In a significant development that has raised alarm among digital rights advocates, U.S. Immigration and Customs Enforcement (ICE) has obtained access to advanced Israeli-made spyware capable of compromising mobile phones and infiltrating encrypted messaging applications. The Trump administration’s decision to move ahead with a contract with Paragon Solutions grants ICE access to one of the world’s most sophisticated hacking tools.
The Graphite Spyware Controversy
The Department of Homeland Security initially entered into a $2 million contract with Paragon Solutions in late 2024 under the Biden administration. However, the agreement was temporarily suspended for a compliance review to ensure it adhered to an executive order restricting the U.S. government’s use of spyware. That pause has now been lifted, with public procurement documents listing ICE as the contracting agency.
Capabilities and Concerns
The spyware, known as Graphite, represents one of the most powerful stealth cyber weapons ever created outside the United States. According to reporting by The Guardian, when successfully deployed, Graphite can hack into any mobile phone, taking complete control of the device.
This control extends to:
- Tracking an individual’s precise location in real-time
- Reading all messages and communications
- Accessing and viewing personal photographs
- Infiltrating encrypted applications like WhatsApp and Signal
- Functioning as a listening device through phone microphone activation
Security researchers have noted that Graphite employs zero-click attack vectors, meaning targets can be compromised without any interaction required from them. This method significantly increases the potential for mass surveillance and reduces the possibility of detection.
Paragon Solutions: A Troubling History
Paragon Solutions, founded in 2019 with connections to former Israeli Prime Minister Ehud Barak, has attempted to distinguish itself from NSO Group, the makers of the infamous Pegasus spyware. While the Biden administration placed NSO Group on a commerce department blacklist for supplying foreign governments with tools to “maliciously target” dissidents and journalists, Paragon has claimed to operate under stricter ethical guidelines.
The company asserts that it only conducts business with democratic governments and maintains a no-tolerance policy for clients who misuse their technology to target civil society members. However, Paragon’s refusal to disclose its client list or provide insight into how clients utilize the technology raises significant transparency concerns.
Precedent of Misuse
Paragon’s assurances have been called into question following documented misuse of their Graphite spyware. In a notable case, the Italian government was found to have used Graphite to target 90 individuals, including journalists and civil society members across two dozen countries. These targets included human rights activists critical of Italy’s dealings with Libya, forcing Paragon to terminate their relationship with Italy entirely.
According to Citizen Lab researchers, similar targeting has occurred in other European nations, with at least three prominent journalists identified as victims of Graphite-based attacks. The zero-click nature of these exploits makes detection extremely challenging for potential victims.
Civil Liberties and Constitutional Implications
The acquisition of Graphite by ICE has sparked intense criticism from civil liberties organizations and digital rights experts. John Scott-Railton, a senior researcher at Citizen Lab, has warned that such tools “were designed for dictatorships, not democracies built on liberty and protection of individual rights.”
Nadine Farid Johnson, policy director at the Knight First Amendment Institute at Columbia University, emphasized the broader implications, stating that “spyware like Paragon’s Graphite poses a profound threat to free speech and privacy. It has already been used against journalists, human rights advocates and political dissidents around the world.”
Historical Context of ICE Surveillance
This latest development fits into a troubling pattern of expanding surveillance capabilities within ICE. According to a report from Georgetown Law’s Center on Privacy & Technology titled “American Dragnet,” ICE spent $2.8 billion on surveillance technology between 2008 and 2021, representing a significant investment in domestic intelligence gathering.
The agency’s surveillance infrastructure enables it to pull detailed dossiers on nearly anyone, leveraging both public records and privately acquired information. ICE reportedly has access to driver’s license data of 74% of American adults through partnerships with private data brokers, raising questions about the scope of their surveillance reach beyond immigrant communities.
Executive Orders and Oversight Challenges
An executive order signed by President Biden sought to establish guardrails around the U.S. government’s use of spyware, stipulating that the U.S. “shall not make operational use of commercial spyware that poses significant counterintelligence or security risks.” However, the quiet lifting of the stop-work order for the Paragon contract suggests possible conflicts between executive directives and agency implementation.
As John Scott-Railton pointed out, “As long as the same mercenary spyware tech is going to multiple governments, there is a baked-in counterintelligence risk. Since all of them now know what secret surveillance tech the U.S. is using, and would have special insights on how to detect it and track what the U.S. is doing with it.”
Broader Implications for Democracy
The deployment of Graphite by ICE represents more than a simple expansion of surveillance capabilities; it reflects a deeper shift toward a surveillance state architecture. Commercial spyware companies operate in a regulatory gray area, often shielded from public scrutiny by government secrecy classifications and non-disclosure agreements.
This arrangement also raises fundamental questions about oversight and accountability. While ICE falls under the Department of Homeland Security, the agency’s operations have historically operated with minimal congressional oversight, a concern highlighted in reports from organizations like the Brennan Center for Justice.
Legal Considerations
Legal experts have begun examining the constitutional implications of such surveillance programs. Courts have historically placed limits on government surveillance powers, requiring warrants for certain types of data collection. However, the application of these protections to immigrant communities remains inconsistent and contested.
The potential for abuse is particularly concerning given documented patterns of ICE operations that extend beyond their stated immigration enforcement mandate. As noted in various legal analyses, including work from the National Immigrant Justice Center, the expansion of domestic surveillance capabilities without corresponding oversight creates a dangerous precedent for targeting political dissidents, journalists, and advocacy groups.
Conclusion: Balancing Security and Liberty
The ICE-Paragon Solutions arrangement exemplifies the ongoing tension in American democracy between security imperatives and civil liberties. While government agencies argue that such tools are necessary for effective law enforcement and national security, the documented misuse of similar technologies worldwide and domestically raises serious doubts about their responsible deployment.
Digital rights advocates continue calling for congressional action to establish clear limitations on the circumstances under which commercial spyware can be deployed by federal agencies. Until such safeguards are implemented, the acquisition of Graphite by ICE serves as a stark reminder of the fragile balance between government power and individual privacy in the digital age.
Leave a Reply