On Monday 404 Media filed a lawsuit against Immigration and Customs Enforcement (ICE) demanding the agency publish its $2 million contract with Paragon, a company that makes powerful spyware that can remotely break into mobile phones without the target even clicking a link. The sale of the spyware to ICE has activists and lawmakers deeply concerned about what the agency, which continues to push the Trump administration’s mass deportation effort, may use the technology for. The contract and related documents 404 Media is suing for may provide more information on what ICE intends to do with the spyware.
“404 Media has asked ICE to disclose agency records relating to its contract with a company known for its powerful spyware tool whose potential use in the agency’s ongoing mass-deportation campaign has prompted lawmakers, civil liberties organizations, and immigration groups to express deep concerns over potential civil rights abuses,” the lawsuit says.
404 Media first filed a Freedom of Information Act (FOIA) request with ICE for documents related to its Paragon purchase in September 2024. Under the law, agencies are required to provide a response within 20 days, or provide an explanation of why they need more time. ICE acknowledged receipt of the request in September 2024, but has not since replied to any follow up inquiries. 404 Media then filed the lawsuit.
ICE signed the contract with Paragon’s U.S. subsidiary in September 2024. Soon after, the then Biden White House put a freeze on the deal as it investigated whether it clashed with a Biden executive order restricting the government’s use of spyware, WIRED reported. At the end of August with Trump in power, ICE reactivated the contract, independent journalist Jack Poulson reported.
The contract itself is for “a fully configured proprietary solution including license, hardware, warranty, maintenance, and training,” according to a description included in a public U.S. procurement database. The funding office for the purchase is listed as a division of Homeland Security Investigations (HSI). It is not clear if the ICE deal is for a custom-made tool or for some version of Paragon’s flagship “Graphite” software.
Graphite is capable of letting police remotely break into messaging apps like WhatsApp, Signal, Facebook Messenger, and Gmail according to a 2021 report from Forbes. While other government spyware tries to take over an entire device allowing all sorts of other capabilities, Paragon sets itself apart by promising to access just the messaging applications, according to Forbes.
Still, that is an exceptionally powerful capability which can skirt the protections offered by end-to-end encrypted apps, and one that is likely very attractive to law enforcement or some intelligence agencies. In March researchers from Citizen Lab, an academic group that investigates the government spyware industry, said they identified suspected Paragon deployments in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Separately the New York Times reported that the DEA has used Graphite.
Citizen Labs’ researchers said they shared their analysis with Meta, which in turn discovered an active Paragon zero-click exploit for WhatsApp. It involved the attacker adding a target to a WhatApp group and sending them a PDF which automatically infected the device. This meant Paragon’s software could hack into a target phone through its WhatsApp client without any target interaction. Later WhatsApp notified more than 90 people it believed had been targeted with Paragon’s exploit.
Some of those targets were in Italy, including prominent Italian and other European journalists, and activists who rescue refugees at sea. Those revelations have since ballooned into a full-scale political crisis, with parliamentary inquiries and The Guardian reporting that Paragon cancelled its contract with Italy.
Paragon has positioned itself as a more ethical player in the scandal and abuse-ridden government spyware industry. Tools from other vendors stretching back years, from Hacking Team, to FinFisher, to NSO Group, have all been used at some point to spy on journalists or activists. Like the notorious NSO Group, which also tried to enter the U.S. market, Paragon is based in Israel.
Selling to ICE, an agency that has flaunted due process, accountability, and transparency, may complicate that stance for Paragon. ICE has arrested people who were following the steps necessary for legal immigration; waited outside courtrooms to immediately detain people after their immigration cases were dismissed to rush them out of the country; “de-documented” people who had valid work permits in order to deport them; and continues to pick up people around the country while masking their faces and declining to provide their names.
After ICE reactivated its Paragon contract, Senator Ron Wyden said in a statement to Bloomberg “ICE is already shredding due process and ruining lives in its rush to lock up kids, cooks and firefighters who pose no threat to anyone.”
“I’m extremely concerned about how ICE will use Paragon’s spyware to further trample on the rights of Americans and anyone who Donald Trump labels as an enemy,” he added.
The best way to support 404 Media and fund our ability to sue the Trump administration to release public records is to become a paying subscriber. If you'd like to make a larger, tax deductible donation, please contact us at donate@404media.co.
