On August 30, 2025, the U.S. Immigration and Customs Enforcement (ICE) agency quietly lifted a stop work order on a $2 million contract with Paragon Solutions, an Israeli-founded spyware company now under American ownership. The move, first uncovered by journalist Jack Poulson and confirmed through federal procurement databases, has reignited fierce debate over the use of commercial spyware by U.S. law enforcement and the implications for privacy, civil liberties, and international relations.
The story of ICE’s contract with Paragon is a tale of shifting regulations, transatlantic business deals, and persistent controversy. The original contract, signed by Paragon’s U.S. branch in Chantilly, Virginia, on September 27, 2024, was almost immediately put on ice—pun intended—by the Biden administration. At the heart of the freeze was Executive Order 14093, signed in March 2023, which restricts federal agencies from procuring or using commercial spyware deemed to pose significant security or counterintelligence risks, or that could be misused by foreign governments or actors. According to Wired and procurement records, a White House compliance review led to the contract’s suspension on October 8, 2024.
But the landscape shifted dramatically in December 2024. That’s when AE Industrial Partners, a Florida-based private investment firm, acquired Paragon Solutions for $500 million, with plans to merge it with REDLattice, a U.S. cybersecurity company. All shares in Paragon’s Israeli operations were transferred to a U.S. parent company, as reported by The Register and other outlets. This Americanization of Paragon’s ownership paved the way for the contract’s reinstatement, as the company now technically complied with the executive order’s requirement that spyware providers be U.S.-based.
Paragon Solutions isn’t just any tech vendor. Founded in 2019 by Ehud Schneorson, a former commander of Israel’s elite Unit 8200 signals intelligence agency, and backed by former Israeli Prime Minister Ehud Barak, Paragon quickly established itself as a major player in the global spyware market. The company’s flagship product, Graphite, is a hacking tool reportedly capable of infiltrating any mobile phone, including those using encrypted apps like WhatsApp or Signal. When deployed, Graphite can track a target’s location, read messages, access photos, and even turn the device into a covert listening device, according to The Guardian and Wired.
Paragon has sought to distinguish itself from notorious rivals like NSO Group, whose Pegasus spyware has been linked to egregious abuses. Paragon claims it only conducts business with democracies and enforces a strict no-tolerance policy for clients who target journalists or civil society members. Yet, the company refuses to disclose its client list or provide details about how its tools are used, fueling skepticism among watchdogs and advocacy groups.
The controversy isn’t just hypothetical. In June 2025, researchers at Citizen Lab, including Bill Marczak and John Scott-Railton, revealed forensic evidence that Graphite had infected the iPhones of at least two European journalists, including Italian reporter Ciro Pellegrino. Apple confirmed that the attacks exploited a critical iOS vulnerability (CVE-2025-43200), which was patched in version 18.3.1. These revelations came on the heels of an Italian parliamentary committee (COPASIR) report confirming that Paragon’s spyware had been used by the Italian government against two individuals, Luca Casarini and Giuseppe "Beppe" Caccia. Paragon subsequently offered to help investigate a third victim, but Italy’s Department of Security Intelligence (DIS) rejected the offer, citing national security risks and concerns over reputational damage among international partners. As Haaretz reported, the Italian government denied Paragon’s claim that it had unilaterally terminated their contracts, while COPASIR sought direct access to Paragon’s databases and expressed willingness to declassify the company’s testimony.
Back in the United States, the decision to let ICE proceed with the Paragon contract has alarmed civil liberties advocates. Nadine Farid Johnson, policy director at the Knight First Amendment Institute at Columbia University, called the development a “profound threat to free speech and privacy,” noting that “it has already been used against journalists, human rights advocates, and political dissidents around the world.” Johnson urged Congress to step in and limit the circumstances in which spyware could be deployed by federal agencies.
Tom Bowman, policy counsel at the Center for Democracy and Technology, echoed these concerns in an interview with The Register. “Commercial spyware is an extraordinarily invasive tool,” Bowman said. “Just because Paragon was purchased by an American company doesn’t mean those concerns go away.” He expressed particular unease about ICE’s “troubling track record of stretching its surveillance authority,” pointing to previous deals with data brokers, facial recognition firms, and social media monitoring companies. “Spyware is a logical and deeply alarming next step—especially for an agency that has shown so little restraint,” Bowman added.
John Scott-Railton of Citizen Lab offered a starker warning: “Invasive, secret hacking power is corrupting. That’s why there’s a growing pile of spyware scandals in democracies, including with Paragon’s Graphite.” He pointed out that as long as the same surveillance technology is sold to multiple governments, “there is a baked-in counterintelligence risk. Since all of them now know what secret surveillance tech the US is using, and would have special insights on how to detect it and track what the US is doing with it.”
ICE, for its part, has not publicly commented on the specifics of the Paragon deal or what software it intends to deploy. However, procurement records and expert testimony suggest that Graphite is the likely tool of choice. The software’s ability to bypass encryption and operate covertly—reportedly without the need for user interaction or the usual legal safeguards—has fueled fears of unchecked surveillance, especially given ICE’s expanding authority and budget.
Paragon’s defenders argue that such spyware is a necessary tool in the fight against crime and terrorism, and that robust oversight mechanisms can prevent abuse. Yet the track record of both Paragon and its competitors suggests that even the most well-intentioned controls can break down, especially when commercial incentives and national security imperatives collide. The Biden administration’s earlier efforts to clamp down on foreign-made spyware—placing NSO Group on a Commerce Department blacklist, for instance—underscore the difficulty of balancing security, privacy, and diplomatic interests in a rapidly evolving technological landscape.
For now, the reinstated ICE-Paragon contract stands as a test case for how the U.S. government will navigate these competing priorities. Will the new ownership structure and American regulatory oversight be enough to prevent abuses? Or will the deployment of Graphite by ICE become yet another chapter in the ongoing saga of surveillance overreach and civil liberties erosion? Only time—and vigilant public scrutiny—will tell.
