ICE Is Deploying Zero-Click Spyware on US Soil and Calling It Drug Enforcement

There is something almost impressive about the audacity in this story. The Biden administration paused ICE's contract with spyware maker Paragon Solutions in October 2024, one week after it became public, citing Executive Order 14093, which prohibits federal agencies from using commercial spyware that poses counterintelligence or foreign government abuse risks.

Yet, the Trump administration lifted that stop-work order in the summer of 2025, after Paragon was acquired by a US private equity firm. And now ICE is defending the deployment to Congress, citing compliance with the exact executive order that caused the pause.

Of course, ICE Acting Director Todd Lyons did not name Paragon in his letter to those lawmakers. He confirmed the agency was using "cutting-edge technological tools" through its Homeland Security Investigations division to target drug trafficking organizations using encrypted communications, saying use would "comply with constitutional requirements."

The contract record on USASpending.gov shows a $2 million agreement signed in September 2024 for hardware, software, and training. It is the first public confirmation of deployment.

When a Tool Is Too Risky for Biden but Fine Under Trump

Paragon's Graphite is zero-click spyware that can compromise a target's device with no user interaction required. Adding someone to a WhatsApp group in a specific way is enough to silently install it, giving Graphite essentially complete access to encrypted messages, location data, and photographs, with real-time surveillance capability, according to the Electronic Privacy Information Center.

In early 2025, WhatsApp disclosed that around 90 of its users, including journalists and human rights workers, had been targeted by Graphite. Italy's parliamentary intelligence committee confirmed seven Italians were targeted before Paragon severed its contracts with Italian intelligence, and Citizen Lab found suspected deployments across several other countries. Paragon markets itself as the "ethical" spyware option, which the track record makes hard to accept.

Lyons certified compliance with EO 14093 without providing supporting documentation. The Supreme Court requires a probable cause warrant before government searches a cellphone, yet no public information exists on whether ICE obtained warrants before deploying Graphite remotely. I'd be less troubled by this if ICE had volunteered that detail, but they didn't and likely won’t, and it’s clear why.

No Oversight, No Targets List, No Documentation

Democratic Reps. Summer Lee, Shontel Brown, and Yassamin Ansari wrote to DHS Secretary Kristi Noem in October 2025, raising exactly these concerns. Their letter to DHS requested all communications on ICE's spyware use, legal justification for domestic electronic surveillance, a comprehensive target list, and documentation that EO 14093's safeguards were actually met. ICE provided none of it.

"It's outrageous that DHS and ICE are using this spyware with no Congressional oversight and a complete lack of compliance standards," the three representatives stated in a joint response to CyberScoop, adding that "ICE's feigned compliance with existing standards doesn't mean much." Cooper Quintin, a senior technologist at the Electronic Frontier Foundation, warned that the letter's vague language leaves the door open to using administrative subpoenas rather than warrants to deploy the malware, which require far less judicial scrutiny.

The surveillance picture extends well beyond Graphite, too. ICE has contracted Palantir to build ImmigrationOS, a near-real-time tracking platform, and Zignal Labs for social media monitoring. Lyons has told interviewers that HSI will "track the money" and "track the ringleaders" of anti-ICE protest networks, calling many protesters "professional agitators" without evidence. That framing matters when police are already mobilizing over online comments.

The Letter Is Right, and It's Not Enough

The Democrats writing that letter was the right move. Demanding documentation, a target list, and congressional oversight is exactly the pressure that should be applied here.

And yet a letter demanding documents from an agency that won't produce them is not enough, and it won’t safeguard anyone. ICE confirmed operational use of Graphite to Congress, certified compliance with the rule that paused the contract, and declined to name the tool, disclose targets, or produce a single supporting document.

When a director is on record saying his agency will track the "ringleaders" of protest networks, and that agency runs zero-click spyware domestically with no disclosed warrant process and no oversight body verifying its use, the question is why anyone would expect restraint. Agencies expanding surveillance capabilities while building partnerships with military AI contractors do not tend to use those capabilities more narrowly over time.