In a quiet but explosive disclosure, U.S. Immigration and Customs Enforcement (ICE) has confirmed it is actively deploying powerful commercial spyware capable of silently hacking into phones and reading encrypted messages — all without the target ever clicking a link.
The revelation, buried in a April 1 letter from acting ICE Director Todd Lyons, marks the first official acknowledgment that the agency is using Graphite, a sophisticated “zero-click” spyware developed by Israeli firm Paragon Solutions. While ICE frames the tool as a critical weapon in the fight against fentanyl traffickers and transnational criminal organizations, privacy advocates warn it represents a dangerous expansion of government surveillance powers inside the United States — one that could easily be turned against immigrants, journalists, activists, and ordinary Americans.
What Is Graphite and How Does It Work?
Graphite is not ordinary monitoring software. It uses advanced zero-click exploits that allow it to infect a target device remotely — often through vulnerabilities in popular messaging apps like WhatsApp — without any interaction from the user. Once installed, it can intercept encrypted communications, access photos, location data, contacts, and more.
Earlier in 2025, WhatsApp disclosed that it had disrupted a campaign using Graphite that targeted approximately 90 journalists and civil society members across multiple countries. Researchers at The Citizen Lab later confirmed infections on devices belonging to journalists and humanitarian aid providers in Italy. In response to the scandal, Paragon reportedly ended its contract with Italian government agencies.
Now, the same tool is in the hands of ICE’s Homeland Security Investigations (HSI) division. In his letter, Lyons stated that he approved the use of “cutting-edge technological tools” to counter the “unprecedented lethality of fentanyl” and the exploitation of encrypted platforms by foreign terrorist organizations and transnational criminal groups.
The Contract’s Turbulent History
ICE first signed a roughly $2 million contract with Paragon Solutions toward the end of the Biden administration. The deal was quickly paused for review under a 2023 executive order signed by then-President Biden that restricts U.S. government use of commercial spyware posing national security risks or the potential for misuse by foreign governments.
The Trump administration revived the contract in fall 2025. Lyons’ April 1 letter confirms that HSI is now actively using the technology, claiming it complies with constitutional requirements and that he personally certified it does not pose significant security, counterintelligence, or foreign misuse risks.
Paragon Solutions was later acquired by U.S. private investment firm AE Industrial Partners, which merged it with cybersecurity company REDLattice.
Concerns Over Mission Creep and Domestic Use
The timing of the disclosure is particularly troubling for civil liberties groups. ICE has significantly ramped up surveillance efforts as part of the current administration’s mass deportation priorities. The agency has already built a broad surveillance web targeting individuals in the U.S. without authorization — and has applied similar tools to American citizens protesting ICE operations.
Rep. Summer Lee (D-Pa.), one of three Democratic lawmakers who sent an October 2025 inquiry about Graphite, expressed sharp disappointment with Lyons’ response. “The response I received from ICE makes one thing clear. They are moving forward with invasive spyware technology inside the United States,” she said. Lee highlighted that the people most at risk — immigrants, Black and brown communities, journalists, organizers, and those speaking out against government actions — deserve transparency rather than “secrecy and deflection.”
Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation (EFF), warned that the letter does not sufficiently rule out using the spyware via administrative subpoenas against individuals engaged in constitutionally protected protest. “An extremely invasive surveillance capability such as this should require the strongest judicial oversight,” Quintin stated.
Maria Villegas Bravo of the Electronic Privacy Information Center (EPIC) added that the U.S. lacks adequate regulations to prevent abuse of such tools, potentially undermining constitutional and human rights. She also raised a broader national security concern: by purchasing and legitimizing Graphite, the U.S. government is helping sustain a global market for spyware that foreign adversaries can exploit to weaken encrypted messaging apps and telecommunications infrastructure.
Government Purchase of Commercial Surveillance Tools
This development occurs amid growing debate in Congress over reauthorizing surveillance laws and closing loopholes that allow federal agencies to buy bulk data about Americans from commercial data brokers without a warrant. Critics argue that tools like Graphite bypass traditional warrant requirements and erode the distinction between foreign intelligence and domestic law enforcement.
While ICE insists its use of Graphite is narrowly targeted at fentanyl traffickers and terrorists, the agency’s history and the spyware’s proven track record against journalists and activists abroad fuel fears of mission creep. Once powerful zero-click capabilities exist within a law enforcement agency, the temptation — and technical ease — of expanding their use grows.
Implications for Privacy and Encrypted Communications
Graphite’s ability to defeat end-to-end encryption on popular apps strikes at the heart of modern digital privacy. For years, tech companies, privacy advocates, and even some governments have championed encrypted messaging as essential for protecting journalists, dissidents, human rights workers, and ordinary citizens from surveillance.
By deploying a tool specifically designed to undermine that protection, ICE is sending a signal that no phone is truly secure when the government decides it has a compelling interest. This raises profound questions about the future of digital privacy in the United States.
Even if current use is limited to serious criminal investigations, the normalization of zero-click spyware by domestic agencies risks setting a precedent that could be expanded under future administrations or in response to shifting political priorities.
What Comes Next?
Congress is expected to scrutinize the issue further as it debates surveillance law reauthorization. Lawmakers, civil liberties organizations, and tech companies that maintain encrypted platforms will likely push for stricter oversight, judicial warrants, and transparency requirements for any government use of commercial spyware.
For individuals, the message is sobering: even everyday tools like WhatsApp and Signal — once considered among the most secure — can be compromised by sophisticated state-backed exploits. Strong device security practices, regular updates, and caution with unknown messages remain important, though they offer limited protection against true zero-click attacks.
As governments worldwide grapple with the dual-use nature of powerful surveillance technologies, the ICE Graphite disclosure underscores a central tension: the need to combat real threats like fentanyl trafficking versus the imperative to protect fundamental rights to privacy and free expression in the digital age.
The coming months will test whether lawmakers can impose meaningful guardrails on these tools before their use becomes even more widespread — and potentially more invasive.
