A government contracting platform reported that the United States Immigration and Customs Enforcement (ICE), a federal agency often associated with allegations of human rights violations, has entered into a contract with the Israeli spyware firm Paragon. Wired magazine initially disclosed the US$2 million contract that the agency entered into with Paragon in September.
The contract summary does not specify a particular product; however, Paragon is widely recognized for its spyware tool, Graphite. Similar to its rival Pegasus, Graphite can circumvent the encryption of numerous smartphones, granting access to the data contained within. In 2022, a report by the New York Times revealed that the US Drug Enforcement Agency had been utilizing Paragon’s software. In that same year, the Federal Bureau of Investigations aimed to implement Pegasus, a product of NSO Group, but ultimately withdrew its plans following significant public backlash. Following the publication of the Wired article, a week later, the contract summary saw an update that included a stop work order. However, the present status of Paragon’s operations for ICE remains ambiguous.
Graphite, Pegasus, Predator, and various other forms of commercial spyware take advantage of weaknesses in device software to gain access to sensitive personal information. Across the globe, governments have employed Pegasus and Predator as tools for surveillance, targeting journalists, activists, and other dissenting voices.
The US government has not revealed the specifics of the services that Paragon will offer to ICE, including the governing terms, the potential use of spyware, and the mechanisms in place for monitoring potential abuse. Additionally, there has been no information provided on how government agencies and Paragon plan to inform the public about possible impacts or the processes for addressing grievances. Human Rights Watch has expressed serious concerns regarding the actions of ICE, highlighting instances of abuse against individuals attempting to cross the US-Mexico border. The organization also pointed to the surveillance of border communities and the harassment, interrogation, detention, and obstruction faced by journalists, lawyers, and activists operating in the border region. Granting ICE access to spyware could potentially worsen these issues.
The Biden administration has initiated significant measures aimed at holding certain commercial spyware firms accountable. In 2023, the administration enacted an executive order that bars government agencies from utilizing commercial spyware deemed to pose risks to national security or that has been exploited by foreign entities to facilitate human rights violations globally. Since 2021, the US government has placed NSO Group and Intellexa, the firm responsible for Predator spyware, on its “entity list,” which effectively prohibits their operations within the United States. In a significant move earlier this year, the US government imposed sanctions on executives of Intellexa. Paragon has not been included on the entity list.
The current piecemeal approach needs to meet expectations. If the Biden administration is genuinely committed to preventing spyware abuses, it must address the broader industry. It should also ensure that it and its executive agencies, including ICE, adhere to the same human rights standards it expects from others. Governments must implement a ban on the sale, export, transfer, and use of all commercial spyware until adequate human rights safeguards are established.
