TL;DR: ICE signed a $2 million contract with Israeli spyware company Paragon Solutions to access its "Graphite" surveillance tool. Graphite is a zero-click spyware. It can infect your phone without you doing anything. Once installed, it can read your Signal and WhatsApp messages, access all your photos and emails, activate your microphone to listen to you, and take complete control of your device. WhatsApp recently disrupted a Paragon campaign that targeted 90 journalists and activists across 24 countries. Now ICE has this tool. They plan to use it on immigrants. There are no meaningful safeguards.

The Contract: $2 Million for the Most Powerful Spyware on Earth

In August 2025, U.S. Immigration and Customs Enforcement signed a $2 million contract with Paragon Solutions to access its Graphite spyware platform.[1][2]

The contract initially faced a temporary pause. The Biden administration's Executive Order 14093 restricted federal agencies from using commercial spyware that poses national security risks or has been misused for human rights abuses.[3]

Paragon found a workaround. Its U.S. arm was acquired by a U.S. private equity firm and merged with a Virginia-based cybersecurity company. By rebranding as a "domestic partner," Paragon circumvented the executive order.[3][4]

The contract was reactivated. ICE now has access to one of the most powerful surveillance tools ever created.

What Is Graphite?

Graphite is commercial spyware developed by Paragon Solutions, an Israeli company founded by former members of Unit 8200, Israel's elite signals intelligence unit.[5]

It's comparable to NSO Group's Pegasus, the spyware used by authoritarian governments to target journalists, dissidents, and human rights defenders worldwide. In some ways, Graphite is more sophisticated.

Graphite's Capabilities

Zero-Click Infection

Graphite doesn't require you to click anything. No malicious link. No attachment. It exploits vulnerabilities to infect your phone silently, without any user interaction.[6][7]

Encrypted App Access

It can infiltrate Signal, WhatsApp, and other encrypted messaging apps. End-to-end encryption doesn't protect you. Graphite reads messages on your device before encryption.[3][6]

Complete Data Extraction

All text messages, emails, photos, videos. Contacts, calendars, call logs. Browser history. Every app on your phone. Cloud backup access.[3]

Microphone Activation

Graphite can turn on your phone's microphone remotely, transforming your device into a listening device. You become a bug carrying target.[3][4]

Once Graphite is on your phone, your phone belongs to whoever deployed it. Every conversation. Every photo. Every moment near your device, all captured and transmitted.

WhatsApp Exposed Paragon's Attacks

In early 2025, WhatsApp (owned by Meta) disrupted a Paragon campaign targeting approximately 90 users across more than 24 countries.[6][7][8]

The targets included:

  • Journalists reporting on sensitive topics
  • Civil society members and human rights defenders
  • Activists in multiple countries

The attack exploited a WhatsApp zero-day vulnerability, a previously unknown flaw that allowed infection without any user action. WhatsApp has since patched the vulnerability and issued a cease-and-desist letter to Paragon.[7][9]

The Citizen Lab at the University of Toronto investigated and confirmed Graphite's use against journalists and human rights defenders in Italy, demonstrating its ability to infect both Android and iOS devices.[8][10]

Who Is Paragon Solutions?

Paragon was founded in 2019 by former members of Unit 8200 (Israel's NSA equivalent) and has ties to Israeli intelligence networks.[5]

  • Co-founder: Ehud Schneorson, former commander of Unit 8200
  • Product: Graphite spyware for device compromise
  • Customers: Governments, including the United States
  • Valuation: Reportedly hundreds of millions of dollars

Paragon marketed itself as the "ethical" alternative to NSO Group, claiming it would only sell to democratic governments. This claim has been contradicted by its documented use against journalists and activists.[8]

The company's U.S. restructuring, designed specifically to evade Biden's executive order, shows how easily export controls can be circumvented when there's money to be made.

How ICE Will Use Graphite

ICE has not disclosed its specific intended uses for Graphite. Based on ICE's existing surveillance programs and stated goals, likely applications include:[1][2]

  • Targeting immigrants: Accessing phones of undocumented individuals, asylum seekers, and their families
  • Mapping networks: Using contact lists and messages to identify additional targets
  • Evidence gathering: Extracting communications to use in immigration proceedings
  • Location tracking: Real-time monitoring of targets' movements
  • Surveillance of activists: Monitoring immigrant rights advocates and sanctuary activists

ICE already has extensive phone hacking capabilities through contracts with Cellebrite and Graykey. Those tools require physical access to a device. Graphite doesn't. It's remote.

No Meaningful Oversight

Commercial spyware operates in a legal gray zone:

  • No warrant requirement: It's unclear whether ICE is seeking warrants before deploying Graphite
  • No public disclosure: ICE hasn't released policies governing spyware use
  • No judicial review: Immigration courts have limited constitutional protections
  • Foreign intelligence origin: Tools developed by foreign governments present national security risks

Congressional oversight is minimal. Human rights organizations have demanded answers, but ICE hasn't responded meaningfully.[1][11]

Human Rights Watch, Access Now, and members of Congress have raised alarms about ICE's spyware acquisition, warning that it threatens constitutional rights, targets vulnerable populations, and has potential for misuse against journalists and activists.[1][11][12]

How to Protect Yourself

Zero-click exploits are extremely difficult to defend against. If a nation-state level adversary specifically targets you with Graphite, your phone will likely be compromised. However, you can reduce your attack surface and increase detection chances:

Keep Everything Updated

Install OS and app updates immediately. Zero-day vulnerabilities get patched. The longer you wait, the longer you're vulnerable.

Reboot Regularly

Many spyware infections don't survive a reboot. Restart your phone at least once daily to clear non-persistent malware.

Use Lockdown Mode (iOS)

Apple's Lockdown Mode blocks many attack vectors. It's extreme but effective. Enable it in Settings > Privacy & Security.

Compartmentalize

Sensitive conversations = burner phone or air-gapped device. Don't put everything on one phone that can be completely compromised.

For High-Risk Individuals

  • Use GrapheneOS: Privacy-hardened Android with stronger protections. See our guide on secure operating systems
  • Consider Briar: Peer-to-peer encrypted messaging that doesn't rely on servers
  • Physical separation: Leave your phone behind for truly sensitive conversations
  • Check for compromise: Amnesty International's Mobile Verification Toolkit can detect some spyware infections
  • Contact Access Now: Their 24/7 Digital Security Helpline assists spyware targets

Broader Digital Security

The Bigger Picture: Surveillance-as-a-Service

Graphite is part of a burgeoning industry: commercial spyware sold to governments. Paragon, NSO Group, Candiru, Intellexa: all sell the same basic product, the ability to turn someone's phone into a surveillance device.

These companies operate with minimal oversight. They claim to sell only to "legitimate" governments, then their tools appear on journalists' phones in Mexico, activists' phones in Thailand, dissidents' phones in Saudi Arabia.

Now ICE has these tools. An agency that has:

This is the agency with access to Graphite. This is the agency that can, with no meaningful oversight, read your Signal messages, listen to your conversations, and track your every move.

Encryption isn't enough. End-to-end encryption protects data in transit, but Graphite reads data on your device. The walls of your digital house are strong, but someone is inside.

What Must Happen

  • Ban commercial spyware: No federal agency should use tools designed for authoritarian surveillance
  • Require warrants: Any device compromise must require judicial approval with full Fourth Amendment protections
  • Demand transparency: Congress must force disclosure of ICE's spyware policies and targets
  • Strengthen export controls: Close loopholes that let foreign spyware companies restructure to evade restrictions
  • Support digital security: Fund tools and training for vulnerable communities

Until these protections exist, assume your phone can be compromised. Plan accordingly.

References

  1. Immigration Policy Tracking - ICE Paragon Graphite Contract Analysis
  2. Human Rights Watch - ICE Spyware Contract Raises Human Rights Concerns
  3. EFF - How Paragon Circumvented Biden's Spyware Ban
  4. The Guardian - ICE Acquires Israeli Spyware Despite Restrictions
  5. Infosecurity Magazine - Paragon Graphite: What ICE Acquired
  6. AP News - WhatsApp Disrupts Paragon Spyware Campaign (2025)
  7. Security Week - WhatsApp Disrupts Paragon Zero-Click Exploit
  8. Citizen Lab - Investigation of Paragon Graphite Use in Italy
  9. Malwarebytes - Paragon Graphite and WhatsApp Attacks
  10. Amnesty International - Paragon Spyware Used Against Journalists
  11. Access Now - Concerns About ICE Commercial Spyware Acquisition
  12. U.S. House Oversight Committee - Letter on ICE Spyware Contracts