TL;DR:
- The shell game: DHS signed a $2 million contract with Paragon Solutions for Graphite spyware, which can crack WhatsApp, Signal, and Telegram. Then Paragon got acquired by AE Industrial Partners and merged into a new entity called REDLattice. DHS now says it has no contract with “Paragon Solutions, Inc.” That’s technically true. The capabilities didn’t go anywhere. [1][2]
- The contract trick: Federal procurement records show the Paragon contract was “closed out” on January 20, 2026, Inauguration Day. Not canceled. Closed out. That’s a bureaucratic distinction that means the paperwork ended, not necessarily the access. [1]
- The oversight blackout: DHS filed zero Privacy Impact Assessments in 2026. Zero. Down from 24 in 2024 and 8 in 2025. Federal law requires these before procuring surveillance technology. DHS is ignoring the requirement entirely while its surveillance budget hit $191 billion. [1][3]
- The obstruction: DHS Inspector General Joseph Cuffari told Congress that DHS “systematically obstructed” at least 11 investigations, revoking access to eight databases his office needs for oversight. [4][5]
- The parallel move: Treasury quietly lifted sanctions on three individuals linked to Predator spyware (the other major commercial spyware tool used to target journalists and dissidents) in January 2026. [6]
The Paragon-to-REDLattice Pipeline
Here’s the timeline you need to understand:
- 2019: Paragon Solutions founded in Israel by Ehud Schneorson, former commander of Unit 8200 (Israel’s signal intelligence agency), with backing from former PM Ehud Barak. [2]
- 2022: Paragon develops Graphite, spyware that penetrates encrypted messaging apps without the target ever clicking a link. Zero-click exploitation of WhatsApp, Signal, Telegram. [2]
- 2024: ICE signs a $2 million contract with Paragon for Graphite. Biden administration freezes the contract after Citizen Lab reveals 90+ WhatsApp users were targeted. [1][7]
- Late 2024: AE Industrial Partners, a Florida-based defense investment firm, acquires Paragon for up to $900 million and merges it into REDLattice, a Virginia cybersecurity company in AE’s portfolio. [2]
- January 2026: The ICE/Paragon contract gets “unfrozen” and then immediately “closed out” on Inauguration Day. [1]
- April 2026: ICE confirms it bought Paragon’s spyware “to use in drug trafficking cases.” [8]
Now look at who sits on REDLattice’s board: Andrew Boyd, former senior executive at the CIA and US Air Force. James McConville, former Chief of Staff of the US Army. [2]
This isn’t a tech startup anymore. It’s a defense-intelligence entity with spyware capabilities, American ownership, and board members who used to run the agencies now buying the product.
How “Closing Out” a Contract Doesn’t Close Anything
When reporters and Congress members asked DHS whether it still has a relationship with Paragon, DHS said it has no active contract with “Paragon Solutions, Inc.” [1]
That’s technically accurate. Paragon Solutions, Inc. no longer exists as an independent entity. It was absorbed into REDLattice.
So the question becomes: does DHS have a contract with REDLattice? Or AE Industrial Partners? Or some other vehicle that provides access to Graphite capabilities?
Nobody’s answering that question. And the mechanism that would force an answer (Privacy Impact Assessments) has been shut down entirely.
Reps. Summer Lee, Shontel Brown, and Salma Ansari sent a letter demanding DHS explain “whether ICE or any other DHS component currently has access to Graphite or successor capabilities through any contract vehicle, including contracts with REDLattice, AE Industrial Partners, or any subsidiary.” [9] No public response.
The Oversight Machine Is Off
Privacy Impact Assessments aren’t optional paperwork. The E-Government Act of 2002 requires federal agencies to file one before developing or procuring any IT system that handles personal information. They’re the public’s primary tool for knowing what surveillance technology the government is buying. [3]
DHS filed 24 in 2024. Eight in 2025. Zero in 2026. [1][3]
During that same period, DHS:
- Signed a $1 billion blanket purchase agreement with Palantir (February 2026), giving every major DHS component access to surveillance platforms without competitive bidding [3]
- Allocated $50 million for enhanced mobile surveillance and $100+ million for a modular mobile surveillance system [3]
- Contracted with Cellebrite for device extraction, Penlink for mobile data mining, and an unknown number of spyware vendors [3]
- Received $191 billion through the “One Big Beautiful Bill”, nearly double FY2024 appropriations [3]
Rep. Shontel Brown called it “a literal blank check.” [3] That’s underselling it. A blank check at least requires someone to sign it. DHS is spending without even the pretense of disclosure.
The Inspector General Got Shut Out
Inspector General Joseph Cuffari told Congress that DHS “systematically obstructed” at least 11 of his investigations, including a criminal probe. His office lost access to eight databases it uses for routine oversight work. [4][5]
Specifically, DHS:
- Revoked IG access to the Secure Flight System database (TSA)
- Blocked access to a Border Patrol database tracking arrests, detentions, and releases
- Delayed access to classified intelligence systems
- Restricted data related to border enforcement and TSA programs
Former DHS Secretary Kristi Noem insisted the IG simply needed to “provide a scoping memo” for each request. That’s a bureaucratic chokepoint: requiring the watchdog to justify looking at what the watchdog is supposed to look at. [5]
DHS also ousted privacy officers who objected to records mislabeling. The people whose job is to flag surveillance overreach got fired for flagging surveillance overreach. [3]
Meanwhile, Predator Got a Pass
While the Paragon shell game played out, Treasury quietly removed sanctions on three individuals tied to Predator (the other major commercial spyware platform used to target journalists, dissidents, and US government officials). [6]
The Biden administration had sanctioned them for their roles in the Intellexa Consortium, which developed and distributed Predator. In January 2026, Treasury removed Sara Aleksandra Fayssal Hamou, Andrea Nicola Constantino Hermes Gambazzi, and Merom Harpaz from the sanctions list, claiming each had “demonstrated measures to separate themselves from the Intellexa Consortium.” [6]
Senators Bennet and Warren demanded Treasury explain the decision. No satisfactory answer has been made public. [6]
Read that pattern: Paragon’s contract gets buried in an acquisition. Predator’s people get their sanctions lifted. DHS stops filing the assessments that would reveal new spyware procurement. The IG gets locked out of the databases that would show what’s actually happening.
Every oversight mechanism is being disabled simultaneously. That’s not coincidence. That’s architecture.
What Graphite Actually Does
Graphite isn’t like Cellebrite, which extracts data from a phone you physically possess. Graphite is zero-click spyware: it compromises a target’s device remotely without them opening a link or downloading anything. [2][7]
Once deployed, it can:
- Read encrypted WhatsApp, Signal, and Telegram messages
- Access photos, contacts, and location data
- Activate microphones and cameras
- Extract data without leaving obvious traces
Citizen Lab confirmed at least 90 WhatsApp users were targeted with Graphite, prompting WhatsApp to notify affected users in early 2025. Some targets were journalists and civil society members in countries with Paragon contracts. [7]
ICE says it only uses the tool for “drug trafficking cases.” [8] But there’s no public audit verifying that claim. The Privacy Impact Assessment that would document permissible use cases? It was never filed.
The $191 Billion Question
DHS now operates the largest domestic surveillance apparatus in US history. The budget to fund it nearly doubled in a single year. The oversight mechanisms meant to constrain it (PIAs, Inspector General audits, privacy officer reviews, Congressional disclosure) have all been neutralized simultaneously. [1][3][4]
And the spyware question isn’t just about Paragon. The $1 billion Palantir deal gives DHS AI-powered surveillance analytics across every component. Cellebrite handles physical device extraction. Penlink handles mobile data mining. Graphite (or whatever it’s called under REDLattice) handles remote phone compromise.
It’s a full-stack surveillance capability with no public accounting of who it’s being used against.
EFF is suing DHS for FOIA records on administrative subpoenas used to identify critics. CDT is demanding answers on the Paragon contract. Nearly 50 House Democrats signed letters about biometric collection expansion. [9] None of it has produced disclosure.
What You Can Do
- If you use WhatsApp, Signal, or Telegram: Keep your apps updated. Zero-click exploits target specific software versions. Updates patch known vulnerabilities. This won’t stop a determined state-level attacker, but it raises the cost.
- Contact your representatives: The letter from Reps. Lee, Brown, and Ansari demands answers about REDLattice and Graphite. Call your House member and ask them to cosign. Ask specifically whether DHS has contracts with REDLattice or AE Industrial Partners.
- Support the organizations suing: EFF, CDT, and Access Now are all pursuing legal action or FOIA litigation against DHS over spyware procurement. They need resources to keep the pressure on.
- Watch the Privacy Impact Assessment page: DHS is required to publish PIAs at dhs.gov/privacy-impact-assessments. The fact that nothing has appeared in 2026 is itself evidence of non-compliance. Cite it in letters to representatives.
- Follow the money: AE Industrial Partners is publicly known. REDLattice’s board is publicly known. Federal procurement databases (USAspending.gov, FPDS) can reveal new contract vehicles, if you know what company names to search for.
Sources
- NPR: What we know about how the U.S. government uses spyware (and what we don’t) (May 19, 2026)
- Yahoo Finance: RED Lattice acquires Israeli spyware company Paragon for $500m
- FedScoop: DHS surveillance apparatus to surge with AI funding and spyware contracts (2026)
- Political Wire: Noem Has ‘Systematically Obstructed’ Inspector General (March 2026)
- Sen. Bennet: Press Treasury and State to Explain Lifting of Sanctions on Spyware Enablers (February 2026)
- The Register: Trump admin lifts sanctions on Predator-linked spyware execs (January 2026)
- Citizen Lab: A First Look at Paragon’s Proliferating Spyware Operations
- TechCrunch: ICE says it bought Paragon’s spyware to use in drug trafficking cases (April 2, 2026)
- Rep. Summer Lee: Demand answers from DHS on foreign spyware use by ICE