.