Overview
Recently, a federal law enforcement agency publicly acknowledged for the first time that its investigative toolkit includes commercial spyware — software that can remotely compromise phones, access their contents and even turn them into listening devices. That admission has intensified scrutiny from privacy and civil‑liberties groups and renewed questions about what tools the U.S. government is using, under what authority, and how transparent those uses are.
What has been confirmed
– ICE disclosure: Immigration and Customs Enforcement confirmed its growing array of surveillance technologies includes spyware, and said the tools have been approved for use by Homeland Security Investigations to disrupt foreign terrorist organizations and fentanyl trafficking networks. The agency said use would comply with constitutional protections and legal review.
– Paragon/Graphite contract: ICE signed a roughly $2 million contract in 2024 with Paragon Solutions for an unspecified product. The Biden administration paused the contract while reviewing compliance with a 2023 executive order restricting federal purchases of commercial spyware that pose security or misuse risks. The contract was later reinstated under the current administration and then — according to procurement notices — modified or closed out in January of this year. The precise current status of ICE’s access to Paragon tools is unclear.
– Capabilities and reported misuse: Paragon’s Graphite tool is reported to allow remote hacking of phones without user interaction. Meta/WhatsApp said it found more than 90 targeted users in various countries; independent researchers and forensic analysis have linked Graphite to operations that targeted journalists and activists. Other U.S. agencies, including the DEA and FBI, have reportedly tested or used similar tools in recent years.
Areas that remain unclear or disputed
– Which tools are currently in use: Federal procurement records and agency statements leave it ambiguous whether services originally contracted from Paragon were discontinued, moved into another contract, or are being accessed through a third party or parent company after corporate acquisitions.
– Domestic vs. foreign use and legal process: Agency statements assert compliance with the 2023 executive order and constitutional protections, but they do not make public how often spyware is used domestically, what approvals or warrants are sought before deployment, or what oversight exists for targeting U.S. persons. Privacy advocates say the Fourth Amendment typically requires warrants for content on phones; there is no public evidence confirming that such standards are being consistently applied.
– Oversight and transparency: Congressional offices and advocacy groups have sought documents and briefings. Lawmakers have been told use is approved, but detailed operational records, targeting lists, and legal justifications remain largely secret. Several organizations have filed Freedom of Information Act suits to force disclosure.
Bigger policy context and recent shifts
– Biden administration actions: The previous administration pushed back on the commercial spyware industry through sanctions, blacklisting of companies such as NSO Group on the Commerce Department’s Entity List, a 2023 executive order limiting federal spyware purchases, and international coordination with allies to curb misuse.
– Reversals under the current administration: Some sanctions that were imposed on figures linked to spyware firms have been lifted. A paused ICE contract with Paragon was reinstated temporarily, and restrictions on certain companies have been loosened or revisited. These moves have raised alarms among civil‑liberties advocates who fear a reversion from the hardline stance of recent years.
The NSO Group and other commercial spyware makers
– Pegasus and NSO: Pegasus, made by NSO Group, is the most prominent commercial spyware linked to abuse — used against journalists, activists, diplomats and others. NSO has faced legal action and was placed on U.S. trade restrictions, but it has continued lobbying and allegedly sought U.S. investors and clients. The company is appealing rulings that restrict aspects of its operations.
– Industry lobbying and changes in ownership: Several spyware firms have pursued U.S. investors, executive hires, and lobbying campaigns. Some companies or executives previously sanctioned or blacklisted have seen those restrictions reexamined or lifted, creating concern among watchdogs that commercial spyware may regain easier access to U.S. government customers.
Global proliferation and security risks
– Widening adoption: Governments worldwide are increasingly acquiring intrusive cyber‑tools. The U.K. National Cyber Security Centre has warned that scores of countries possess spyware and intrusion capabilities that could be used against foreign targets. Regulators and legal frameworks have largely lagged behind that spread.
Why advocates are worried
– Potential for misuse: Historical reporting shows spyware has been used not only for counterterrorism and criminal investigations but also to surveil political opponents, journalists, human‑rights defenders and diplomats. Advocates fear loosened U.S. restrictions could lead to broader use and fewer penalties for abusive vendors and customers.
– Lack of transparency and accountability: Contracts, procurement modifications after acquisitions, and gaps in public reporting make it difficult to track what tools federal agencies have, who they target, and whether safeguards (warrants, minimization, oversight) are enforced.
– Domestic political risks: Critics point to policy priorities and rhetoric that could expand the range of people labeled threats and thus vulnerable to surveillance — increasing the potential for politically motivated or disproportionate targeting.
What to watch next
– Congressional oversight: Lawmakers are seeking briefings and records; how forcefully Congress presses for details will shape public understanding and potential policy changes.
– FOIA litigation and reporting: Ongoing lawsuits aim to compel disclosure of contracts, communications and legal justifications; outcomes will reveal more about the agencies’ use of commercial spyware.
– Policy and enforcement decisions: Whether the administration renews, tightens or further loosens restrictions on specific companies, lifts or reinstates sanctions, or clarifies warrant and oversight requirements will determine whether recent rollbacks become institutionalized.
Bottom line
The U.S. government has acknowledged some use of commercial spyware, but crucial details remain hidden: which companies’ tools are in use, whether their deployment respects warrants and constitutional limits, how contracts have been altered amid company acquisitions, and how oversight is being exercised. Those gaps, combined with industry lobbying and recent reversals of earlier restrictions, have prompted a coalition of privacy groups, lawmakers and journalists to press for far greater transparency and legal guardrails.