Group items tagged

The Office of Special Counsel (OSC) has been working to investigate claims of retaliation and get favorable actions for many of the VA whistleblowers who have come forward. Since April 2014, the OSC has successfully obtained corrective actions for over 25 whistleblowers.[7] But the OSC still has over 100 pending VA reprisal cases to investigate, among the highest of any government agency, according to Special Counsel Carolyn Lerner.[8] Although the VA has been cooperative with the OSC and their recommendations, merely addressing isolated incidents is not enough.[9] The VA has been struggling with a culture problem for decades and something more must be done.

VA employees who have concerns about management or fear retaliation are supposed to be able to turn to the VA’s Office of Inspector General (OIG). But whistleblowers have come to doubt the VA IG’s willingness to hold wrongdoers accountable. Since 2014, the IG Office has not yet publically released any investigation into employee retaliation, making it difficult to assess how seriously the IG’s office is taking this issue. Furthermore, the VA IG’s office issued an administrative subpoena to POGO in May 2014 that was little more than an invasive fishing expedition for whistleblowers. The IG demanded “All records that POGO has received from current or former employees of the Department of Veterans Affairs, and other individuals or entities.”[10] Though POGO did not comply with the subpoena, such an action was cause for concern for many of the whistleblowers who had shared information with us. POGO remains concerned that there is not a permanent VA IG in place and that the position has been vacant for over a year.[11] Our own investigations have found that the absence of permanent leadership can have a serious impact on the effectiveness of an IG office.[12] Acting IGs do not undergo the same kind of extensive vetting process required of permanent IGs, and as a consequence usually lack the credibility of a permanent IG. Acting IGs also often seek appointment to the permanent position, which can compromise their independence by giving them an incentive to curry favor with the White House and the leadership of their agency.[13] Perhaps most worrisome, given the significant challenges facing the VA IG, a 2009 study found that vacancies in top agency positions promote agency inaction, create confusion among career employees, make an agency less likely to handle controversial issues, result in fewer enforcement actions by regulatory agencies and decrease public trust in government.[14]

It appears the VA IG may be subject to this dangerous lack of independence. For example, the VA OIG has failed to release the results of 140 health care investigations since 2006.[15] Furthermore, the Department of Treasury IG sent a letter to this Committee just last month raising concerns about another VA IG investigation. After speaking to witnesses familiar with the situation, the Treasury IG concluded that their testimony, “calls into question the integrity of the VA OIG’s actions in this particular manner.” The Treasury IG’s investigation also found that multiple witnesses stated a VA employee boasted about his ability to influence the VA OIG’s investigations.[16]

In POGO’s 2014 letter, we recommended concrete steps for incoming VA Secretary McDonald to take in order to demonstrate an agency-wide commitment to changing the VA’s culture of fear, bullying, and retaliation. Neither Acting Secretary Sloan Gibson nor Secretary McDonald have responded to our multiple requests for a meeting. Clearly, an important first step will be for the President to nominate a permanent IG for the VA. Hopefully strong and committed leadership in that office will correct its current course. POGO recommended that Secretary McDonald make a tangible and meaningful gesture to support those whistleblowers who have been trying to fix the VA from the inside. Once the OSC has identified meritorious cases, Secretary McDonald should personally meet with those whistleblowers and elevate their status from villain to hero. These employees should be publicly celebrated for their courage, and should receive positive recognition in their personnel files, including possibly receiving the types of bonuses that have been provided to wrongdoers in the past. Retaliation against whistleblowers is already a prohibited personnel practice, but it will be up to the senior-most VA leadership to ensure that this rule is enforced by the agency. This should not be an isolated event done in response to recent criticisms but an ongoing effort. Whistleblowing must be encouraged and celebrated or wrongdoing will continue.

But it’s not just the VA Secretary who can work to fix this problem. Congress should enact legislation that codifies accountability for those who retaliate against whistleblowers. The definition of “wrongdoing” must include retaliation. The cultural shift that is required inside the Department of Veterans Affairs must be accompanied by statutory mandates that protect whistleblowers and witnesses inside the agency from retaliation. Legislation should ensure that whistleblowers are able to be confident that stepping forward to expose wrongdoing will not result in retaliation, and should provide a system to hold retaliators within the VA accountable. Congress should also extend whistleblower protections to contractors and veterans who raise concerns about medical care provided by the VA. POGO’s investigation found that both of these groups also fear retaliation that prevents them from coming forward. While federal employees working at the VA enjoy whistleblower protections, contractors do not. Congress should extend the same protections to contractors in order to promote internal oversight in an increasingly contractor-heavy landscape.

In addition, a veteran who is receiving poor care should be able to speak to his or her patient advocate without fear of retaliation, including a reduction in the quality of health care. Without this reassurance, there is a disincentive to report poor care, allowing it to continue uncorrected. Congress should extend whistleblower protections to veteran whistleblowers. The VA and Congress must work together to end this culture of fear and retaliation. Whistleblowers who report concerns that affect veteran health must be lauded, not shunned. And the law must protect them.

58      Directive 2006/24 affects, in a comprehensive manner, all persons using electronic communications services, but without the persons whose data are retained being, even indirectly, in a situation which is liable to give rise to criminal prosecutions. It therefore applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime. Furthermore, it does not provide for any exception, with the result that it applies even to persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy. 59      Moreover, whilst seeking to contribute to the fight against serious crime, Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences.

1        These requests for a preliminary ruling concern the validity of Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L 105, p. 54).

Digital Rights Ireland Ltd (C‑293/12)vMinister for Communications, Marine and Natural Resources,Minister for Justice, Equality and Law Reform,Commissioner of the Garda Síochána,Ireland,The Attorney General,intervener:Irish Human Rights Commission, andKärntner Landesregierung (C‑594/12),Michael Seitlinger,Christof Tschohl and others,

JUDGMENT OF THE COURT (Grand Chamber)8 April 2014 (*)(Electronic communications — Directive 2006/24/EC — Publicly available electronic communications services or public communications networks services — Retention of data generated or processed in connection with the provision of such services — Validity — Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union)In Joined Cases C‑293/12 and C‑594/12,

34      As a result, the obligation imposed by Articles 3 and 6 of Directive 2006/24 on providers of publicly available electronic communications services or of public communications networks to retain, for a certain period, data relating to a person’s private life and to his communications, such as those referred to in Article 5 of the directive, constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter. 35      Furthermore, the access of the competent national authorities to the data constitutes a further interference with that fundamental right (see, as regards Article 8 of the ECHR, Eur. Court H.R., Leander v. Sweden, 26 March 1987, § 48, Series A no 116; Rotaru v. Romania [GC], no. 28341/95, § 46, ECHR 2000-V; and Weber and Saravia v. Germany (dec.), no. 54934/00, § 79, ECHR 2006-XI). Accordingly, Articles 4 and 8 of Directive 2006/24 laying down rules relating to the access of the competent national authorities to the data also constitute an interference with the rights guaranteed by Article 7 of the Charter. 36      Likewise, Directive 2006/24 constitutes an interference with the fundamental right to the protection of personal data guaranteed by Article 8 of the Charter because it provides for the processing of personal data.

65      It follows from the above that Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter. It must therefore be held that Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary.66      Moreover, as far as concerns the rules relating to the security and protection of data retained by providers of publicly available electronic communications services or of public communications networks, it must be held that Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data. In the first place, Article 7 of Directive 2006/24 does not lay down rules which are specific and adapted to (i) the vast quantity of data whose retention is required by that directive, (ii) the sensitive nature of that data and (iii) the risk of unlawful access to that data, rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. Furthermore, a specific obligation on Member States to establish such rules has also not been laid down.

60      Secondly, not only is there a general absence of limits in Directive 2006/24 but Directive 2006/24 also fails to lay down any objective criterion by which to determine the limits of the access of the competent national authorities to the data and their subsequent use for the purposes of prevention, detection or criminal prosecutions concerning offences that, in view of the extent and seriousness of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter, may be considered to be sufficiently serious to justify such an interference. On the contrary, Directive 2006/24 simply refers, in Article 1(1), in a general manner to serious crime, as defined by each Member State in its national law.61      Furthermore, Directive 2006/24 does not contain substantive and procedural conditions relating to the access of the competent national authorities to the data and to their subsequent use. Article 4 of the directive, which governs the access of those authorities to the data retained, does not expressly provide that that access and the subsequent use of the data in question must be strictly restricted to the purpose of preventing and detecting precisely defined serious offences or of conducting criminal prosecutions relating thereto; it merely provides that each Member State is to define the procedures to be followed and the conditions to be fulfilled in order to gain access to the retained data in accordance with necessity and proportionality requirements.

55      The need for such safeguards is all the greater where, as laid down in Directive 2006/24, personal data are subjected to automatic processing and where there is a significant risk of unlawful access to those data (see, by analogy, as regards Article 8 of the ECHR, S. and Marper v. the United Kingdom, § 103, and M. K. v. France, 18 April 2013, no. 19522/09, § 35).56      As for the question of whether the interference caused by Directive 2006/24 is limited to what is strictly necessary, it should be observed that, in accordance with Article 3 read in conjunction with Article 5(1) of that directive, the directive requires the retention of all traffic data concerning fixed telephony, mobile telephony, Internet access, Internet e-mail and Internet telephony. It therefore applies to all means of electronic communication, the use of which is very widespread and of growing importance in people’s everyday lives. Furthermore, in accordance with Article 3 of Directive 2006/24, the directive covers all subscribers and registered users. It therefore entails an interference with the fundamental rights of practically the entire European population. 57      In this respect, it must be noted, first, that Directive 2006/24 covers, in a generalised manner, all persons and all means of electronic communication as well as all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.

62      In particular, Directive 2006/24 does not lay down any objective criterion by which the number of persons authorised to access and subsequently use the data retained is limited to what is strictly necessary in the light of the objective pursued. Above all, the access by the competent national authorities to the data retained is not made dependent on a prior review carried out by a court or by an independent administrative body whose decision seeks to limit access to the data and their use to what is strictly necessary for the purpose of attaining the objective pursued and which intervenes following a reasoned request of those authorities submitted within the framework of procedures of prevention, detection or criminal prosecutions. Nor does it lay down a specific obligation on Member States designed to establish such limits. 63      Thirdly, so far as concerns the data retention period, Article 6 of Directive 2006/24 requires that those data be retained for a period of at least six months, without any distinction being made between the categories of data set out in Article 5 of that directive on the basis of their possible usefulness for the purposes of the objective pursued or according to the persons concerned.64      Furthermore, that period is set at between a minimum of 6 months and a maximum of 24 months, but it is not stated that the determination of the period of retention must be based on objective criteria in order to ensure that it is limited to what is strictly necessary.

52      So far as concerns the right to respect for private life, the protection of that fundamental right requires, according to the Court’s settled case-law, in any event, that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary (Case C‑473/12 IPI EU:C:2013:715, paragraph 39 and the case-law cited).53      In that regard, it should be noted that the protection of personal data resulting from the explicit obligation laid down in Article 8(1) of the Charter is especially important for the right to respect for private life enshrined in Article 7 of the Charter.54      Consequently, the EU legislation in question must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards so that the persons whose data have been retained have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access and use of that data (see, by analogy, as regards Article 8 of the ECHR, Eur. Court H.R., Liberty and Others v. the United Kingdom, 1 July 2008, no. 58243/00, § 62 and 63; Rotaru v. Romania, § 57 to 59, and S. and Marper v. the United Kingdom, § 99).

26      In that regard, it should be observed that the data which providers of publicly available electronic communications services or of public communications networks must retain, pursuant to Articles 3 and 5 of Directive 2006/24, include data necessary to trace and identify the source of a communication and its destination, to identify the date, time, duration and type of a communication, to identify users’ communication equipment, and to identify the location of mobile communication equipment, data which consist, inter alia, of the name and address of the subscriber or registered user, the calling telephone number, the number called and an IP address for Internet services. Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. 27      Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.

32      By requiring the retention of the data listed in Article 5(1) of Directive 2006/24 and by allowing the competent national authorities to access those data, Directive 2006/24, as the Advocate General has pointed out, in particular, in paragraphs 39 and 40 of his Opinion, derogates from the system of protection of the right to privacy established by Directives 95/46 and 2002/58 with regard to the processing of personal data in the electronic communications sector, directives which provided for the confidentiality of communications and of traffic data as well as the obligation to erase or make those data anonymous where they are no longer needed for the purpose of the transmission of a communication, unless they are necessary for billing purposes and only for as long as so necessary.

On those grounds, the Court (Grand Chamber) hereby rules:Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is invalid.

Background: The Stop Arming Terrorists bill prohibits U.S. government funds from being used to support al-Qaeda, ISIS or other terrorist groups. In the same way that Congress passed the Boland Amendment to prohibit the funding and support to CIA backed-Nicaraguan Contras during the 1980’s, this bill would stop CIA or other Federal government activities in places like Syria by ensuring U.S. funds are not used to support al-Qaeda, Jabhat Fateh al-Sham, ISIS, or other terrorist groups working with them. It would also prohibit the Federal government from funding assistance to countries that are directly or indirectly supporting those terrorist groups. The bill achieves this by: Making it illegal for any U.S. Federal government funds to be used to provide assistance covered in this bill to terrorists. The assistance covered includes weapons, munitions, weapons platforms, intelligence, logistics, training, and cash. Making it illegal for the U.S. government to provide assistance covered in the bill to any nation that has given or continues to give such assistance to terrorists. Requiring the Director of National Intelligence (DNI) to determine the individual and groups that should be considered terrorists, for the purposes of this bill, by determining: (a) the individuals and groups that are associated with, affiliated with, adherents to or cooperating with al-Qaeda, Jabhat Fateh al-Sham, or ISIS; (b) the countries that are providing assistance covered in this bill to those individuals or groups. Requiring the DNI to review and update the list of countries and groups to which assistance is prohibited every six months, in consultation with the House Foreign Affairs and Armed Services Committees, as well as the House Permanent Select Committee on Intelligence. Requiring the DNI to brief Congress on the determinations.

[i] Levant Front (U.S. backed, via the MOC in Turkey) is working under an Ahrar al Sham led umbrella group: http://www.understandingwar.org/sites/default/files/December%202%20EDITS%20COT_2.pdf ; U.S. support for Levant Front: http://carnegie-mec.org/diwan/57605?lang=en ; CIA groups cooperated with Jayesh al-Fateh http://www.thedailybeast.com/articles/2016/01/19/the-cia-s-syria-program-and-the-perils-of-proxies.html; U.S. weapons arriving in Syria through covert, CIA-led program, via Saudi Arabia and Turkey; CIA can provide support http://www.reuters.com/article/us-usa-syria-obama-order-idUSBRE8701OK20120802

Background: The Stop Arming Terrorists bill prohibits U.S. government funds from being used to support al-Qaeda, ISIS or other terrorist groups. In the same way that Congress passed the Boland Amendment to prohibit the funding and support to CIA backed-Nicaraguan Contras during the 1980’s, this bill would stop CIA or other Federal government activities in places like Syria by ensuring U.S. funds are not used to support al-Qaeda, Jabhat Fateh al-Sham, ISIS, or other terrorist groups working with them. It would also prohibit the Federal government from funding assistance to countries that are directly or indirectly supporting those terrorist groups. The bill achieves this by: Making it illegal for any U.S. Federal government funds to be used to provide assistance covered in this bill to terrorists. The assistance covered includes weapons, munitions, weapons platforms, intelligence, logistics, training, and cash. Making it illegal for the U.S. government to provide assistance covered in the bill to any nation that has given or continues to give such assistance to terrorists. Requiring the Director of National Intelligence (DNI) to determine the individual and groups that should be considered terrorists, for the purposes of this bill, by determining: (a) the individuals and groups that are associated with, affiliated with, adherents to or cooperating with al-Qaeda, Jabhat Fateh al-Sham, or ISIS; (b) the countries that are providing assistance covered in this bill to those individuals or groups. Requiring the DNI to review and update the list of countries and groups to which assistance is prohibited every six months, in consultation with the House Foreign Affairs and Armed Services Committees, as well as the House Permanent Select Committee on Intelligence. Requiring the DNI to brief Congress on the determinations.

But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.

But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.

One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."

One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.

An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.

William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."

According to documents made public by the US Military, as of 2008, a company called PacifiCorp serves as the primary supplier of electric power, and Cascade Natural Gas Corporation supplies natural gas to YTC. The Kittitas Public Utility District, a function of the state of Washington, provides electric power for the MPRC and the Doris site, but no documentation has yet proven that it also provides electricity used directly by the NSA facility on site. And while YTC does provide a bulk of its own water, documents also show that some of it gets there by first passing through upstream dams owned and operated by the State. The Army report states, “YTC lies within three WAUs whose boundaries coincide with WRIAs, as defined by the State of Washington natural resource agencies.” WAU’s are Washington State Water Administration Units. WRIAs are Washington State Water Resource Inventory Areas A Washington company also has a strong link to the NSA. Cray Inc. builds supercomputers for the agency.

If the bill passes, it would set in motion actions to stop any state support of the Yakima center as long as it remains in the state, and could make Cray ineligible for any contracts with the state or its political subdivisions. Three public universities in Washington join 166 schools nationwide partnering with the NSA. Taylor’s bill would address these schools’ status as NSA “Centers of Academic Excellence,” and would bar any new partnerships with other state colleges or universities. Tenth Amendment Center national communications director Mike Maharrey says the bills prohibition against using unconstitutionally gathered data in state court would probably have the most immediate impact. In fact, lawmakers in Kansas and Missouri will consider bills simply addressing this kind of data sharing.

“We know the NSA shares data with state and local law enforcement. We know from a Reuters report that most of this shared data has absolutely nothing to do with national security issues. This bill would make that information inadmissible in state court,” he said. “This data sharing shoves a dagger into the heart of the Fourth Amendment. This bill would stop that from happening. This is a no-brainer. Every state should do it.” Maharrey said he expects at least three more states to introduce the act within the next few weeks. “This idea is catching fire,” he said. “And why wouldn’t it? We have an out of control agency spying on virtually everybody in the world. We have a president and a Congress that appears poised to maybe put a band aid on it. Americans are realizing if we are going to slow down the NSA, we are going to have to take a different approach. This is it.”

Paul Rosenzweig, a former Homeland Security official and founder of Red Branch Consulting, compared the NSA and DOD asking the Justice Department for 2511 letters to the CIA asking the Justice Department for the so-called torture memos a decade ago. (They were written by Justice Department official John Yoo, who reached the controversial conclusion that waterboarding was not torture.) "If you think of it poorly, it's a CYA function," Rosenzweig says. "If you think well of it, it's an effort to secure advance authorization for an action that may not be clearly legal." A report (PDF) published last month by the Congressional Research Service, a non-partisan arm of Congress, says the executive branch likely does not have the legal authority to authorize more widespread monitoring of communications unless Congress rewrites the law. "Such an executive action would contravene current federal laws protecting electronic communications," the report says.

An internal Defense Department presentation cites as possible legal authority a classified presidential directive called NSPD 54 that President Bush signed in January 2008. Obama's own executive order , signed in February 2013, says Homeland Security must establish procedures to expand the data-sharing program "to all critical infrastructure sectors" by mid-June. Those are defined as any companies providing services that, if disrupted, would harm national economic security or "national public health or safety."

The appeals court said the memo may be redacted from revealing which government agencies are behind the attacks, although former CIA Director Leon Panetta has essentially acknowledged that agency's role. Last year, a federal judge blocked the disclosure of the memo. Judge Colleen McMahon of New York said she was ensnared in a "paradoxical situation" in which the law forbade her from ordering the memo's release: The Alice-in-Wonderland nature of this pronouncement is not lost on me; but after careful and extensive consideration, I find myself stuck in a paradoxical situation in which I cannot solve a problem because of contradictory constraints and rules—a veritable catch-22. I can find no way around the thicket of laws and precedents that effectively allow the Executive Branch of our government to proclaim as perfectly lawful certain actions that seem on their face incompatible with our Constitution and laws while keeping the reasons for their conclusion a secret.

The Intercept has confirmed that as of 2013, the NSA was actively using MYSTIC to gather cell-phone metadata in five countries, and was intercepting voice data in two of them. Documents show that the NSA has been generating intelligence reports from MYSTIC surveillance in the Bahamas, Mexico, Kenya, the Philippines, and one other country, which The Intercept is not naming in response to specific, credible concerns that doing so could lead to increased violence. The more expansive full-take recording capability has been deployed in both the Bahamas and the unnamed country. MYSTIC was established in 2009 by the NSA’s Special Source Operations division, which works with corporate partners to conduct surveillance. Documents in the Snowden archive describe it as a “program for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless/mobile communications networks.”

If an entire nation’s cell-phone calls were a menu of TV shows, MYSTIC would be a cable programming guide showing which channels offer which shows, and when. SOMALGET would be the DVR that automatically records every show on every channel and stores them for a month. MYSTIC provides the access; SOMALGET provides the massive amounts of storage needed to archive all those calls so that analysts can listen to them at will after the fact. According to one NSA document, SOMALGET is “deployed against entire networks” in the Bahamas and the second country, and processes “over 100 million call events per day.”

When U.S. drug agents need to tap a phone of a suspected drug kingpin in another country, they call up their counterparts and ask them set up an intercept. To facilitate those taps, many nations – including the Bahamas – have hired contractors who install and maintain so-called lawful intercept equipment on their telecommunications. With SOMALGET, it appears that the NSA has used the access those contractors developed to secretly mine the country’s entire phone system for “signals intelligence” –recording every mobile call in the country. “Host countries,” the document notes, “are not aware of NSA’s SIGINT collection.” “Lawful intercept systems engineer communications vulnerabilities into networks, forcing the carriers to weaken,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “Host governments really should be thinking twice before they accept one of these Trojan horses.”

The DEA has long been in a unique position to help the NSA gain backdoor access to foreign phone networks. “DEA has close relationships with foreign government counterparts and vetted foreign partners,” the manager of the NSA’s drug-war efforts reported in a 2004 memo. Indeed, with more than 80 international offices, the DEA is one of the most widely deployed U.S. agencies around the globe. But what many foreign governments fail to realize is that U.S. drug agents don’t confine themselves to simply fighting narcotics traffickers. “DEA is actually one of the biggest spy operations there is,” says Finn Selander, a former DEA special agent who works with the drug-reform advocacy group Law Enforcement Against Prohibition. “Our mandate is not just drugs. We collect intelligence.” What’s more, Selander adds, the NSA has aided the DEA for years on surveillance operations. “On our reports, there’s drug information and then there’s non-drug information,” he says. “So countries let us in because they don’t view us, really, as a spy organization.”

“I seriously don’t think that would be your run-of-the-mill legal interception equipment,” says the former engineer, who worked with hardware and software that typically maxed out at 1,000 intercepts. The NSA, by contrast, is recording and storing tens of millions of calls – “mass surveillance,” he observes, that goes far beyond the standard practices for lawful interception recognized around the world. The Bahamas Telecommunications Company did not respond to repeated phone calls and emails.

The proliferation of private contractors has apparently provided the NSA with direct access to foreign phone networks. According to the documents, MYSTIC draws its data from “collection systems” that were overtly installed on the telecommunications systems of targeted countries, apparently by corporate “partners” cooperating with the NSA. One NSA document spells out that “the overt purpose” given for accessing foreign telecommunications systems is “for legitimate commercial service for the Telco’s themselves.” But the same document adds: “Our covert mission is the provision of SIGINT,” or signals intelligence.

According to the NSA documents, MYSTIC targets calls and other data transmitted on  Global System for Mobile Communications networks – the primary framework used for cell phone calls worldwide. In the Philippines, MYSTIC collects “GSM, Short Message Service (SMS) and Call Detail Records” via access provided by a “DSD asset in a Philippine provider site.” (The DSD refers to the Defence Signals Directorate, an arm of Australian intelligence. The Australian consulate in New York declined to comment.) The operation in Kenya is “sponsored” by the CIA, according to the documents, and collects “GSM metadata with the potential for content at a later date.” The Mexican operation is likewise sponsored by the CIA. The documents don’t say how or under what pretenses the agency is gathering call data in those countries. In the Bahamas, the documents say, the NSA intercepts GSM data that is transmitted over what is known as the “A link”–or “A interface”–a core component of many mobile networks. The A link transfers data between two crucial parts of GSM networks – the base station subsystem, where phones in the field communicate with cell towers, and the network subsystem, which routes calls and text messages to the appropriate destination. “It’s where all of the telephone traffic goes,” says the former engineer.

When U.S. drug agents wiretap a country’s phone networks, they must comply with the host country’s laws and work alongside their law enforcement counterparts. “The way DEA works with our allies – it could be Bahamas or Jamaica or anywhere – the host country has to invite us,” says Margolis. “We come in and provide the support, but they do the intercept themselves.” The Bahamas’ Listening Devices Act requires all wiretaps to be authorized in writing either by the minister of national security or the police commissioner in consultation with the attorney general. The individuals to be targeted must be named. Under the nation’s Data Protection Act, personal data may only be “collected by means which are both lawful and fair in the circumstances of the case.” The office of the Bahamian data protection commissioner, which administers the act, said in a statement that it “was not aware of the matter you raise.” Countries like the Bahamas don’t install lawful intercepts on their own. With the adoption of international standards, a thriving market has emerged for private firms that are contracted by foreign governments to install and maintain lawful intercept equipment. Currently valued at more than $128 million, the global market for private interception services is expected to skyrocket to more than $970 million within the next four years, according to a 2013 report from the research firm Markets and Markets.

If the U.S. government wanted to make a case for surveillance in the Bahamas, it could point to the country’s status as a leading haven for tax cheats, corporate shell games, and a wide array of black-market traffickers. The State Department considers the Bahamas both a “major drug-transit country” and a “major money laundering country” (a designation it shares with more than 60 other nations, including the U.S.). According to the International Monetary Fund, as of 2011 the Bahamas was home to 271 banks and trust companies with active licenses. At the time, the Bahamian banks held $595 billion in U.S. assets. But the NSA documents don’t reflect a concerted focus on the money launderers and powerful financial institutions – including numerous Western banks – that underpin the black market for narcotics in the Bahamas. Instead, an internal NSA presentation from 2013 recounts with pride how analysts used SOMALGET to locate an individual who “arranged Mexico-to-United States marijuana shipments” through the U.S. Postal Service.

The presentation doesn’t say whether the NSA shared the information with the DEA. But the drug agency’s Special Operations Divison has come under fire for improperly using classified information obtained by the NSA to launch criminal investigations – and then creating false narratives to mislead courts about how the investigations began. The tactic – known as parallel construction – was first reported by Reuters last year, and is now under investigation by the Justice Department’s inspector general. So: Beyond a desire to bust island pot dealers, why would the NSA choose to apply a powerful collection tool such as SOMALGET against the Bahamas, which poses virtually no threat to the United States? The answer may lie in a document that characterizes the Bahamas operation as a “test bed for system deployments, capabilities, and improvements” to SOMALGET. The country’s small population – fewer than 400,000 residents – provides a manageable sample to try out the surveillance system’s features. Since SOMALGET is also operational in one other country, the Bahamas may be used as a sort of guinea pig to beta-test improvements and alterations without impacting the system’s operations elsewhere. “From an engineering point of view it makes perfect sense,” says the former engineer. “Absolutely.”

SOMALGET operates under Executive Order 12333, a Reagan-era rule establishing wide latitude for the NSA and other intelligence agencies to spy on other countries, as long as the attorney general is convinced the efforts are aimed at gathering foreign intelligence. In 2000, the NSA assured Congress that all electronic surveillance performed under 12333 “must be conducted in a manner that minimizes the acquisition, retention, and dissemination of information about unconsenting U.S. persons.” In reality, many legal experts point out, the lack of judicial oversight or criminal penalties for violating the order render the guidelines meaningless. “I think it would be open, whether it was legal or not,” says German, the former FBI agent. “Because we don’t have all the facts about how they’re doing it. For a long time, the NSA has been interpreting their authority in the broadest possible way, even beyond what an objective observer would say was reasonable.” “An American citizen has Fourth Amendment rights wherever they are,” adds Kurt Opsahl, an attorney with the Electronic Frontier Foundation. “Nevertheless, there have certainly been a number of things published over the last year which suggest that there are broad, sweeping programs that the NSA and other government agencies are doing abroad that sweep up the communications of Americans.”

Legal or not, the NSA’s covert surveillance of an entire nation suggests that it will take more than the president’s tepid “limits” to rein in the ambitions of the intelligence community. “It’s almost like they have this mentality – if we can, we will,” says German. “There’s no analysis of the long-term risks of doing it, no analysis of whether it’s actually worth the effort, no analysis of whether we couldn’t take those resources and actually put them on real threats and do more good.” It’s not surprising, German adds, that the government’s covert program in the Bahamas didn’t remain covert. “The undermining of international law and international cooperation is such a long-term negative result of these programs that they had to know would eventually be exposed, whether through a leak, whether through a spy, whether through an accident,” he says. “Nothing stays secret forever. It really shows the arrogance of these agencies – they were just going to do what they were going to do, and they weren’t really going to consider any other important aspects of how our long-term security needs to be addressed.”

1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.

Obama's campaign promises and election gave me faith that he would lead us toward fixing the problems he outlined in his quest for votes. Many Americans felt similarly. Unfortunately, shortly after assuming power, he closed the door on investigating systemic violations of law, deepened and expanded several abusive programs, and refused to spend the political capital to end the kind of human rights violations like we see in Guantanamo, where men still sit without charge.

All I can say right now is the US Government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped

NSA likes to use "domestic" as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as "incidental" collection, but at the end of the day, someone at NSA still has the content of your communications. Even in the event of "warranted" intercept, it's important to understand the intelligence community doesn't always deal with what you would consider a "real" warrant like a Police department would have to, the "warrant" is more of a templated form they fill out and send to a reliable judge with a rubber stamp.

Glenn Greenwald follow up: When you say "someone at NSA still has the content of your communications" - what do you mean? Do you mean they have a record of it, or the actual content? Both. If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time - and can be extended further with waivers rather than warrants.

What are your thoughts on Google's and Facebook's denials? Do you think that they're honestly in the dark about PRISM, or do you think they're compelled to lie? Perhaps this is a better question to a lawyer like Greenwald, but: If you're presented with a secret order that you're forbidding to reveal the existence of, what will they actually do if you simply refuse to comply (without revealing the order)? Answer: Their denials went through several revisions as it become more and more clear they were misleading and included identical, specific language across companies. As a result of these disclosures and the clout of these companies, we're finally beginning to see more transparency and better details about these programs for the first time since their inception. They are legally compelled to comply and maintain their silence in regard to specifics of the program, but that does not comply them from ethical obligation. If for example Facebook, Google, Microsoft, and Apple refused to provide this cooperation with the Intelligence Community, what do you think the government would do? Shut them down?

Some skepticism exists about certain of your claims, including this: I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email. Do you stand by that, and if so, could you elaborate? Answer: Yes, I stand by it. US Persons do enjoy limited policy protections (and again, it's important to understand that policy protection is no protection - policy is a one-way ratchet that only loosens) and one very weak technical protection - a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the "widest allowable aperture," and can be stripped out at any time. Even with the filter, US comms get ingested, and even more so as soon as they leave the border. Your protected communications shouldn't stop being protected communications just because of the IP they're tagged with. More fundamentally, the "US Persons" protection in general is a distraction from the power and danger of this system. Suspicionless surveillance does not become okay simply because it's only victimizing 95% of the world instead of 100%. Our founders did not write that "We hold these Truths to be self-evident, that all US Persons are created equal."

Edward, there is rampant speculation, outpacing facts, that you have or will provide classified US information to the Chinese or other governments in exchange for asylum. Have/will you? Answer: This is a predictable smear that I anticipated before going public, as the US media has a knee-jerk "RED CHINA!" reaction to anything involving HK or the PRC, and is intended to distract from the issue of US government misconduct. Ask yourself: if I were a Chinese spy, why wouldn't I have flown directly into Beijing? I could be living in a palace petting a phoenix by now.

US officials say this every time there's a public discussion that could limit their authority. US officials also provide misleading or directly false assertions about the value of these programs, as they did just recently with the Zazi case, which court documents clearly show was not unveiled by PRISM. Journalists should ask a specific question: since these programs began operation shortly after September 11th, how many terrorist attacks were prevented SOLELY by information derived from this suspicionless surveillance that could not be gained via any other source? Then ask how many individual communications were ingested to acheive that, and ask yourself if it was worth it. Bathtub falls and police officers kill more Americans than terrorism, yet we've been asked to sacrifice our most sacred rights for fear of falling victim to it. Further, it's important to bear in mind I'm being called a traitor by men like former Vice President Dick Cheney. This is a man who gave us the warrantless wiretapping scheme as a kind of atrocity warm-up on the way to deceitfully engineering a conflict that has killed over 4,400 and maimed nearly 32,000 Americans, as well as leaving over 100,000 Iraqis dead. Being called a traitor by Dick Cheney is the highest honor you can give an American, and the more panicked talk we hear from people like him, Feinstein, and King, the better off we all are. If they had taught a class on how to be the kind of citizen Dick Cheney worries about, I would have finished high school.

Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. 

Binney, Drake, Kiriakou, and Manning are all examples of how overly-harsh responses to public-interest whistle-blowing only escalate the scale, scope, and skill involved in future disclosures. Citizens with a conscience are not going to ignore wrong-doing simply because they'll be destroyed for it: the conscience forbids it. Instead, these draconian responses simply build better whistleblowers. If the Obama administration responds with an even harsher hand against me, they can be assured that they'll soon find themselves facing an equally harsh public response. This disclosure provides Obama an opportunity to appeal for a return to sanity, constitutional policy, and the rule of law rather than men. He still has plenty of time to go down in history as the President who looked into the abyss and stepped back, rather than leaping forward into it. I would advise he personally call for a special committee to review these interception programs, repudiate the dangerous "State Secrets" privilege, and, upon preparing to leave office, begin a tradition for all Presidents forthwith to demonstrate their respect for the law by appointing a special investigator to review the policies of their years in office for any wrongdoing. There can be no faith in government if our highest offices are excused from scrutiny - they should be setting the example of transparency. 

What would you say to others who are in a position to leak classified information that could improve public understanding of the intelligence apparatus of the USA and its effect on civil liberties?

This country is worth dying for.

My question: given the enormity of what you are facing now in terms of repercussions, can you describe the exact moment when you knew you absolutely were going to do this, no matter the fallout, and what it now feels like to be living in a post-revelation world? Or was it a series of moments that culminated in action? I think it might help other people contemplating becoming whistleblowers if they knew what the ah-ha moment was like. Again, thanks for your courage and heroism. Answer: I imagine everyone's experience is different, but for me, there was no single moment. It was seeing a continuing litany of lies from senior officials to Congress - and therefore the American people - and the realization that that Congress, specifically the Gang of Eight, wholly supported the lies that compelled me to act. Seeing someone in the position of James Clapper - the Director of National Intelligence - baldly lying to the public without repercussion is the evidence of a subverted democracy. The consent of the governed is not consent if it is not informed.

Regarding whether you have secretly given classified information to the Chinese government, some are saying you didn't answer clearly - can you give a flat no? Answer: No. I have had no contact with the Chinese government. Just like with the Guardian and the Washington Post, I only work with journalists.

So far are things going the way you thought they would regarding a public debate? – tikkamasala Answer: Initially I was very encouraged. Unfortunately, the mainstream media now seems far more interested in what I said when I was 17 or what my girlfriend looks like rather than, say, the largest program of suspicionless surveillance in human history.

Thanks to everyone for their support, and remember that just because you are not the target of a surveillance program does not make it okay. The US Person / foreigner distinction is not a reasonable substitute for individualized suspicion, and is only applied to improve support for the program. This is the precise reason that NSA provides Congress with a special immunity to its surveillance.

The bill also allows the head of a federal agency or department “to disclose to the Secretary or a private entity providing assistance to the Secretary…information traveling to or from or stored on an agency information system, notwithstanding any other law that would otherwise restrict or prevent agency heads from disclosing such information to the Secretary.” (Emphasis added.) So confidential, proprietary or other information otherwise precluded from disclosure under laws like HIPAA or the Privacy Act get waived if the Secretary of DHS or an agency head feel that your email needs to be shared with a government contracted outfit like the Hacking Team for analysis. And the bill explicitly provides for just this kind of cyber threat analysis outsourcing:

(3) PRIVATE ENTITIES. — The Secretary may enter into contracts or other agreements, or otherwise request and obtain the assistance of, private entities that provide electronic communication or information security services to acquire, intercept, retain, use, and disclose communications and other system traffic in accordance with this subsection. The bill further states that the content of your communications, will be retained only if the communication is associated with a known or reasonably suspected information security threat, and communications and system traffic will not be subject to the operation of a countermeasure unless associated with the threats. (Emphasis added.) “Reasonably suspected” is about as squishy a definition as one can find.

The National Security Agency last year significantly expanded its cooperative relationship with the Saudi Ministry of Interior, one of the world’s most repressive and abusive government agencies. An April 2013 top secret memo provided by NSA whistleblower Edward Snowden details the agency’s plans “to provide direct analytic and technical support” to the Saudis on “internal security” matters. The Saudi Ministry of Interior—referred to in the document as MOI— has been condemned for years as one of the most brutal human rights violators in the world. In 2013, the U.S. State Department reported that “Ministry of Interior officials sometimes subjected prisoners and detainees to torture and other physical abuse,” specifically mentioning a 2011 episode in which MOI agents allegedly “poured an antiseptic cleaning liquid down [the] throat” of one human rights activist. The report also notes the MOI’s use of invasive surveillance targeted at political and religious dissidents. But as the State Department publicly catalogued those very abuses, the NSA worked to provide increased surveillance assistance to the ministry that perpetrated them. The move is part of the Obama Administration’s increasingly close ties with the Saudi regime; beyond the new cooperation with the MOI, the memo describes “a period of rejuvenation” for the NSA’s relationship with the Saudi Ministry of Defense. In general, U.S. support for the Saudi regime is long-standing. One secret 2007 NSA memo lists Saudi Arabia as one of four countries where the U.S. “has [an] interest in regime continuity.”

Reprising this role in Bosnia, Salman was appointed by his full brother and close political ally King Fahd to direct the Saudi High Commission for Relief of Bosnia and Herzegovina (SHC) upon its founding in 1992. Through the SHC, Salman gathered donations from the royal family for Balkan relief, supervising the commission until its until its recent closure in 2011. By 2001, the organization had collected around $600 million — nominally for relief and religious purposes, but money that allegedly also went to facilitating arms shipments, despite a U.N. arms embargo on Bosnia and other Yugoslav successor states from 1991 to 1996. And what kind of supervision did Salman exercise over this international commission? In 2001, NATO forces raided the SHC’s Sarajevo offices, discovering a treasure trove of terrorist materials: before-and-after photographs of al Qaeda attacks, instructions on how to fake U.S. State Department badges, and maps marked to highlight government buildings across Washington. The Sarajevo raid was not the first piece of evidence that the SHC’s work went far beyond humanitarian aid. Between 1992 and 1995, European officials tracked roughly $120 million in donations from Salman’s personal bank accounts and from the SHC to a Vienna-based Bosnian aid organization named the Third World Relief Agency (TWRA). Although the organization claimed to be focused on providing humanitarian relief, Western intelligence agencies estimated that the TWRA actually spent a majority of its funds arming fighters aligned with the Bosnian government.

A defector from al Qaeda called to testify before the United Nations, and who gave a deposition for lawyers representing the families of 9/11 victims, alleged that both Salman’s SHC and the TWRA provided essential support to al Qaeda in Bosnia, including to his 107-man combat unit. In a deposition related to the 9/11 case, he stated that the SHC “participated extensively in supporting al Qaida operations in Bosnia” and that the TWRA “financed, and otherwise supported” the terrorist group’s fighters. The SHC’s connection to terrorist groups has long been scrutinized by U.S. intelligence officials as well. The U.S. government’s Joint Task Force Guantanamo once included the Saudi High Commission on its list of suspected “terrorist and terrorist support entities.” The Defense Intelligence Agency also once accused the Saudi High Commission of shipping both aid and weapons to Mohamed Farrah Aidid, the al Qaeda-linked Somali warlord depicted as a villain in the movie Black Hawk Down. Somalia was subject to a United Nations arms embargo starting in January 1992. *** The board of trustees for the Prince Salman Youth Center, which Salman himself chairs, today includes Saleh Abdullah Kamel, a Saudi billionaire whose name showed up on a purported list of al Qaeda’s earliest supporters known as the “golden chain.” (The Wall Street Journal reported that Kamel “denies supporting terror.”) But as the United States sought to shut down Saudi charities with ties to terrorism in the aftermath of the 9/11 attacks, Kamel and Salman both condemned the effort as an anti-Islamic witch hunt.

In November 2002, Prince Salman patronized a fundraising gala for three Saudi charities under investigation by Washington: the International Islamic Relief Organization, al-Haramain Foundation, and the World Assembly of Muslim Youth. Since 9/11, all three organizations have had branches shuttered or sanctioned over allegations of financially supporting terrorism. That same month, Salman cited his experience on the boards of charitable societies, asserting that “it is not the responsibility of the kingdom” if others exploit Saudi donations for terrorism. *** The new king has also embraced Saudi cleric Saleh al-Maghamsi, an Islamic supremacist who declared in 2012 that Osama bin Laden had more “sanctity and honor in the eyes of Allah,” simply for being a Muslim, than “Jews, Christians, Zoroastrians, apostates, and atheists,” whom he described by nature as “infidels.” That didn’t put an end to Salman’s ties to Maghamsi, however. The new Saudi king recently served as head of the supervisory board for a Medina research center directed by Maghamsi. A year after Maghamsi’s offensive comments, Salman sponsored and attended a large cultural festival organized by the preacher. Maghamsi also advises two of Salman’s sons ….

History Commons adds important details: By 1994, if not earlier, the NSA is collecting electronic intercepts of conversations between Saudi Arabian royal family members. Journalist Seymour Hersh will later write, “according to an official with knowledge of their contents, the intercepts show that the Saudi government, working through Prince Salman [bin Abdul Aziz], contributed millions to charities that, in turn, relayed the money to fundamentalists. ‘We knew that Salman was supporting all of the causes,’ the official told me.” By July 1996 or soon after, US intelligence “had more than enough raw intelligence to conclude… bin Laden [was] receiving money from prominent Saudis.” [Hersh, 2004, pp. 324, 329-330] One such alleged charity front linked to Salman is the Saudi High Commission in Bosnia (see 1996 and After). Prince Salman has long been the governor of Riyadh province. At the time, he is considered to be about fourth in line to be king of Saudi Arabia. His son Prince Ahmed bin Salman will later be accused of having connections with al-Qaeda leader Abu Zubaida (see Early April 2002). [PBS, 10/4/2004] It appears this surveillance of Saudi royals will come to an end in early 2001 (see (February-March 2001)).

Author Roland Jacquard will later claim that in 1996, al-Qaeda revives its militant network in Bosnia in the wake of the Bosnian war and uses the Saudi High Commission (SHC) as its main charity front to do so. [Jacquard, 2002, pp. 69] This charity was founded in 1993 by Saudi Prince Salman bin Abdul-Aziz and is so closely linked to and funded by the Saudi government that a US judge will later render it immune to a 9/11-related lawsuit after concluding that it is an organ of the Saudi government. [New York Law Journal, 9/28/2005] In 1994, British aid worker Paul Goodall is killed in Bosnia execution-style by multiple shots to the back of the head. A SHC employee, Abdul Hadi al-Gahtani, is arrested for the murder and admits the gun used was his, but the Bosnian government lets him go without a trial. Al-Gahtani will later be killed fighting with al-Qaeda and the Taliban in Afghanistan. [Schindler, 2007, pp. 143-144; Schindler is a professor at the U.S. Army War College] In 1995, the Bosnian Ministry of Finance raids SHC’s offices and discovers documents that show SHC is “clearly a front for radical and terrorism-related activities.” [Burr and Collins, 2006, pp. 145]

In 1995, US aid worker William Jefferson is killed in Bosnia. One of the likely suspects, Ahmed Zuhair Handala, is linked to the SHC. He also is let go, despite evidence linking him to massacres of civilians in Bosnia. [Schindler, 2007, pp. 263-264] In 1997, a Croatian apartment building is bombed, and Handala and two other SHC employees are suspected of the bombing. They escape, but Handala will be captured after 9/11 and sent to Guantanamo prison. [Schindler, 2007, pp. 266] In 1997, SHC employee Saber Lahmar is arrested for plotting to blow up the US embassy in Saravejo. He is convicted, but pardoned and released by the Bosnian government two years later. He will be arrested again in 2002 for involvement in an al-Qaeda plot in Bosnia and sent to Guantanamo prison (see January 18, 2002). By 1996, NSA wiretaps reveal that Prince Salman is funding Islamic militants using charity fronts (Between 1994 and July 1996).

A 1996 CIA report mentions, “We continue to have evidence that even high ranking members of the collecting or monitoring agencies in Saudi Arabia, Kuwait, and Pakistan – such as the Saudi High Commission – are involved in illicit activities, including support for terrorists” (see January 1996). Jacquard claims that most of the leadership of the SHC supports bin Laden. The SHC, while participating in some legitimate charitable functions, uses its cover to ship illicit goods, drugs, and weapons in and out of Bosnia. In May 1997, a French military report concludes: ”(T)he Saudi High Commission, under cover of humanitarian aid, is helping to foster the lasting Islamization of Bosnia by acting on the youth of the country. The successful conclusion of this plan would provide Islamic fundamentalism with a perfectly positioned platform in Europe and would provide cover for members of the bin Laden organization.” [Jacquard, 2002, pp. 69-71] However, the US will take no action until shortly after 9/11, when it will lead a raid on the SHC’s Bosnia offices. Incriminating documents will be found, including information on how to counterfeit US State Department ID badges, and handwritten notes about meetings with bin Laden. Evidence of a planned attack using crop duster planes is found as well. [Schindler, 2007, pp. 129, 284]

Microsoft and T-Systems' lawyers may well think that storing customer data in a German trustee data center will protect it from the reach of US law, but for all we know, that could be wishful thinking. Forrester cloud computing analyst Paul Miller: To be sure, we must wait for the first legal challenge. And the appeal. And the counter-appeal. As with all new legal approaches, we don’t know it is watertight until it is challenged in court. Microsoft and T-Systems’ lawyers are very good and say it's watertight. But we can be sure opposition lawyers will look for all the holes. By keeping data offshore - particularly in Germany, which has strong data privacy laws - Microsoft could avoid the situation it's now facing with the US demanding access to customer emails stored on a Microsoft server in Dublin. The US has argued that Microsoft, as a US company, comes under US jurisdiction, regardless of where it keeps its data.

Running away to Germany isn't a groundbreaking move; other US cloud services providers have already pledged expansion of their EU presences, including Amazon's plan to open a UK datacenter in late 2016 that will offer what CTO Werner Vogels calls "strong data sovereignty to local users." Other big data operators that have followed suit: Salesforce, which has already opened datacenters in the UK and Germany and plans to open one in France next year, as well as new EU operations pledged for the new year by NetSuite and Box. Can Germany keep the US out of its datacenters? Can Ireland? Time, and court cases, will tell.