"The BND realized as early as 2008 that some of the selectors were not permitted according to its internal rules, or covered by a 2002 US-Germany anti-terrorism "Memorandum of Agreement" on intelligence cooperation. And yet it did nothing to check the NSA's requests systematically. It was only in the summer of 2013, after Edward Snowden's revelations of massive NSA and GCHQ surveillance, that the BND finally started an inquiry into all the selectors that had been processed. According to Der Spiegel, investigators found that the BND had provided information on around 2,000 selectors that were clearly against European and German interests. Not only were European businesses such as the giant aerospace and defense company EADS, best-known as the manufacturer of the Airbus planes, targeted, so were European politicians—including German ones.
However, the BND did not inform the German Chancellor's office, which only found out about the misuse of the selector request system in March 2015. Instead, the BND simply asked the NSA to make requests that were fully covered by the anti-terrorism agreement between the two countries. According to Die Zeit, this was because the BND was worried that the NSA might curtail the flow of its own intelligence data to the German secret services if the selector scheme became embroiled in controversy.
The White House did not explain why it has taken three months to disclose the episode. Obama said that the operation was conducted after hundreds of hours of surveillance had convinced American officials that they were targeting an Al Qaeda compound where no civilians were present, and that "capturing these terrorists was not possible." The White House said the operation that killed the two hostages "was lawful and conducted consistent with our counterterrorism policies" but nonetheless the government is conducting a "thorough independent review" to determine what happened and how such casualties could be avoided in the future.
The legislation, inspired by the late Internet innovator and activist Aaron Swartz, who faced up to 35 years in prison for an act of civil disobedience, would reform the quarter-century old Computer Fraud and Abuse Act (CFAA) to better reflect computer and internet activities in the digital age. Numerous and recent instances of heavy-handed prosecutions for non-malicious computer crimes have raised serious questions as to how the law treats violations of terms of service, employer agreements and website notices.
"Aaron’s Law would change the definition of 'access without authorization' in the CFAA so it more directly applies to malicious hacks such as sending fraudulent emails, injecting malware, installing viruses or overwhelming a website with traffic."