TL;DR:
- The denial: On May 22, 2026, DHS told NPR that “ICE has no relationship with Paragon Solutions, Inc. or with the company that acquired them.” [1]
- The contradiction: Seven weeks earlier, ICE’s departing acting Director Todd Lyons wrote to Congress admitting he had authorized ICE’s Homeland Security Investigations team to use commercial spyware against “foreign terrorist organizations and fentanyl traffickers.” [1][2]
- The dodge: When NPR asked whether ICE agents still have access to Paragon-developed tools (including through third parties), DHS “declined to confirm or deny law enforcement capabilities or methods.” [1]
- The bigger picture: DHS is planning to spend hundreds of millions on surveillance technology in 2026, privacy oversight filings have dropped to zero, and the inspector general says the department is “systematically obstructing” his work. [3][4]
- Meanwhile: NSO Group, maker of Pegasus, the most notorious spyware on Earth, has hired Trump ally David Friedman as chairman and is lobbying to get off the Commerce Department blacklist. [5]
The Carefully Worded Denial
DHS’s statement to NPR was precise. “ICE has no relationship with Paragon Solutions, Inc. or with the company that acquired them.” [1]
Read it again. No relationship. Not “no access.” Not “no capability.” Not “we don’t use spyware.”
That matters because seven weeks earlier, on April 1, 2026, ICE’s departing acting Director Todd Lyons sent a letter to Democratic lawmakers acknowledging something DHS has never publicly confirmed: he had personally approved ICE’s Homeland Security Investigations division to procure and use “cutting-edge technological tools” (commercial spyware) citing “the unprecedented lethality of fentanyl and the exploitation of digital platforms by transnational criminal organizations.” [1][2]
That letter is the first time ICE has indicated it is using Graphite, Paragon’s flagship spyware tool. [2]
So: ICE’s own director confirmed authorizing spyware use. Seven weeks later, DHS says there’s “no relationship” with the spyware maker. When NPR asked the obvious follow-up (do ICE agents still have access to the tool Lyons referenced?), DHS refused to answer. [1]
What Graphite Actually Does
Paragon Solutions is an Israeli-founded surveillance company. Their product, Graphite, can remotely infiltrate smartphones and access encrypted messages on apps like WhatsApp and Signal, without the target clicking a link or doing anything at all. Zero-click infection. [6]
This isn’t metadata collection. It’s not tracking which numbers you called. Graphite reads your actual messages. It can access your camera, microphone, files, and location data. It turns your phone into a surveillance device you carry everywhere.
We know what happens when governments get access to tools like this. Italian authorities used Graphite to target at least three journalists and two people working with organizations that rescue refugees in the Mediterranean. A migrant rights campaigner in Libya was also suspected of being targeted. WhatsApp and Citizen Lab documented these cases. [6]
This is the tool ICE’s director said he authorized for use.
The Contract Shell Game
The timeline tells a story DHS doesn’t want told:
- 2024: ICE enters into a $2 million contract with Paragon Solutions’ U.S. subsidiary for an unspecified product. [1][6]
- October 2024: The contract becomes public. One week later, the government issues a stop work order, claiming it needs to verify compliance with Executive Order 14093 (Biden’s March 2023 order restricting federal use of commercial spyware that poses national security risks). [6]
- August 2025: Under the Trump administration, ICE reactivates the Paragon contract. The stop work order is lifted. [1][6]
- January 20, 2026: A federal procurement notice says the Paragon contract was “closed out.” [1]
- April 1, 2026: Todd Lyons writes to Congress confirming he authorized ICE to use commercial spyware. [1][2]
- May 22, 2026: DHS says ICE has “no relationship” with Paragon. [1]
A contract that was paused, reactivated, “closed out,” and then apparently still resulted in active spyware use, per ICE’s own director.
The key question nobody at DHS will answer: can you close a contract but keep using the tool? Can a third-party intermediary provide access to Paragon’s technology without a direct Paragon contract? DHS “declined to clarify whether or not ICE still has access to Paragon-developed tools, such as through a third party.” [1]
That non-answer is the answer.
The Executive Order That Was Supposed to Stop This
In March 2023, Biden signed Executive Order 14093, which restricts federal agencies from using commercial spyware that “poses significant counterintelligence or security risks” or “significant risks of improper use by a foreign government or foreign person.” [7]
The order specifically prohibits indirect use through contractors or third parties. The government identified devices belonging to at least 50 U.S. government personnel in 10+ countries that had been targeted by commercial spyware. [7]
But the order isn’t a blanket ban. It only blocks spyware that poses those specific risks, leaving room for agencies to argue their particular vendor doesn’t qualify. And executive orders can be weakened, reinterpreted, or revoked by the next administration.
The Trump administration lifted the stop work order on ICE’s Paragon contract in August 2025. That tells you how seriously they’re taking the restrictions.
The $191 Billion Surveillance Shopping Spree
The ICE/Paragon story isn’t happening in isolation. DHS is on a surveillance spending spree with almost no oversight.
Internal DHS documents obtained by FedScoop reveal the department’s surveillance technology ambitions for 2026: [4]
- Palantir: $1 billion ceiling on a single blanket purchase agreement, effective February 2026
- Modular Mobile Surveillance System: $100+ million
- Mobile Surveillance Enhancement: Up to $50 million
- AI-Enhanced Surveillance Platform: $10–20 million
The broader context: Trump’s “One Big Beautiful Bill,” signed July 4, 2025, gave DHS $191+ billion, nearly double FY2024 appropriations. [4]
And who’s watching how that money gets spent? Almost nobody. Privacy Impact Assessments (the legal filings that document how federal surveillance programs affect civil liberties) have collapsed. DHS filed 24 in 2024, eight in 2025, and zero so far in 2026. [4]
Zero.
Meanwhile, DHS Inspector General Joseph Cuffari reported that the department “has systematically obstructed the work” of his office by “blocking access to records and systems necessary for oversight.” [4]
NSO Group Wants Back In
While DHS plays word games with Paragon, an even more notorious spyware maker is trying to walk through the front door.
NSO Group, the Israeli company behind Pegasus, the spyware used to target journalists, activists, and heads of state worldwide, has hired former U.S. Ambassador to Israel David Friedman as chairman. Friedman was Trump’s bankruptcy lawyer and is described as Trump’s “long-time friend and trusted adviser.” [5]
Friedman has pledged to “use his ties” to the Trump administration to “help rebuild” NSO’s business in the U.S. and “recruit U.S. law enforcement agencies” as customers. [5]
NSO’s biggest goal: getting off the Commerce Department’s Entity List, the blacklist that the Biden administration put them on in November 2021 after Pegasus was found on the phones of U.S. diplomats. The company has hired more than fifteen lobbying, law, and PR firms. They released a new “transparency report” that critics note conveniently omits how many clients were rejected or terminated for abuses. [5]
In May 2026, Democratic Rep. Summerlee sent a letter to the Commerce Department urging them not to delist NSO. [5] The lobbying continues.
This is the pattern. Paragon gets a contract, gets caught, gets “closed out,” and the spyware somehow stays in play. NSO gets blacklisted, hires the right people, and starts lobbying for a comeback. The names change. The access doesn’t.
ICE’s $8.5 Billion Surveillance Arsenal
Paragon is a drop in a much larger bucket. ICE has built an $8.5 billion surveillance apparatus that includes contracts with Palantir for dataset analysis, Penlink and Cellebrite for mobile device data extraction, and a facial recognition tool called Mobile Fortify used by both ICE and CBP. [4][8]
The ACLU has documented how ICE uses facial recognition technology at an expanding scale, often without the legal guardrails that other law enforcement agencies face. [8]
Commercial spyware like Graphite fits into this infrastructure as the tip of the spear: the tool you use when you need to get inside someone’s phone without their knowledge. Everything else in ICE’s arsenal tells you where someone is and what they’re doing. Spyware tells you what they’re thinking, planning, and saying in private.
What “No Relationship” Actually Means
DHS chose its words with the precision of a defense attorney. “No relationship” with Paragon doesn’t mean:
- ICE doesn’t use Graphite or similar spyware
- ICE doesn’t have access through a third-party intermediary
- ICE hasn’t retained the capabilities acquired during the contract period
- Other DHS components don’t have access
- DHS won’t enter into a new relationship tomorrow
It means there is no active, direct contract with Paragon Solutions, Inc. as a legal entity. That’s it. And even that narrow claim sits uneasily next to Todd Lyons’s April letter confirming he authorized spyware use.
The government spyware denial game works like this: buy access, use it, close the paperwork, and then truthfully say you have “no relationship” with the vendor. If someone asks whether you still have the capability, decline to comment on “law enforcement methods.”
The tool is on the phone. The contract is in a filing cabinet. Those are two different things.
What You Can Do
- Update your devices. Apple and Google regularly patch the zero-click vulnerabilities that spyware like Graphite exploits. Keep your phone’s OS current.
- Enable Lockdown Mode (iPhone). Apple’s Lockdown Mode significantly reduces the attack surface for spyware. It limits some features, but if you’re in a high-risk category (journalist, activist, attorney, immigrant), the tradeoff is worth it.
- Watch for notification warnings. Apple and WhatsApp both send notifications to users they believe have been targeted by spyware. Take those warnings seriously.
- Support organizations fighting back. Access Now, the EFF, Citizen Lab, and Big Brother Watch are doing the technical and legal work to hold spyware vendors accountable.
- Contact your representatives. Ask them whether they support codifying Executive Order 14093 into law, making the commercial spyware restrictions permanent rather than subject to the next president’s whims.
Sources
- NPR: DHS Says ICE Has ‘No Relationship’ With Spyware Maker Paragon Solutions (May 22, 2026)
- NPR: ICE Acknowledges It Is Using Powerful Spyware (April 7, 2026)
- NPR: What We Know About How the U.S. Government Uses Spyware (May 19, 2026)
- FedScoop: DHS Surveillance Technology AI Funding (May 2026)
- TechPolicy.Press: Will NSO’s US Lobbying Pay Off Under Trump? (2026)
- Access Now: The U.S. Has Reactivated Its Paragon Contract (2025)
- White House: Executive Order on Commercial Spyware (March 27, 2023)
- ACLU: ICE Face Recognition and the ‘Trump Terror’ (2026)