Last month, Immigration and Customs Enforcement acknowledged for the first time the agency's growing arsenal of surveillance technology includes spyware. Such tools can remotely hack into phones and have been abused repeatedly by governments around the world that have used them not only to counter national security threats, but also to spy on political rivals, diplomats, human rights activists and journalists.
ICE's admission of its spyware use, which the agency says has been approved to help its Homeland Security Investigations team disrupt foreign terrorist groups and fentanyl traffickers, comes as critics of the commercial spyware industry are growing concerned that the Trump administration is slowly reversing a previous hard line stance the U.S. government took against the industry in recent years.
"We're starting to see erosion," said Steve Feldstein, a senior fellow at the Carnegie Endowment for International Peace. "There's a concern that in the coming year, months, we could see further changes that would really put a damper on what I think has been a really important effort to try to hold this industry to account."
Feldstein said the U.S. "reached a high-water mark when it came to really pushing back against the industry" during the Biden administration. Former President Joe Biden's actions included blacklisting and sanctioning some spyware companies and personnel, an executive order limiting the government's use of commercial spyware and leading an international agreement with other democratic countries to counter the misuse of such tools.
Those actions came in response to revelations that foreign governments were misusing the technology to commit human rights violations as well as targeting devices belonging to American politicians and officials.
Yet so far the Trump administration has lifted sanctions that Biden's Treasury Department had instituted against three people affiliated with the spyware tool, Predator, and temporarily revived an ICE contract with the Israeli-founded spyware company Paragon Solutions that had been paused by the Biden administration.
Privacy and civil rights advocates are worried the Trump administration could be persuaded to also lift restrictions placed on NSO Group, the maker of the powerful spyware Pegasus that researchers say can turn a phone into a recording device in addition to accessing its contents. The tool has been linked to misuse in various countries and has been found on the devices of activists and journalists, including on the phones of people close to Washington Post contributor Jamal Khashoggi, who was murdered in a Saudi embassy in Turkey in 2018.
NSO Group has hired a close ally of President Trump as its chairman and is lobbying the administration. Despite being on a Department of Commerce so-called "blacklist," the company said last fall that American investors had acquired the Israeli-founded company, though the current status is unclear.
This has been a "really troubling period" for U.S. actions on spyware, said Michael De Dora, the U.S. advocacy manager for Access Now, a digital civil rights organization.
"There's no way to look at the facts without seeing that this administration is not going to forcefully work to counter spyware — and actually might be quite comfortable using it and also lifting punishment that has been doled out to spyware violators," De Dora said.
The latest shifts in U.S. approaches to spyware also come as ICE is expanding its use of surveillance tools and targeting both immigrants and protesters, and Congress continues to debate whether additional guardrails are needed to protect the rights of American citizens whose communications are swept up in foreign surveillance operations that do not currently require a warrant.
Meanwhile, a growing number of countries are adopting spyware to hack into cell phones, even as regulatory frameworks have not been updated. Last month, the U.K. government's National Cyber Security Centre disclosed that it estimates some 100 countries worldwide have access to spyware and cyber intrusion tools that could be used against British devices and systems.
A mystery with ICE's Paragon Solutions contract
The history of ICE's only known contract with a commercial spyware maker is messy and convoluted.
In 2024, the agency signed a now-ended $2 million contract with Paragon Solutions for an unspecified product. Whether ICE ever used the tool or continues to use it is an open question.
That contract was swiftly put on hold by the Biden administration to investigate whether it complied with a 2023 executive order signed by the former president that prohibits federal agencies from purchasing commercial spyware that poses a significant security risk to the U.S. or risk of misuse by foreign governments.
Paragon Solutions created a spyware tool called Graphite that can be used by government agencies to remotely hack into a cell phone without the user knowing or even clicking a link. Last year, WhatsApp found more than 90 users in various countries were targeted with Paragon Solutions spyware, and independent researchers were able to confirm the devices of journalists and activists in Italy were targeted with Graphite.
Last August, the Trump administration reinstated the ICE contract with Paragon Solutions and lifted the stop work order. By then the company had been acquired by an American private equity firm and merged with another company, REDLattice.
A notice in federal procurement documents says the Paragon Solutions contract was modified on Jan. 20 of this year to close out the contract.
Before that notice appeared, Democratic lawmakers led by Rep. Summer Lee (D-Pa.) wrote to the Department of Homeland Security last fall asking for all communications related to its use of spyware, including communications about Paragon Solutions' Graphite, who it was targeting with spyware, and the legal justification for its use.
When ICE's departing acting Director Todd Lyons responded on April 1, his letter made clear he had approved ICE's Homeland Security Investigations to use spyware, though he did not name the tool.
Yet the status of ICE's access to Paragon Solutions tools is unclear, raising questions about what tools the agency might be using.
The notice showing the contract has been closed out could mean the services from the original Paragon Solutions contract are no longer available to the agency, or they could have been rolled into a different contract, potentially with a third party that bundles various services together. Such a step would make it harder to track the agency's relationship with Paragon Solutions or its parent entities on procurement websites.
The notice of the contract closure "raises more questions than answers," said Julie Mao, an attorney with the nonprofit law firm and advocacy group, Just Futures Law. "Particularly since Director Lyons confirmed that ICE continues to use commercial spyware, we do not know whether ICE has ceased using Paragon spyware, continues operations under another contract, or uses some other spyware company that ICE has failed to disclose to the public."
Mao's organization is suing under the Freedom of Information Act for records related to the contract.
An unnamed spokesperson for the Department of Homeland Security told NPR in a statement that the agency had not "entered another contract with Paragon Solutions, Inc." But since that company has been acquired, the significance of that statement is unclear. The agency did not respond to follow up questions seeking to clarify if that meant the agency had ceased having access to Paragon-developed tools.
NPR could not find evidence of a contract between REDLattice and ICE on federal procurement websites.
"Unfortunately, the confusion and lack of transparency is part of a long history of ICE and DHS secreting away its surveillance programs from the American public and Congressional oversight," Mao said.
In 2022 The New York Times reported the Drug Enforcement Administration was using Graphite, though the status of that contract is also unclear. DEA did not respond to an NPR inquiry about whether it had a current contract for the tool.
Meanwhile, staff for Sen. Ron. Wyden (D-Ore.) have been trying for weeks to schedule a briefing with Paragon Solutions' American owner, AE Industrial Partners, but the company stopped responding, according to Wyden's spokesperson Keith Chu.
Lyons' letter said he had approved Homeland Security Investigations' use of "cutting-edge technological tools that address the specific challenges posed by the Foreign Terrorist Organizations' thriving exploitation of encrypted communication platforms." The letter also stated that the agency "complies with all requirements" set forth in the 2023 executive order Biden signed on spyware use.
"Any use of the technology will comply with constitutional requirements and be coordinated with the ICE Office of the Principal Legal Advisor," the letter said.
But the letter has raised questions such as how broadly federal HSI agents are using the tool, whether it is being used domestically or only to target people in other countries, and what kind of authorization agents need to seek before deploying the tool.
Rep. Summer Lee (D-Pa.) told NPR she was concerned about the possibility that such a tool could be used inappropriately, citing the Trump administration's emphasis on combatting "antifa" that many fear could be used to justify a crackdown on political opponents.
Earlier this month the Trump administration released a counterterrorism strategy that targets "violent left-wing extremists," along with drug cartels and Islamist terror groups, while it does not mention violence from the far right, long considered to be a major domestic threat. Federal officials attempted to portray multiple U.S. citizens who were shot by federal immigration agents earlier this year as domestic terrorists.
"We already know that Trump has already attempted to change the definition of what a terrorist, or domestic terrorist is," Lee said. "So is this just anybody who opposes Trump's administration, its policies, can this be used against them?"
Maria Villegas Bravo from the nonprofit Electronic Privacy Information Center told NPR it was unclear to her based on Lyons' letter whether HSI agents using spyware are getting a warrant and proving probable cause first.
"They should be — they're legally required to because you have a Fourth Amendment protection in the content stored on your phone," Villegas Bravo said. "But we have no insight into what's going on."
In a statement, the unnamed DHD spokesperson said, "Like other law enforcement agencies, ICE employs various forms of technology while respecting civil liberties and privacy interests. DHS law enforcement methods abide by the U.S. Constitution including the Fourth Amendment."
Backsliding from a hardline stance on spyware
Last December, the Treasury Department took three senior figures affiliated with Intellexa, the maker of the spyware Predator, off of a U.S. sanctions list they had been added to in 2024. One of those individuals was later convicted in Greece in February in connection to Predator abuses in that country.
The reversal was a shock to privacy advocates who had welcomed the Biden administration's efforts to crack down on foreign spyware companies and their executives. Villegas Bravo told NPR the lifted sanctions represented "a real backslide."
Now she and others are focused on whether the Trump administration will be amenable to undoing other restrictions against NSO Group, which makes Pegasus.
"I'm very concerned that NSO group is trying to curry favor with the current administration and trying to get another contract," Villegas Bravo told NPR.
The Federal Bureau of Investigations piloted using Pegasus in late 2020 and the first half of 2021, reporting by The New York Times found.
But by the end of 2021, the U.S. government began to take punitive actions against the company. The Commerce Department put the company on its so-called "blacklist" also known as its Entity List, a trade restriction which makes it difficult for U.S. companies to do business with it.
The department said it was taking the step because NSO Group had supplied spyware to foreign governments that used the tool "to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."
The company, which like Intellexa and Paragon Solutions was founded in Israel, has spent close to $8 million lobbying the U.S. government since 2020, according to Open Secrets.
"They've tried pretty much everything," said Vas Panagiotopoulos, a freelance journalist and researcher at Deakin University in Australia who has written about the company's lobbying efforts. "Since 2018, they've hired like over 15 different sort of lobbying consultancies, law firms, PR agencies, external consultants, former diplomats — it's a long list."
The company's biggest priority is thought to be to get off of the Commerce Department's blacklist.
The company is also currently appealing a court order that bars it from hacking WhatsApp messages that stems from a lawsuit WhatsApp and its parent company, Meta, brought against NSO Group. In that court case and other public statements, NSO Group has made clear that its goal is to gain business from the American government.
"It is reasonably foreseeable that a law enforcement or intelligence agency of the United States will use Pegasus," the company wrote in a legal filing.
David Friedman, who once served as Trump's bankruptcy lawyer and later as his ambassador to Israel, became the chairman of NSO Group late last year. His appointment came shortly after the company announced that it had been acquired by U.S. investors, though the current status remains unclear.
During the Biden administration, the White House had warned against American companies acquiring NSO Group.
Rep. Lee wrote to the Department of Commerce earlier this month asking for a briefing on discussions about the purchase of NSO Group by an American company or the potential for U.S. government agencies to use the company's tools.
"The Trump Administration appears to be broadly receptive to using commercial spyware to infiltrate cell phones and allowing U.S. investment in sanctioned spyware companies like NSO Group," Lee wrote.
Copyright 2026 NPR
