After the deal between Paragon and Homeland Security’s investigations unit was frozen, the first signs that Trump wants spyware emerged, sparking concerns amid a growing arsenal of digital tools
The contract between the U.S. Immigration and Customs Enforcement (ICE) and the Israeli spyware company Paragon has been reactivated, in what some say is the first sign of a shift in the current administration’s policies towards offensive cyber.
Last year, a $2 million contract was signed between Paragon and ICE, which is part of the Department of Homeland Security (DHS), for its Homeland Security Investigations (HSI) unit. However, it was frozen a month later amid the Biden administration’s policy to clamp down on the offensive cyber industry, which sells technologies that allow states access to encrypted smartphones and has been misused across the globe over the past decade.
That policy included pressuring Israel to rein in its spyware exports, and also sanctions on Israeli companies like NSO and Candiru, which are regulated by Israel, as well as harsher personal sanctions against the owners and executives of Intellexa, which operated outside Israel’s regulatory oversight.
The temporary suspension of the Paragon contract stemmed from concerns it could violate Biden’s 2023 executive order restricting the purchase of foreign spyware by U.S. agencies, if those had been used to undermine U.S. national security or had been implicated in misuse.
Its renewal, announced with little fanfare this Saturday on an official U.S. procurement data website, is seen by some as an early signal of a potential shift in the Trump administration’s policy toward the offensive cyber industry. The contract renewal was first published by Jack Poulson, an independent journalist, on his Substack.
Paragon, the procurement documents details, will provide a “proprietary solution” to ICE via the HSI, an investigative arm that combats illegal immigration, human and arms trafficking, international crime, cyber threats, and more. It was founded by former Unit 8200 commander Ehud Schneorson and former Prime Minister Ehud Barak, and developed a spyware called Graphite.
It has been sold to intelligence and law enforcement agencies in Israel, Europe, the United States and Singapore. Infection with the spyware gives operators full access to a victim’s mobile phone, including files, photos, and contacts, as well as the ability to eavesdrop on calls and read encrypted messages. Earlier this year, Paragon was for the first time embroiled in a scandal regarding misuse of its tech in Italy, where the country’s intelligence service turned the spyware against activists and journalists.
Digital rights groups fear that Trump’s policies, coupled with the renewal of the Paragon contract, signal that the United States may roll back its efforts to regulate the spyware industry and could even emerge as a state that abuses these advanced tools.
According to U.S. media reports, the administration has budgeted $170 billion for enforcing Trump’s immigration policy, setting a daily target of 3,000 arrests for the authorities. To meet this goal, ICE is recruiting 10,000 agents, offering signing bonuses of $50,000.
Since returning to the White House, Trump has flooded the streets of Washington, Los Angeles, and other cities with immigration agents, ramping up arrests and deportations of undocumented migrants, as well as enforcing strict new policing measures.
“It is deeply concerning that the U.S. government and DHS are acquiring highly invasive spyware at a time of unprecedented crackdowns on students, protesters, and migrants,” said Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, which monitors technologies that violate human and civil rights. “Time and again, such tools have ultimately been found to be abused to target journalists and government critics.”
DHS-affiliated bodies have numerous ties to Israeli surveillance and intelligence companies: Cognyte provided various technologies to the Secret Service last year and this year reported a $20 million deal with a leading U.S. security organization; Cellebrite supplies law enforcement agencies, including ICE and the Secret Service, with phone-hacking technology for seized devices.
ICE also has access to intelligence technologies from companies like Palantir and Babel Street, Ó Cearbhaill explained. A Haaretz investigation last year revealed how Babel Street sells software that allows surveillance and tracking of individuals using advertising data collected online. According to him, the addition of Paragon’s spyware to the authorities’ surveillance toolkit increases the risk of unlawful and arbitrary arrests, investigations, visa revocations, and deportations, “in significant violation of numerous human rights.”
Late last year, Paragon was sold to the American private equity firm AE Industrial Partners, considered close to the U.S. defense establishment. The sale caused tension and criticism within Israel’s offensive cyber industry.
An investigation by Israeli television uncovered an intelligence community document that warned that the sale of Paragon posed a “potential danger” to national security, due to concerns about American influence over a “strategic sector” for Israel and the leakage of sensitive knowledge abroad. Similar concerns were exposed in 2022 when the American defense contractor L3Harris attempted to purchase NSO and relocate it to the United States.
Following the acquisition, Paragon’s U.S. branch joined REDLattice, a cyber-intelligence company also owned by the U.S. fund. Reporting on the contract renewal, journalist Poulson revealed the two firms’ deep ties to the U.S. intelligence community. According to Poulson’s substack, former CIA deputy director John “Finbar” Fleming was appointed head of Paragon’s U.S. branch.
