Before signing its lucrative and controversial Project Nimbus deal with Israel, Google knew it couldn’t control what the nation and its military would do with the powerful cloud-computing technology, a confidential internal report obtained by The Intercept reveals.

The report makes explicit the extent to which the tech giant understood the risk of providing state-of-the-art cloud and machine learning tools to a nation long accused of systemic human rights violations and wartime atrocities. Not only would Google be unable to fully monitor or prevent Israel from using its software to harm Palestinians, but the report also notes that the contract could obligate Google to stonewall criminal investigations by other nations into Israel’s use of its technology. And it would require close collaboration with the Israeli security establishment — including joint drills and intelligence sharing — that was unprecedented in Google’s deals with other nations.

A third-party consultant Google hired to vet the deal recommended that the company withhold machine learning and artificial intelligence tools from Israel because of these risk factors.

Three international law experts who spoke with The Intercept said that Google’s awareness of the risks and foreknowledge that it could not conduct standard due diligence may pose legal liability for the company. The rarely discussed question of legal culpability has grown in significance as Israel enters the third year of what has widely been acknowledged as a genocide in Gaza — with shareholders pressing the company to conduct due diligence on whether its technology contributes to human rights abuses.

“They’re aware of the risk that their products might be used for rights violations,” said León Castellanos-Jankiewicz, a lawyer with the Asser Institute for International and European Law in The Hague, who reviewed portions of the report. “At the same time, they will have limited ability to identify and ultimately mitigate these risks.”

Google declined to answer any of a list of detailed questions sent by The Intercept about the company’s visibility into Israel’s use of its services or what control it has over Project Nimbus.

Company spokesperson Denise Duffy-Parkes instead responded with a verbatim copy of a statement that Google provided for a different article last year. “We’ve been very clear about the Nimbus contract, what it’s directed to, and the Terms of Service and Acceptable Use Policy that govern it. Nothing has changed.”

Portions of the internal document were first reported by the New York Times, but Google’s acknowledged inability to oversee Israel’s usage of its tools has not previously been disclosed.

In January 2021, just three months before Google won the Nimbus contract alongside Amazon, the company’s cloud computing executives faced a dilemma.

The Project Nimbus contract — then code-named “Selenite” at Google — was a clear moneymaker. According to the report, which provides an assessment of the risks and rewards of this venture, Google estimated a bespoke cloud data center for Israel, subject to Israeli sovereignty and law, could reap $3.3 billion between 2023 and 2027, not only by selling to Israel’s military but also its financial sector and corporations like pharmaceutical giant Teva.

But given decades of transgressions against international law by Israeli military and intelligence forces it was now supplying, the company acknowledged that the deal was not without peril. “Google Cloud Services could be used for, or linked to, the facilitation of human rights violations, including Israeli activity in the West Bank,” resulting in “reputation harm,” the company warned.

In the report, Google acknowledged the urgency of mitigating these risks, both to the human rights of Palestinians and Google’s public image, through due diligence and enforcement of the company’s terms of service, which forbid certain acts of destruction and criminality.

But the report makes clear a profound obstacle to any attempt at oversight: The Project Nimbus contract is written in such a way that Google would be largely kept in the dark about what exactly its customer was up to, and should any abuses ever come to light, obstructed from doing anything about them.

The document lays out the limitations in stark terms.

Google would only be given “very limited visibility” into how its software would be used. The company was “not permitted to restrict the types of services and information that the Government (including the Ministry of Defense and Israeli Security Agency) chooses to migrate” to the cloud.

Attempts to prevent Israeli military or spy agencies from using Google Cloud in ways damaging to Google “may be........

© The Intercept