As digital surveillance tools blur the lines between national security and personal privacy, a recent move by US Immigration and Customs Enforcement (ICE) has reignited debates over government use of advanced spyware. Independent journalist Jack Poulson revealed that ICE has lifted a suspension on a multimillion-dollar deal with Paragon Solutions, an Israeli spyware firm now under US ownership. This decision comes despite past concerns over potential violations of executive orders and fresh reports of the company’s tools being used against journalists. In this deep dive, we’ll explore the details of the reinstatement, Paragon’s history, and what it means for civil liberties in an increasingly monitored world.
Lifting the Ban: Details of the ICE-Paragon Deal Revival
On August 30, 2024, ICE quietly removed a “stop work order” from a $2 million contract with Paragon’s US branch in Chantilly, Virginia. Originally signed on September 27, 2024, the agreement provides hardware and perpetual license software to the agency. The suspension, enacted on October 8, 2024, followed a White House review prompted by fears it might breach President Biden’s March 2023 executive order (EO 14093), which restricts US government procurement of commercial spyware posing risks to national security or human rights.
The reinstatement, documented on the Federal Procurement Data System, signals a potential green light for ICE to access Paragon’s sophisticated tools. Updates are expected to appear on USASpending.gov soon. This move follows Paragon’s acquisition in December 2024 by AE Industrial Partners, a Florida-based firm, for $500 million. The deal included plans to merge Paragon with REDLattice, another US company in AE’s portfolio, potentially easing concerns over foreign influence.
For more on the initial suspension and review process, see this in-depth report from Wired.
Paragon’s Origins and the Power of Graphite Spyware
Founded in 2019 by Ehud Schneorson, a former commander in Israel’s elite Unit 8200, and backed by ex-Prime Minister Ehud Barak, Paragon has quickly become a key player in the spyware market. Its flagship product, Graphite, is a zero-click exploit capable of infiltrating devices without user interaction, extracting data from encrypted apps like Signal and WhatsApp.
Unlike broader tools from competitors such as NSO Group’s Pegasus, which has faced global backlash for targeting activists and journalists, Graphite is marketed as a precision instrument for law enforcement. However, critics argue it still enables mass surveillance under the guise of targeted operations. The spyware exploits vulnerabilities in iOS, as seen in a critical flaw (CVE-2025-43200) with a CVSS score of 9.8, involving maliciously crafted media via iCloud links—patched in iOS 18.3.1.
Expanding on this, Graphite’s capabilities allow for silent data exfiltration, making it ideal for intelligence gathering but raising alarms over abuse. Comparisons to Pegasus highlight a trend: spyware firms often pivot to “ethical” branding, yet real-world use tells a different story, with deployments linked to authoritarian regimes.
On X, @DiligentDenizen raised eyebrows with a post stating: “Trump admin quietly rolls out Israeli spyware Paragon under the premise of ICE expansion: Paragon is designed to hack into mobile phones and secretly record messages sent using encrypted apps such as Signal and WhatsApp. Co-founded in 2019 by former Israeli prime minister Ehud Barak, it sells the spyware to governments and law enforcement agencies for ‘security’.” This commentary, which sparked widespread discussion, questions the long-term implications for citizen privacy. Follow @DiligentDenizen on X for more on surveillance tech debates.
High-Profile Incidents: Spyware Targets Journalists and Activists
Recent revelations have thrust Paragon into the spotlight. In June 2025, researchers at Citizen Lab identified Graphite infections on the iPhones of at least two European journalists, including Italian reporter Ciro Pellegrino. Bill Marczak and John Scott-Railton from Citizen Lab noted, “We identify an indicator linking both cases to the same Paragon operator,” confirming the spyware’s role.
Italy’s parliamentary committee, COPASIR, later admitted the government’s use of Graphite against activists Luca Casarini and Giuseppe “Beppe” Caccia. When Citizen Lab uncovered a third potential victim, Mr. Cancellato, Paragon offered to investigate—but Italy declined on June 9, 2025, citing national security and reputational risks. The Italian Department of Security Intelligence (DIS) refuted Paragon’s claims of contract termination, emphasizing the need for direct database access.
These cases echo broader patterns in spyware misuse, such as the 2021 Pegasus Project exposing targeting of dissidents worldwide. Apple confirmed the exploit to Citizen Lab, underscoring vulnerabilities in even the most secure devices.
Echoing these concerns, @FreedomofPress posted: “ICE may soon receive access and training on the use of targeted spyware produced by Israeli firm Paragon. Learn how to protect yourself and your devices in our digital security newsletter.” Their alert provides practical advice amid rising threats. Check out @FreedomofPress on X for ongoing resources.
For a detailed look at the Italian investigations, refer to this analysis from Haaretz.
Broader Implications and Calls for Accountability
The ICE-Paragon revival highlights tensions between security needs and ethical boundaries. While proponents argue such tools are essential for immigration enforcement, critics like the Electronic Frontier Foundation (EFF) warn of overreach. In a statement, EFF decried the contract’s reactivation, noting its potential for domestic surveillance.
This fits into a larger narrative of federal surveillance growth, as seen in posts from @Rifleman4WVU: “It is also only the latest sign of how far the federal government’s surveillance apparatus has grown under the banner of “immigration enforcement.” ICE Reactivates Contract With Israeli-linked Spyware Firm Paragon.” Follow @Rifleman4WVU on X for perspectives on constitutional concerns.
Industry watchers point to the $500 million acquisition as a strategic move to “Americanize” Paragon, potentially bypassing restrictions. Yet, with EO 14093 in place, questions linger about compliance. For the full executive order text, visit The White House archives.
Frequently Asked Questions (FAQs)
What is Paragon’s Graphite spyware, and how does it work?
Graphite is a zero-click spyware that infects devices via vulnerabilities like malicious media links, allowing data extraction from encrypted apps without user awareness.
Why was the ICE-Paragon contract suspended initially?
It was halted in October 2024 for a White House review over possible violations of a 2023 executive order limiting spyware procurement due to human rights risks.
Has Paragon’s spyware been used against journalists?
Yes, Citizen Lab confirmed Graphite infections on European journalists’ devices in June 2025, linked to the same operator.
What does the Paragon acquisition mean for US operations?
The $500 million buyout by AE Industrial Partners in December 2024 aims to merge it with a US firm, potentially reducing foreign control concerns.
How can individuals protect against spyware like Graphite?
Use updated devices, enable security features, and follow guides from organizations like EFF or Freedom of the Press for digital hygiene.
In conclusion, ICE’s decision to reinstate the Paragon contract underscores the ongoing battle over spyware’s role in government operations, balancing security with privacy safeguards.
