United States Immigration and Customs Enforcement (ICE), a US government agency linked to human rights abuses, has contracted services from the Israeli spyware company Paragon, according to a government contracting website. Wired magazine first reported on the US$2 million contract, which the agency signed with Paragon in September.
The contract summary doesn’t name a specific product, but Paragon is best known for Graphite, a spyware tool that, like its competitor Pegasus, can bypass the encryption of many smartphones and give access to the data inside. In 2022, the New York Times reported that the US Drug Enforcement Agency was also using Paragon’s software. That same year, the Federal Bureau of Investigations sought to deploy Pegasus, developed and sold by NSO Group, but backed out in response to public pressure. One week after the Wired article was published, the contract summary was updated with a stop work order, but the current state of Paragon’s work for ICE is unclear.
Graphite, Pegasus, Predator, and other types of commercial spyware all exploit vulnerabilities in a device’s software to access highly personal information. Governments around the world have used Pegasus and Predator to spy on journalists, activists, and other critical voices.
The US government has failed to disclose the nature of the services Paragon will be providing to ICE, what terms govern those services and possible use of spyware, how US government agencies and Paragon would monitor for potential abuse and inform the public about any ways in which they can be impacted, and methods to address grievances. Human Rights Watch has raised concerns about ICE abusing people trying to cross the US-Mexico border, surveilling border communities, and surveilling, harassing, interrogating, detaining, and blocking journalists, lawyers, and activists working on or near the border. Giving ICE access to spyware risks exacerbating these problems.
The administration of President Joe Biden has taken important steps to hold some commercial spyware companies to account. In 2023, the administration issued an executive order prohibiting government agencies from using commercial spyware “that poses risks to national security or has been misused by foreign actors to enable human rights abuses around the world.” Since 2021 the US government has added NSO Group, as well as Intellexa, the company behind Predator spyware to its “entity list,” effectively banning the two companies in the US. Earlier this year, the US government sanctioned Intellexa executives. Paragon is not on the entity list.
This piecemeal approach is not good enough. If the Biden administration is serious about preventing spyware abuses, it should take on the industry as a whole and hold itself, and its executive agencies, like ICE, to the same human rights standards. All governments should ban the sale, export, transfer, and use of all commercial spyware until human rights safeguards are in place.
