in 2010, the NSA and GCHQ formed a joint effort called the Mobile Handset Exploitation Team (MHET). among other companies, they infiltrated Gemalto—the world's largest SIM producer, whose customers include T-Mo, AT&T, and hundreds of telcos worldwide—and have been stealing a huge amount of the encryption keys for Gemalto's SIM cards. they get the keys by cyberstalking the company's employees, collecting their emails and file transfers via XKeyscore, and mining for the ones that had weakly encrypted (or unencrypted) keys, all of which they've automated as a bulk process. since SIM encryption has no perfect forward secrecy, the keys allow for fast decryption of affected devices' data, SMS, and voice comms, even those that are collected before the keys are known. Gemalto's HQ is in Amsterdam, which probably means the attack broke Dutch laws. however, in the USA, the attack could be considered to be authorized by the Patriot Act.
"""According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto."""
edit: apparently the mass surveillance provisions of the Patriot Act are set to expire 2015-06-01, and even the original sponsor of the Act is campaigning against reauthorization of the provisions. [http://www.demandanexpirationdate.com/?code=98percent&can_id=78fb9d5b33434e5025127366e0c5a5b4]