In this personal account, I reflect back ten years almost to the day, when the world changed as a result of the September 11th attacks. A month later, the USA PATRIOT Act was signed into law. A visit last year to the city which suffered the foulest of all terrorist attacks, opened my eyes to the Patriot Act and its reach to Europe and further afield.
11th September 2001 — Nottinghamshire, England
As I approached my family home as I returned from school, my mother stood at the door with a red, puffy face. She had been crying.
I was two weeks away from turning thirteen years old. A split second of inconceivable thought crossed my mind. I thought my father had died.
She told me to come into the house and told me: “America is under attack.”=. The BBC had interrupted its broadcast stream — something I vaguely remembered happening a few years before — when I was much younger, as I was watching cartoons in the living room. Princess Diana had died, and “all programming was suspended.”
I saw footage of a plane gliding through the sky, before it exploded upon impact between these two large, unidentifiable buildings. I had no idea what the World Trade Center was, but knew that the Twin Towers — something covered in school only a week before — were one of the largest buildings in the world.
It was around 3:40pm in north Nottinghamshire, England. I had just finished school for the day. By this point, it was approaching 11am in New York City. The towers had already collapsed. Thousands were dead, in the less than ten seconds it took for the towers to crumble to the ground.
I stood there, gazing at the television, with only one thought crossing my mind. At that point, I murmured: “This will bring us to World War 3, won’t it, mum?”
A world without Facebook, or Twitter, and barely mobile phones — the technology that we now take for granted was a world away. New York City to me was a world away. The events that day, to the people in Manhattan, were a world away from what they were used to.
The world changed in the space of three hours.
10th June 2010 — New York City, United States
I sat in a bar just off East 30th Street with my colleague Mary Jo Foley, and a mutual friend, Jon Honeyball, contributing editor to PC Pro.
Many discussions were banded around, and laughs were had by both. As we shared bread and olives, something Jon said pricked my ears.
“Say you have a student at college, who has an Arabic name. Sure, he is born in England and has a UK passport and nationality, but his parents are Iranian”.
“The student goes on holiday to Florida to visit Disneyland. But he gets detained at immigration, without warning or even suspicion. He doesn’t know why he is stopped, and nobody tells him why”.
“He is doing research into statistical modelling of nuclear reactions and is co-funded by a public sector organisation, run by a branch of the UK’s chief laboratory”, he added.
“But the U.S. decides, wrongly, that he is hostile and of interest.”
In a post-9/11 world, we hear stories of law enforcement’s institutional racism and ethnic profiling at airports. Whether it truly exists, we have no way of truly knowing.
“The U.S. government can wave the Patriot Act legislation at Microsoft, a U.S. headquartered company, which handles the email of that students’ college. Microsoft hands it over, but is gagged from telling the college that this is happened.”
I was still unclear of the implications. This was the first time I heard of the Patriot Act — the U.S. counter-terrorism legislation that was brought in a month after the September 11th attacks. A political ‘martial law’, I believed.
He went on.
I had to go outside for a cigarette.
This naive, young columnist had never even considered that a law from another government could infringe the rights of a foreign national in this way.
I made Honeyball a promise, that I would investigate this until I was done. I left that evening feeling empowered but equally disheartened. I could not believe that governments could force companies like Microsoft, Google and other cloud-service providers to act in this way.
Honeyball pointed me in the right direction. He had covered this extensively before, and had heated discussions and conversations with many about this. But while he and so many others suspected foul play, it was all but impossible to prove.
17th June 2010 — Canterbury, England
After one long week of sleepless nights, and a throbbing ’stress vein’ under my left eye, I found a crucial discrepancy between two statements.
Microsoft — for which I had a good working relationship with — was the focus of my investigation. My college around the same time, the University of Kent, had announced that it was switching to Microsoft’s Live@edu service — the outsourced communications platform, now known as Office 365.
I had a source. This person has the highest level of trust possible in my books. I trusted everything that this person said, because they had laid down their career, their financial security and potentially their freedom, to disclose something extremely damaging to the global cloud industry.
This person handed me a document, which offered a discrepancy between what Microsoft was publicly saying, and what it knew about the Patriot Act and gagging orders, known as National Security Letters.
Concerned initially for my university, my colleagues and friends I studied with, and my own personal data security, regarding my institution’s imminent contract signing with Microsoft’s UK subsidiary, I acted probably before I should have.
I presented this to Julia Goodfellow, vice-chancellor at the University of Kent, who all but dismissed my claims, stating that “Safe Harbor is enough to protect our data.” Whether I had not explained it as well as I could have done, only a week after discovering the initial issue — or whether her institution, already suffering at the helm of a global recession, could simply afford to ignore this student for the sake of financial security — I did not know.
I begged her not to sign the contract. Two months later, our email had been outsourced, and immediately put 19,000 students at my university at risk from interception by U.S. authorities. Considering we are an international university, with a good chunk of students studying from the Middle East, who knows what repercussions they could face.
A few days after, I received “assurances” from the director of IT services at my university following my meeting with the university chief, stating that the lawyers had explored all avenues in relation to data protection and European data laws.
But I was not convinced. My source already gave me enough evidence for me to pursue this until the bitter end.
Next page: What the source led me to »
