Imagine the government being able to break into your phone without you doing anything at all. You don't have to click a link or open a file. Just getting a text message can be enough. Once the spyware has infected your phone, they have access to everything. Your messages, email, photos, real-time location, and even messages on encrypted apps. This new spyware uses what are called zeroclick exploits, and it's a sprawling multi-million dollar industry. Now, the US government is buying this exact type of tech. Welcome back to Free Speech Friday, my series covering the fight for free expression and civil liberties online. Just this week, it was announced that US Immigrations and Customs Enforcement officials, aka ICE agents, will soon have access to one of the world's most sophisticated hacking tools. Thanks to the Trump administration lifting a hold on a government review of a contract with Paragon Solutions, a company founded in Israel that makes spyware that can hack into any mobile phone, including any application, even encrypted apps. This new agreement between Paragon and ICE gives ICE access to the Israeli spywares platform Graphite. Unlike old school wiretap programs, graphite doesn't need to break the math behind encryption. Instead, graphite infects a phone directly and once it's inside, it can see your messages before they're scrambled into encryption or right after they've been unscrambled to display on your screen. This means photos, texts, calls, literally everything, including the microphone on your phone, can be exposed. Paragon software turns every single personal cell phone into a surveillance gadget working against the person that owns it. Now, this ICE Paragon deal has had a very strange journey. The contract was initially signed in late 2024, but then it was quickly put on hold by the White House because the Biden administration had sort of made a show of limiting federal use of commercial spyware. In fact, in March 2023, President Biden signed an executive order called 14093 designed to restrict agencies from buying tools that pose national security risks or have been used to target dissident, journalists, and US personnel abroad. The contract with Paragon looked like an early test of whether they would basically be enforcing these rules or whether this was just another meaningless declaration for the government. So, for almost a year, it's been sitting basically under review. Now, just this week, it's been announced that the pause was lifted quietly and the deal went live. ISIS cyber unit, Homeland Security Investigations, suddenly had access pretty much overnight to one of the most powerful spyware systems on the entire planet. Now, Paragon is often compared to the NSO group, the Israeli company behind Pegasus, which is the world's most famous spyware. Pegasus became really famous initially back in 2016, but then again in 2021 with the Pegasus papers when watchdog groups found the spyware on the phones of journalists, activists, and even heads of state. Like Pegasus, Paragon Group's graphite doesn't crack encryption on the wire. It compromises the phone itself, giving the person operating the spyware information to messages, calls, etc. Everything on your phone basically. So, let's talk a little bit more about Paragon because I think this is a company that not everybody has heard of and it hasn't really been in the news as much. Like a lot of these spyware firms, Paragon has ties to Israel's defense industry. And just like NSO, its graphite spyware has already been detected in the wild. According to researchers at Citizen Lab, which is a very wellrespected watchdog group, the University of Toronto actually published evidence just earlier this year linking Paragon spyware to realworld infections of the phones on journalists in Europe. Apple even sent threat notifications to some Paragon victims in April 2025, alerting them that they had been targeted with state sponsored spyware. Paragon suspended a contract with Italy after reports surfaced that the tool had been used to spy on reporters. So, I just want you guys to realize that these aren't hypotheticals. Like, this shows exactly how quickly spyw wear, no matter how carefully it's like marketed, can and will be used against people who have nothing to do with terrorism or national security. So, this is now what ICE has access to. So when people say ICE can read your texts, what they're saying is that if IE wants it can now target anybody with graphite and if they manage to infect that person's phone, which they don't really need approval for, right? They could just go ahead and do it. Suddenly they can literally read everything from your messages on Signal, WhatsApp, iMessage. It's basically like they're looking over your shoulder and they're able to see everything that you're doing on that device. Now, I don't want that to just make you give up and say, "Oh, you know, what's the point of using all these encrypted apps? The government can just see and do anything anyway. like why do I have to use encryption? Encryption still does matter. It stops like bulk interception and it keeps companies like Meta or your phone carrier from casually peeking into your conversations. So, you do want to keep using encrypted apps. But once your device is compromised by Paragon's graphite, encryption won't help, unfortunately. Now, I do want to talk about some of the limitations of this new spyware. Tools like graphite are not designed for mass surveillance. So each infection has to be deployed against a specific target, often with a very tailored attack. That's why these government agencies tend to use them kind of sparingly in cases that they consider high priority. Of course, sparingly is a is a completely relative word. ICE is a very big agency with a very wide mandate that goes well beyond immigration enforcement. Homeland Security Investigations. The unit that's getting access to graphite also works on things like smuggling, drug cases, moneyaundering, cyber crime, and it has a terrible record of stretching its surveillance powers in ways that go way beyond its original mission. For example, it's used customs summones, basically these tools meant to narrow trade investigations to demand high amounts of information from telecom companies, schools, and even just get people's like health information. So giving agencies like this spyware capable of burrowing into phones raises a lot of questions about sort of how wide this net might eventually stretch. But it's important to note that like ICE can't just show up to a protest and like deploy this spyware, you know, at scale to all like 200 people at a protest. Like they would have to individually infect each one of those phones. It's very cold comfort. I know. And if you're wondering how on earth can they do all of this without a warrant, the legal system is very murky. In principle, the constitution requires a search warrant for rumaging through someone's phone. In principle, courts have recognized that phones hold privacies of life, meaning that they're different from old like filing cabinets or the trunk of a car. If spywear captures live communications as they happen, prosecutors also might need to obtain a wiretap order under title 3 of the wiretap act, which is slightly harder to get than a regular warrant. But technology moves faster than any of the case law around this. And judges just do not understand often what they're authorizing when they're authorizing it. And there are a lot of gray areas like the so-called border searches where ICE and Customs and Border Protection claim much broader powers. I talked about that in a previous video about what's going on right now in airports. These claims are increasingly challenged in court, especially after the Supreme Court's carpenter ruling signaled that digital records deserve more protection. But this this whole area of law is basically very far from settled. And in the meantime, ICE is kind of doing whatever they want. So there's also the executive order itself, Biden's executive order, which barred federal agencies from using spyware that threatens national security or was misused against activists and journalists. Obviously, Trump's in power now. And so, you know, it's an executive order that can be sort of quite easily negated. And these agencies are also arguing right now that Paragon and Graphite have been unjustly vilified by the media. You know, they say, well, you know, this is actually a really useful vendor for us. They've cleaned up their act. Yes, this spyware has traditionally been used to censor journalists and is being used to censor journalists around the world, but we would never do something like that here. And what's happening in this case as well is ICE is arguing that this particular use case that they need it for right now doesn't fall under the ban. So that's probably how ICE got this contract with Paragon approved. So how worried should the average person be? Cuz I know all my videos are kind of like scary and I'm like everyone's spying on your phone. They can see everything. D most Americans are not targeted in these schemes, right? Most like naturalized Americans or people that are born here, they're not going to be targeted by graphite. And the cost of deploying it on, you know, hundreds of millions of citizens is unrealistic. Although I'm sure the government would love to eventually roll that out. But anyone doing anything like immigrants, rights organizing, journalists, content creators, lawyers, even doctors serving vulnerable communities, local vendors, even anybody that would might have contact with an undocumented person, their risk is very real. And even if you're not a direct target, spyware often sweeps people up around the person being watched. So if ICE hacks the phone of an activist, every one of their contacts, chats, and private groups might be exposed. So there's this big ripple effect. And of course, once this spyware is on your phone, it's going to stay on your phone. And so the the pool of people that will have their information exposed just grows and grows and grows. So this ripple effect is exactly what fuels the chilling of speech. When journalists suspect that their phones might be compromised or activists suspect that the government is spying on their text messages, they're going to change how they communicate with vulnerable people or groups. Imagine a reporter covering conditions inside an ICE detention center. If they worry that their texts with whistleblowers could be intercepted, they might not reach out or be able to pursue that story or it would water down their reporting because they don't want to put someone at risk. So just the possibility of surveillance is often enough to quell activism and journalism and that's really terrifying. So many extremist governments and authoritarian regimes rely on this broader chilling effect. Like it's people knowing that they will be watched. Not necessarily that they are targeted, but that they could be targeted. So they sort of proactively change their own behavior and like precomply with authoritarianism. Aside from the immigrants themselves, I do think that community organizers working with immigrants will face significantly more scrutiny and potentially be targeted by this spywear or this spywear will be used to plan things like raids or intimidation, you know, campaigns to surveil people who do attend public protests. Just adding this spyw wear to the mix, it makes it so that every time people are planning things in WhatsApp groups or private messages, it it just adds again this chilling effect of being exposed. There's this knowledge that ICE does have the technical capacity to compromise everyone's phones. And that's just terrifying in itself. And I think this will discourage certain people's participation in activism altogether which could fracture movements as people worry about informants or hacked devices or you know their strategies leaking. The end result is weaker advocacy, less coordination and this broad silencing of disscent. I also think lawyers should be especially worried because right now there's this legal confidentiality, right? Where lawyers representing clients in immigration cases, they rely on encrypted messaging apps for sensitive conversation. If spyware can pierce that communication, attorney client privilege is effectively obliterated. And if lawyers start to fear that their communications aren't secure, they will probably avoid discussing sensitive strategies with clients at all electronically, which is going to leave vulnerable clients even less informed about their own cases. So this chilling effect really erodess so many institutions meant to protect immigrant rights. This whole terrifying situation is something that tons of civil liberties orgs and digital rights activists and people like myself that care a lot about free speech have been warning about. The Electronic Frontier Foundation has been warning for years that giving domestic agencies access to spyware will undeniably lead to misuse. They have pointed to ISIS's history of overreaching and they've made it clear that it's only a matter of time before this tool is misused and removed from the context under which it was improved. ICE is also not primarily an intelligence agency and so it has a lot weaker oversightes, meaning less transparency and fewer guardrails. The Paragon graphite situation is all part of a larger pattern where spyware gets introduced under the guise of national security or fighting terrorism or cracking down on illegal immigration. But slowly and surely it migrates. Predictive policing tools originally meant for counterterrorism end up in routine patrols. License plate readers like we've talked about like Flock which are installed end up logging millions of commuters and being used by the police. facial recognition, which is originally deployed for serious threats, is suddenly just being used to catch petty shoplifterss or seize people off the street. Once the infrastructure is built for mass surveillance, it is never going to be confined. And spyware is even more dangerous in this way because it doesn't just target a single place or car or device. It targets the person and their personal private life and their networks, like everything that's happening on your phone. It could not be more personal. And the government is not really fighting back against this. Surprise, surprise. Some members of Congress have demanded more disclosure about federal spyware use. And journalists are combing through procurement databases for new contracts. Wired and 404 media have done such great work covering this topic. And then researchers at places like Citizen Lab are examining infected phones and they're trying to build this case against the government with forensic evidence. But right now, it doesn't seem like ICE will even be required to report how often it uses graphite or under what authority and against whom. Without any answers on these questions, it's just impossible for the public to know even like how much is this tool being used? Who's it being used against? Like, is it on my phone? Like, you you won't know. This type of really dangerous spyware could soon be used in regular police investigations. It's all just so authoritarian. So, what can you do to stay safe? First of all, keep your phone updated. Google and Apple often push through patches meant to protect your phone security. So, that's one thing. Don't click on suspicious links. Obviously, that's not how this type of infection happens, but it's smart to take these precautions, especially if you're at higher risk. Consider using features like Apple lockdown mode. And end to-end encryption still does matter even though the spyware can bypass it because it protects against the kind of bulk surveillance that is much more common. And above all, just don't assume that a government seal of approval means that these tools are used responsibly. I know that if you're watching this video, you already know this, but it's just so important because there's so much misinformation in the media that sort of manufactures consent for mass surveillance under the guise of safety. I think this whole ice paragon graphite thing shows that in a single executive order is not enough to stop the roll out of this type of spyware or, you know, institute any sort of restraint. We need comprehensive privacy legislation and we need people in Congress to finally wake up and start caring about user privacy and data privacy. We're in this period of time right now where there is still a chance to stop the mass roll out of these tools or at least stop their mass expansion. And the stakes are really high. Thanks again for watching. Don't forget to subscribe to my tech and online culture newsletter, usermag.co. That's usermag.co co where I write about all of this stuff and more. Also, if you like my work, please, please support me on Patreon. I just launched a Patreon. It's linked below. It is one of the best ways to ensure that I can continue to report on data privacy and surveillance capitalism and all of these horrible things. That's it for this week's Free Speech Friday and I'll see you next