The investigation that toppled CIA chief David Petraeus has sparked fresh debate over online privacy and the government's ability to snoop into private email accounts.
"When the CIA director cannot hide his activities online, what hope is there for the rest of us?" said Chris Soghoian of the American Civil Liberties Union's Privacy and Technology Project.
"This should also serve as a warning, by demonstrating the extent to which the government can pierce the veil of communications anonymity without ever having to obtain a search warrant or other court order from a neutral judge."
Petraeus resigned last week when it became clear that his affair with 40-year-old military reservist Paula Broadwell, his biographer, would become public.
FBI agents stumbled on the liaison after a complaint from Jill Kelley—a close friend of both Petraeus and Allen—who told a federal agent that she had received threatening emails, which investigators later traced to Broadwell.
"It is troubling because we don't know what permissions were granted," said James Lewis, head of the Technology and Public Policy Program at the Center for Strategic and International Studies.
Lewis said it was unclear if Broadwell was made aware of her rights, before agreeing to allow FBI agents to access her emails.
He said even spy agencies such as the National Security Agency, when hunting for terrorists, must meet "very precise legal conditions" before obtaining email access.
"We need to be clear on the rules for looking at emails without a warrant. The basic rule should be no court approval, no investigation," Lewis said.
It was not immediately clear what methods the FBI used in the probe. Some reports suggest FBI agents may have obtained a court order which allowed access to Broadwell's Gmail account.
Google said this week in its semiannual Transparency Report that the number of government requests to hand over data from users was on the rise.
In the first half of 2012, Google received 20,938 requests for data from government entities around the world, including 7,969 from the United States. Google complied in 90 percent of those cases.
Julian Sanchez, a research fellow at the libertarian Cato Institute, said the case appears to have led the FBI on a "fishing expedition" which eventually led to Petraeus and later to top General John Allen for emails linked to people in the scandal.
"It's not clear what authority the FBI had, or what the probable cause was," said Sanchez, noting that it's not yet clear if any crime was committed.
"It seems like an abuse of investigative powers."
The mushrooming scandal is expected to give new impetus to proposals in Congress, including a bill from Senator Patrick Leahy, to require a court warrant based on probable cause in order to get email contents from Internet firms.
The ACLU's Soghoian said the Petraeus case underscores the need for stricter legislation.
"It's a reminder that the legal protections for email fall far short of what they should be," he said in a blog post.
Gregory Nojeim, senior counsel at the Washington-based Center for Democracy & Technology, said the case may cause lawmakers to finally wake up to the issue of digital privacy.
"The Petraeus investigation shows that it's critically important to have strong privacy protections for email and other electronic communications," he said.
"Without them, investigations can rapidly broaden and snare others far removed from the original target, and maybe veer out of control."
Explore further: 46,000 Twitter accounts linked to Islamic State: study