The FRA runs their surveillance on a tiny scale. The FRA's disadvantage here (I think), apart from their more obvious relative lack of resources, is that they can't access most of the internet's backbone structure.
I'm pretty sure that they do break the law, though.
What annoys me with both is that they are both quick to assure that their citizens are protected against these intrusions, implying that everyone else isn't.
There are very few political boundaries on teh interwebz. This board's server, for instance, is located in the US but I am regularly backing up its contents outside it. The board's members come from all over the globe, from countries with differing laws and regulations, using internet providers with differing terms of service, and many of them conflicting with each other. Yet here we are, publishing information that may be stored on a US server but accessed and copied outside it by people outside the US jurisdiction.
To me, assuring that some are "protected" (what a silly word, in this context) and others aren't when listening to this kind of traffic is nonsensical. How would they know? Do we all carry virtual flags, waving them virtually while posting?
I suspect our governments hope we'll liken their eavesdropping to putting ears on physical walls and believing them that no, they wouldn't do that on their soil. It's perverted and obviously wrong. Surely they wouldn't.
But they don't know and often can't know where in the world those walls are. If we are to entertain this mental image of ears against physical walls, let's include every foreign embassy wall there is. Let's include every wall there is, with ears against every single one. And every time, the first question is, "whose wall is this?"
Ed Snowden is a hero.