Last reviewed: June 29, 2026. The legal analysis of zero-click surveillance under Riley and Carpenter holds. What changed: on April 7, 2026, ICE Acting Director Todd Lyons confirmed in a letter to the House Committee on Oversight and Government Reform that the agency was using Paragon's Graphite spyware, and on April 16, 2026, Lyons announced his resignation effective May 31, 2026. Update paragraph and citations appended below.

TL;DR: The recent reactivation of ICE's contract for Paragon Solutions' "Graphite" zero-click spyware (following corporate restructuring designed to circumvent Executive Order 14093) is a profound threat to Fourth Amendment protections. Zero-click technology enables silent, comprehensive, real-time capture of all digital and physical data, including live microphone and camera access. The Supreme Court precedents in Riley v. California and Carpenter v. United States establish that such surveillance requires a warrant based on probable cause. Without strong judicial oversight, this deployment effectively authorizes continuous, unreviewable general searches that compromise digital privacy and free expression for all individuals in the United States.

Introduction

The recent reactivation of the Immigration and Customs Enforcement (ICE) contract for Paragon Solutions' "Graphite" zero-click spyware represents a profound challenge to the Fourth Amendment and the integrity of federal oversight. This report finds that the scope of intrusion inherent in zero-click technology (which enables silent, comprehensive, and real-time capture of all digital and physical data) is so expansive that it mandates the application of the highest constitutional standard: a search warrant based on probable cause.

The government's deliberate strategy, involving corporate restructuring to circumvent Executive Order 14093 (which restricts procurement of foreign spyware with documented histories of misuse), undermines democratic accountability and elevates the risk of domestic civil liberties abuses. The principles established by the Supreme Court in Riley v. California and Carpenter v. United States confirm that zero-click surveillance constitutes a per se unreasonable search without prior judicial authorization. Permitting its deployment under current circumstances would effectively authorize a secret, continuous, general search, thereby compromising the foundations of digital privacy and free expression for individuals residing within the United States.

Section I: The Technical Architecture of Absolute Surveillance and the Scope of the Search

This section establishes the technological foundation of zero-click spyware, arguing that its operational mechanics create an intrusion so profound that it necessitates novel application of constitutional principles.

1.1 Defining Zero-Click Spyware: Capabilities of Paragon's Graphite

Zero-click spyware, exemplified by Paragon Solutions' "Graphite," operates fundamentally differently from traditional malicious software, which typically requires a target to interact with a harmful link or attachment. Graphite's sophisticated method operates through three primary, covert steps:

  1. First, it exploits security flaws, known as n-day or zero-day vulnerabilities, often found in mobile operating systems or widely used applications such as WhatsApp. Crucially, some of these vulnerabilities may be undisclosed even to the application developers, enabling the exploit to function undetected.
  2. Second, the spyware is delivered silently and discreetly.
  3. Finally, upon successful delivery, Graphite exploits these vulnerabilities to install itself on the device without the user's knowledge or consent. This silent installation converts the user's personal device into a persistent, state-controlled sensor.

1.2 The Scope of Data Exfiltration (Retrospective and Prospective Search)

The successful deployment of Graphite grants the operator comprehensive control over the targeted mobile device. The resulting surveillance is not limited to simple data extraction; it enables a complete digital and physical takeover:

  • Access to end-to-end encrypted communications on platforms like Signal, WhatsApp, and Telegram, thereby neutralizing the most advanced forms of private communication security available to the public
  • Live control over the device's peripherals, including adaptive control of the microphone and camera
  • Continuous, real-time prospective surveillance rather than merely retrospective inspection of stored data

When analyzed through a legal lens, this technical capacity profoundly alters the nature of the search. The capacity for live microphone and camera control fundamentally transforms surveillance from capturing stored digital data to capturing real-time, physical-world activity. The phone becomes a permanent eavesdropping apparatus perpetually attached to the individual, demanding a constitutional standard far stricter than that applied to historical data collection.

1.3 Obstruction of Justice and Evasion of Accountability

A critical architectural feature of high-end commercial spyware, including tools like Pegasus and Graphite, is the implementation of self-destructing logs. These systems are explicitly designed to minimize the digital forensic trace left on the infected device. From a legal standpoint, this introduces a severe accountability gap. If the surveillance operation leaves no discoverable forensic evidence, then constitutional violations (such as deployments without a warrant or searches exceeding the authorized scope) become functionally undiscoverable by the defense or judicial review.

This nullification of the evidence trail voids the primary deterrent for unconstitutional searches: the Exclusionary Rule. If illegality cannot be proven forensically, the traditional remedy of suppressing illegally obtained evidence is rendered meaningless. Consequently, judicial scrutiny must necessarily shift to the ex ante stage. To safeguard constitutional compliance, a strong, strictly enforced warrant requirement must be imposed prior to deployment, because post-facto review is technologically inhibited.

Table I: Comparison of Zero-Click Spyware vs. Precedent Surveillance

Surveillance Technology Data Accessed (Scope) Fourth Amendment Challenge Required Justification
Historical CSLI (Carpenter) Location data over 127 days (retrospective metadata) Third-Party Doctrine/Aggregation Probable Cause Warrant
Physical Phone Search (Riley) All on-device data (retrospective content) Incident to Arrest Exception Probable Cause Warrant
Zero-Click Spyware (Graphite) All content (encrypted chats), all metadata, live mic/camera feed, future activity (Retrospective and Prospective) Covert Digital Trespass/Total Invasion Probable Cause Warrant (Mandated by combined Riley/Carpenter logic)

Section II: Policy Subversion, Ethical Risk, and the Breakdown of Oversight

The procurement of Graphite by ICE occurred only after a concerted effort to circumvent presidential policy restrictions, creating a regulatory arbitrage that demonstrates a high acceptance of ethical and legal risk on the part of the acquiring agency.

2.1 Corporate Engineering: Circumvention of Executive Order 14093

The initial $2 million contract between ICE's Homeland Security Investigations cyber division and the Israeli firm Paragon Solutions had been halted by a stop-work order issued by the Biden White House in October. This pause was initiated to review the contract's compliance with Executive Order 14093, which was established to limit the U.S. government's procurement of spyware controlled by a foreign government or person.

The stop-work order was lifted following a complex corporate maneuver designed explicitly to achieve legal compliance through a technical change of ownership:

  • Paragon's U.S. arm was acquired by AE Industrial Partners, a private equity firm based in Miami
  • This entity subsequently merged the Paragon assets into REDLattice, a Virginia-based cybersecurity company
  • By shifting control to U.S. ownership, the Trump administration was enabled to quietly lift the stop-work order and reactivate the contract

Critics assert that this corporate restructuring represents a cynical "end run" around the core objectives of Executive Order 14093. The acquisition prioritizes a legal technicality (domestic ownership) over ethical safety (the nature and history of the product). The Electronic Frontier Foundation noted that this circumvention ignores the "spirit of the rule" and fails to address the essential issue of preventing the misuse of Paragon malware for human rights abuses.

2.2 Accountability Gaps and Documentation of Misuse

The decision to proceed with the Graphite contract is particularly alarming given the history of the product. Paragon publicly markets its product as having "more safeguards" than notorious competitors like NSO Group's Pegasus. However, this claim is disputed by researchers, and the factual record demonstrates widespread abuse. Graphite has been implicated in international misuse, including spying on journalists, civil society actors, and humanitarian workers in Italy.

Also, the operational context of the acquisition raises severe concerns regarding mission creep. The firm that absorbed Paragon, REDLattice, has deep ties to military intelligence, receiving disclosed spending in excess of $11 million from the Joint Special Operations Command (JSOC), the U.S. military's premier counter-terrorism unit. The procurement and deployment of military-grade, counter-terrorism offensive cyber capabilities by a civil enforcement agency like ICE fundamentally blurs the distinction between domestic policing and foreign intelligence operations.

Experts have warned explicitly about the risk of U.S. government officials deploying such tools "to spy on their personal enemies, rivals, or spouses." The centralization of powerful, undetectable tools without strong legal guardrails creates catastrophic potential for abuses of power unrelated to ICE's stated mission.

In response to these developments, Congressional leaders, including Congresswomen Summer L. Lee, Shontel Brown, and Yassamin Ansari, have launched an immediate probe. They demanded a comprehensive list of data surveillance targets, ICE's deployment strategy, and all communications regarding the legality and legal justification for using such spyware against individuals residing within the United States, citing serious Fourth Amendment concerns.

Section III: Foundational Fourth Amendment Jurisprudence in the Digital Realm

To assess the constitutionality of zero-click spyware, it is necessary to synthesize the foundational Supreme Court rulings that define the reasonable expectation of privacy (REOP) in digital devices, particularly in the context of technological aggregation.

3.1 The Digital Revolution and the Reasonable Expectation of Privacy (REOP)

The Supreme Court has historically addressed the constitutional implications of advancing technology on a piecemeal basis, often described as constructing a "patchwork quilt" of precedents. However, the underlying constitutional principle derived from Katz v. United States remains constant: the protection afforded by the Fourth Amendment extends to those areas where an individual exhibits an actual, subjective expectation of privacy, which society is prepared to recognize as reasonable. In the digital age, this standard applies even when data is technically held by or transmitted through a third party.

3.2 The Cell Phone as an Extension of Self: Analyzing Riley v. California (2014)

The landmark decision in Riley v. California established a crucial "bright-line rule" under the Fourth Amendment, holding that law enforcement must "get a warrant" based on probable cause before searching the digital data on a cell phone seized incident to arrest. This unanimous ruling was not based on the physical properties of the phone, but on the qualitative difference of the data it contains.

The Court recognized that a modern smartphone is fundamentally unlike any physical container; it holds the cumulative "privacies of life," including years of historical data, communications, photographs, and personal records. The search of a phone is thus an invasion of privacy of an unprecedented scale. If a warrant is required to examine data on a physical device already legally seized following an arrest, then it stands to reason that the most extreme form of search (the remote, covert, and non-consensual extraction of that same data, alongside real-time monitoring, via zero-click malware) must also be subject to the warrant requirement.

3.3 Location and the Third-Party Doctrine: Interpreting Carpenter v. United States (2018)

Four years after Riley, the Supreme Court confirmed the principle that "digital is different" by significantly curtailing the decades-old third-party doctrine in Carpenter v. United States. The third-party doctrine previously held that individuals lose any reasonable expectation of privacy in information voluntarily shared with a third party (such as bank records or phone records).

In Carpenter, the Court ruled 5-4 that accessing 127 days of historical Cell Site Location Information (CSLI) required a warrant, arguing that the aggregation of location metadata over an extended period reveals intimate details about a person's identity, associations, and political views: details that society expects to remain shielded.

Zero-click spyware, by its technical design, collects location data that is far more granular, precise, and continuous than the historical CSLI at issue in Carpenter. Critically, zero-click exploitation represents the ultimate technological merger of the violations addressed in both Riley and Carpenter. It is a simultaneous, ongoing violation of both the privacy interest in the vast repository of data content and the interest in the aggregate revelation of patterns of life. The extraordinary power of Graphite to defeat encryption and achieve total covert access means the constitutional standard required must reflect this compounded, massive invasion.

Section IV: Applying Strict Scrutiny: Zero-Click as a Per Se Unreasonable Search

The inherent capabilities of zero-click spyware necessitate the conclusion that its deployment without prior judicial authorization constitutes a per se unreasonable search under the Fourth Amendment.

4.1 Zero-Click Acquisition as an Invasion of Digital Sovereignty

The intentional exploitation of vulnerabilities (zero-days or n-days) to install malware against the user's will constitutes a profound violation of digital sovereignty. Drawing on the principles established in United States v. Jones (which involved a physical trespass via GPS tracker installation), a doctrine of digital trespass must be established. The unauthorized covert installation of Graphite violates the core security and proprietary interest a user has in their device, making it an unlawful search and seizure from the moment of installation.

Also, the design of zero-click spyware inherently precludes constitutional compliance with the minimization requirement. The tool's capabilities (including remote microphone and camera activation, keystroke monitoring, and comprehensive data extraction) mean that it is fundamentally designed for maximum, comprehensive extraction, not for tailored collection. A tool that provides near-absolute surveillance capability cannot be deemed constitutional for routine use.

4.2 Why Exceptions to the Warrant Requirement Fail in ICE Enforcement

For a warrantless search to be constitutional, it must fit into one of the narrow, well-delineated exceptions to the warrant requirement. Zero-click spyware deployment in the context of civil immigration enforcement fails to meet the threshold for any established exception:

4.2.1 Exigent Circumstances

The exigent circumstances exception requires an objectively reasonable belief that immediate intervention is needed to prevent death, serious injury, or the imminent destruction of evidence. Zero-click surveillance, by its nature, is a long-term strategic intelligence tool intended to gather comprehensive information over time, not an emergency measure. ICE's general enforcement function cannot satisfy the high legal standard of immediacy and severity required for this exception.

4.2.2 Special Needs/Administrative Searches

The special needs doctrine permits certain programmatic searches outside of general law enforcement where the intrusion is minimal and the primary purpose is not the discovery of evidence for criminal prosecution. Zero-click deployment is incompatible with this doctrine on two grounds: first, the intrusion is maximal, involving total access to private life (mic, camera, all data). Second, ICE's mission is clearly tied to detecting and acting upon violations of federal law, placing it firmly within the scope of general law enforcement that requires a full warrant.

4.2.3 Border Search Doctrine and Domestic Scope

While the border search exception historically allows broad latitude for searches at the international border, the congressional concerns raised specifically focus on the legality of using such spyware against "individuals residing within the U.S." Deploying zero-click malware to target residents deep within the country for general immigration enforcement vastly exceeds the geographically and functionally limited scope of the border search exception. The logic of the Fourth Amendment protects domestic privacy rights, regardless of the individual's immigration status, by demanding judicial oversight for searches that are so intrusive.

If courts permit ICE to deploy zero-click spyware without a probable cause warrant, they are effectively sanctioning a secret, continuous, and unreviewable general search. This acquiescence would undermine judicial integrity by allowing the government to circumvent the fundamental checks and balances required by the Fourth Amendment, a risk magnified by the spyware's ability to erase its own forensic footprint.

Section V: Threats to Civil Liberties, Democratic Oversight, and Mission Creep

Beyond the direct Fourth Amendment violations, the procurement of Graphite represents a critical threat to First Amendment freedoms and exacerbates the risk of technological mission creep throughout domestic enforcement agencies.

5.1 The Chilling Effect on First Amendment Freedoms

The power afforded by zero-click spyware has an unavoidable chilling effect on democratic participation and expression. The ability of ICE to covertly "track and monitor the public, including those vocally opposed to governmental overreach" fundamentally undermines freedom of speech, assembly, and political advocacy. Individuals who know or suspect that their devices can be seized remotely without notice will rationally refrain from engaging in sensitive political conversations or participating in protected activities.

This concern is not theoretical; it is grounded in the operational history of the product itself. Graphite has been deployed globally against journalists, human rights advocates, and political dissidents. This established pattern of misuse serves as a direct indicator of the risk of domestic mission creep against civil society actors, threatening the freedom of the press and the functioning of democratic oversight.

A further danger arises from the government's operational methods. Reliance on zero-day exploitation necessitates that the state deliberately withhold critical vulnerability information from software developers. By prioritizing state surveillance capabilities over public digital security, the government actively contributes to the weakening of the security of all U.S. digital infrastructure and private communication systems, making citizens more vulnerable to malicious foreign actors or other cybercriminals.

5.2 The Exponential Risk of Mission Creep

Allowing a civil enforcement agency like ICE to operate zero-click cyber-offensive tools creates a dangerous precedent that escalates the standard level of acceptable domestic surveillance capability across the entire federal apparatus. This risk is amplified by ICE's existing infrastructure for inter-agency cooperation.

ICE maintains an extensive network of cooperative agreements with local and state law enforcement agencies via the 287(g) Memoranda of Agreement, covering over 1,000 partnerships across 40 states. This system provides a readily available pathway for the high-end surveillance technology to diffuse into routine local policing operations, often bypassing federal judicial scrutiny and circumventing state privacy protections. The technology, initially procured under the umbrella of specialized federal investigations, could quickly be repurposed and misused for routine local surveillance purposes far removed from its intended immigration enforcement role.

Without a stringent judicial or legislative mandate for transparency, there is an irreducible accountability gap regarding whether U.S. citizens or lawful residents are being unlawfully targeted, potentially creating irremediable constitutional harm.

Conclusion and Recommendations: Establishing Legal Guardrails for Advanced Surveillance

The use of zero-click spyware by Immigration and Customs Enforcement represents a qualitative shift in government surveillance power, requiring a corresponding, definitive response from the judicial and legislative branches to protect constitutional rights. The covert nature, comprehensive intrusion, and ability to erase forensic evidence make Graphite fundamentally incompatible with the principles of limited government power enshrined in the Fourth Amendment.

6.1 Judicial Mandate: Codifying the Probable Cause Standard

Recommendation 1: Warrant Requirement for Zero-Click Deployment

The judiciary must unequivocally hold that the remote, covert deployment and installation of zero-click spyware constitutes an unreasonable search per se under the Fourth Amendment unless preceded by a warrant issued by a neutral magistrate and based on a showing of the highest standard of probable cause.

Recommendation 2: Specificity and Duration Requirements

Any warrant authorizing zero-click deployment must be strictly particularized, specifying the exact data streams to be collected and limiting the temporal duration of the surveillance. This warrant must mirror the specificity requirements of Title III wiretaps and explicitly mandate the use of court-verified technical means to verify that all non-pertinent collected data is verifiably destroyed and the unauthorized software uninstalled upon warrant expiration.

6.2 Legislative and Executive Actions

Recommendation 3: Codifying the Ban on Abusive Spyware

Congress must pass comprehensive legislation that codifies and substantially strengthens the intent of Executive Order 14093. This legislation must permanently ban the procurement, acquisition, or use of commercial spyware linked to documented human rights abuses, misuse against civil society (including journalists and political dissidents), or foreign intelligence operations, regardless of subsequent corporate restructuring or change of U.S. ownership.

Recommendation 4: Congressional Oversight Mandates

Congress must mandate real-time, quarterly reporting to the relevant oversight committees (e.g., Judiciary and Intelligence) detailing all zero-click deployments. These reports must include the specific targets (including U.S. person status), the legal justification utilized, and comprehensive details of any collected data pertaining to U.S. persons or lawful residents.

6.3 Data Minimization and Accountability

Recommendation 5: Independent Third-Party Audits

To ensure compliance and overcome the challenges posed by the self-destructing nature of the malware, the courts should require that all zero-click deployments be subject to mandatory, independent, court-appointed third-party technical audits. These experts would verify the lack of forensic traces post-operation and ensure strict adherence to the limited scope and duration specified in the warrant, thereby enforcing accountability where technological design attempts to nullify it.

The integrity of the Fourth Amendment requires that the judiciary not allow technological sophistication to undermine constitutional protection. Citizens, advocacy organizations, and lawmakers must demand transparency, accountability, and strong judicial oversight to prevent the normalization of warrantless, total surveillance.

References

  1. Electronic Frontier Foundation - Digital Rights and Civil Liberties Analysis
  2. American Civil Liberties Union - Fourth Amendment Resources
  3. Carpenter v. United States, 585 U.S. ___ (2018)
  4. Riley v. California, 573 U.S. 373 (2014)
  5. The Intercept - Surveillance and National Security Reporting
  6. White House - Executive Order 14093 on Commercial Spyware
  7. U.S. Immigration and Customs Enforcement
  8. Brennan Center for Justice - Surveillance and Privacy
  9. Paragon Solutions (Wikipedia, with primary citations to NBC News and House Oversight reporting). "ICE acting director Todd Lyons confirmed in a letter to the House Committee on Oversight and Government Reform (April 7, 2026) that the agency was using Graphite."
  10. Todd Lyons (Wikipedia, with primary citations to Politico and whistleblower reporting). Acting ICE Director March 9, 2025 - May 31, 2026; May 12, 2025 warrantless-entry memo; July 8, 2025 bond-hearings memo; April 16, 2026 resignation announcement; succeeded by David Venturella.