What Is ICE Doing With This Israeli Spyware Firm?
The Department of Homeland Security restored a $2 million contract with Paragon, maker of the surveillance tool Graphite, despite earlier civil liberties concerns.
The deployment of Paragon's Graphite spyware was a major scandal in Italy. Earlier this year, the messaging app WhatsApp revealed that 90 journalists and civil society figures had been targeted by the military-grade surveillance tech, which gives "total access" to a victim's messages. The Italian government admitted to spying on refugee rights activists, and Paragon cancelled its contract with the government almost immediately after the story broke.
Now the same software may be coming to America—and again with an immigration focus. Last week, the U.S. Department of Homeland Security quietly lifted a stop-work order on a $2 million contract that Immigration and Customs Enforcement (ICE) had with Paragon for a "fully configured proprietary solution including license, hardware, warranty, maintenance, and training."
The deal was first signed by the Biden administration, and it was frozen in October 2024, less than a week after Wired broke the news of the contract. An administration official later insisted to Wired that, rather than reacting to bad publicity, they were reviewing the contract to comply with President Joe Biden's order to ensure that commercial spyware use by the U.S. government "does not undermine democracy, civil rights and civil liberties."
The details of that review—or even the contract itself—were never publicly disclosed. But the results are clear: ICE now has a green light to use whatever software Paragon was offering. (Neither Paragon nor ICE responded to requests for comment from The Guardian.)
The Citizen Lab at the University of Toronto, dedicated to researching electronic surveillance, found that Graphite targeted users through a "zero-click exploit." By adding someone to a WhatsApp group in a certain way, Graphite can force their phones to read an infected PDF file without the user's input. In other words, a cyberattack can be disguised as a spam text—and works even if victims ignore it.
After discovering the vulnerability with the Citizen Lab's help, WhatsApp said in a statement that it was "constantly working to stay ahead of threats" and "build new layers of protection into WhatsApp."
Paragon was co-founded by Ehud Barak, a former Israeli prime minister and general in charge of military intelligence, and Ehud Schneorson, a former head of Unit 8200, the Israeli equivalent of the National Security Agency. Last year, an American private equity firm bought Paragon for $500 million with the intention of merging it into RED Lattice, a firm connected to former U.S. intelligence officials. Paragon has positioned itself as a more ethical alternative to NSO Group, a spyware company similarly run by Unit 8200 veterans.
In 2021, NSO Group suffered a series of scandals after it was revealed that its Pegasus spyware was sold to police states around the world and was possibly used to spy on journalists who were murdered. NSO Group accused the media of running a "vicious and slanderous campaign" and promised to "thoroughly investigate any credible proof of misuse." The Biden administration hit NSO Group with economic sanctions in response.
Around the time that the Pegasus scandal was breaking, a Paragon executive boasted to Forbes that their company would only deal with customers who "abide by international norms and respect fundamental rights and freedoms."
However, the reports of surveillance in Italy "undermine Paragon Solutions's public marketing of itself as a more ethical provider of surveillance malware," Cooper Quintin, the senior staff technologist at the civil libertarian Electronic Frontier Foundation, said in a statement. "Without strong legal guardrails, there is a risk that the malware will be misused in a similar manner by the U.S. Government."
ICE is not the first U.S. government agency to use Paragon's software. The New York Times reported in 2022 that the Drug Enforcement Agency (DEA) was using Graphite to spy on drug cartels. An official from the DEA told the Times that the targets were all on foreign soil.
Bringing the spyware into domestic immigration enforcement would be a step up from targeting cartel members abroad. ICE has been building up its ability to spy on Americans over the past few months. The agency has gained access to a massive database of medical and car insurance claims and the nationwide network of license plate readers. And it has contracted surveillance firm Palantir to build a "near real-time" tracking system known as ImmigrationOS, with a prototype scheduled to come out later this month.
What kind of data will be fed into this system? Will ICE be in the business of hacking phones? How will Americans be protected from this mass surveillance? These vague public contract announcements leave a lot of questions unanswered—and the feds, under either Biden or President Donald Trump, aren't eager to tell.