The Federal Bureau of Investigations has the technological capability of turning on your webcam and collecting data without you ever knowing it, according to the Washington Post. The FBI can use the same technology to download photographs, stored emails and other files on civilians’ personal computers. FBI agents can also access browsing history and find the location of the computer.

FBI agents designed a piece of malicious software to give them access to the private information. The software is delivered to a computer when the targeted person signs into his or her email account.

The use of such technology is extremely controversial, especially since some information is being collected without any suspected link to a crime.

When the FBI requested permission in Texas to use the software on one suspect, the federal magistrate in Houston ruled that the malware was “extremely intrusive.” The magistrate also said it could violate the Fourth Amendment, which prohibits unreasonable search and seizure.

“You can’t just go on a fishing expedition,” said Laura K. Donohue, a Georgetown University law professor familiar with court rulings on the software, to the Washington Post. “There needs to be a nexus between the crime being alleged and the material to be seized. What they are doing here, though, is collecting everything.”

The malware still has limitations to what information it can collect, especially when a targeted person’s location is unknown. Despite this, officials say the FBI will likely rely on computer spying more and more in the future.

Using The Technology With Suspect Mo

After James Holmes opened fire in an Aurora, Col. Movie theater on July 20, 2012, he garnered support from at least one person: a mystery man who called himself “Mo.” Two days after the shooting, Mo called the county sheriff’s office claiming to be a friend of Holmes’, according to the Washington Post. He told the sheriff to free Holmes and threatened to blow up a building filled with people if he refused.

Mo spoke to the sheriff on the phone and communicated via email over the course of three hours. This left authorities with a phone number and an email address, neither of which seemed to help police find Mo’s true identity. The phone number was for Google Voice rather than a land line or cellphone, and Mo had used a virtual proxy to mask information about his computer. The Google account was registered under another fake name, this time “Soozan vf.”

Over the next several months, Mo continued contact with authorities. The Washington Post reports that court documents allege Mo threatened to set off bombs at numerous public places around the country, including a county jail, a hotel, three universities and two international airports.

He also emailed a set of pictures to authorities which he claimed were of him. The pictures showed an olive-skinned man in his late 20s wearing an Iranian military uniform. He began contacting authorities with a new email address, “texan.slayer@yahoo.com,” and gave his full name as Mohammed Arian Far.

Authorities received a search warrant in September 2012 which gave them information linked to Mo’s Google account, the first account with which he contacted authorities. The listed birth date put Mo at 27 years old. Other information like the computer IP address showed that Mo had signed up for the account in 2009 in Tehran, Iran.

Authorities were finally getting leads on the case, but it wasn’t enough. They turned to the malware to collect more useful and up-to-date information on their suspect.

A federal magistrate in Denver granted the FBI a search warrant to attempt to use surveillance software sent to Mo’s Yahoo email address, according to the New York Post. The Washington Post said the warrant authorized use of an “Internet web link” to download software to Mo’s computer. In other words, the FBI sent a misleading link to Mo in hopes that he would click it.

The software didn’t work as planned, and officials were only able to gather two IP addresses, which suggested Mo was still located in Tehran. The FBI still hasn’t made any arrests in the case.

A Glimpse Into The Malware

Court documents from cases regarding Mo – such as when authorities applied for search warrants – give the most complete information of the FBI’s abilities. Experts now know that the FBI’s malware uses typical hacking strategies such as including a link in an email, a technique known as phishing.

The malware can access practically any information conceivable, including being able to covertly turn on a computer’s webcam and gather pictures in real time. Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, Va., said the government has already been using such technology for several years.

Thomas said the hacking technique has been used sparingly and only in the most serious criminal investigations, typically in terrorism cases. But, he says, Americans can expect the use of such technology to become more commonplace as encryptions and mobile devices become more common. “There’s the realization out there that they’re going to have to use these types of tools more and more,” he said to the Washington Post.

Most people commenting on the technology are very against its use, especially since the government has been using it largely without public knowledge or consent. Christopher Soghoian, principal technologist for the American Civil Liberties Union, told the Washington Post, “We have transitioned into a world where law enforcement is hacking into people’s computers, and we have never had public debate.”