A $2 million contract between the US arm of Israeli spyware vendor Paragon Solutions and the cyber division of US Homeland Security Investigations has been reinstated, a federal procurement notice shows.
The stop-work order, placed under the Biden administration to ensure compliance with a March 2023 executive order restricting commercial spyware, was lifted in late August by the Trump administration, technology journalist Jack Poulson reported on his All-Source Intelligence Substack.
The contract does not specify what the US Immigration and Customs Enforcement agency (ICE) will receive beyond a "fully configured proprietary solution including license, hardware, warranty, maintenance, and training."
ICE has stirred controversy in the US due to its aggressive enforcement of immigration laws, including family separations, detention centre abuses, and large-scale deportation operations that critics argue violate human rights and tear communities apart.
The spywate deal was initially frozen amid concerns that Paragon's technology, particularly its Graphite programme, could be misused, according to US media reports.
Graphite can infiltrate mobile phones, read encrypted messages, access cloud backups, and even turn devices into listening tools.
Critics have warned that the software poses both counterintelligence and human rights risks.
"Invasive, secret hacking power is corrupting," John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto, told The Guardian. "That's why there's a growing pile of spyware scandals in democracies, including with Paragon's Graphite."
Baked-in counterintelligence risk
Biden administration had sought to limit the use of commercial spyware that could threaten US national security or be misused by foreign actors, taking the extraordinary step of blacklisting Paragon rival NSO Group.
As per reports, Paragon, founded by Ehud Schneorson, a former commander in Israel’s cyber-spying Unit 8200, was acquired in late 2024 by Florida-based AE Industrial Partners for $500 million.
The company markets itself as an ethical cybersecurity firm that works exclusively with the US and allied democracies.
But incidents over the past year have raised questions about how its technology is used.
WhatsApp reported in early 2025 that a hacking campaign targeting individuals — journalists and pro-immigration activists among them — had been disrupted, with analysis from Citizen Lab.
Paragon later terminated its contracts in Italy after alleging the government had refused its assistance in investigating potential misuse.
The reactivation of the contract in the US means ICE now has access to one of the most advanced spyware tools globally.
"As long as the same mercenary spyware tech is going to multiple governments, there is a baked-in counterintelligence risk," Scott-Railton said.
Haaretz reported Donncha O Cearbhaill, head of Amnesty International's Security Lab, which monitors technologies that violate human and civil rights, saying, "It is deeply concerning that the US government and DHS are acquiring highly invasive spyware at a time of unprecedented crackdowns on students, protesters, and migrants."
Notably, ICE also has access to intelligence technologies from companies like Palantir and Babel Street, the newspaper added, referencing an investigation last year that revealed how Babel Street sells software that allows surveillance and tracking of individuals using advertising data collected online.
"The addition of Paragon's spyware to the authorities' surveillance toolkit increases the risk of unlawful and arbitrary arrests," Cearbhaill noted.
