EFF Statement on ICE Use of Paragon Solutions Malware

DEEPLINKS BLOG ByCooper Quintin September 3, 2025

EFF Statement on ICE Use of Paragon Solutions Malware

Share It

●Español This statement can be attributed to EFF Senior Staff Technologist Cooper Quintin It was recently reported by Jack Poulson on Substack that ICE has reactivated its 2 million dollar contract with Paragon Solutions, a cyber-mercenary and spyware manufacturer. The reactivation of the contract between the Department of Homeland Security and Paragon Solutions, a known spyware vendor, is extremely troubling. This end run around the executive order both ignores the spirit of the rule and does not actually do anything to prevent misuse of Paragon Malware for human rights abuses Paragon's “Graphite” malware has been implicated in widespread misuse by the Italian government. Researchers at Citizen Lab at the Munk School of Global Affairs at the University of Toronto and with Meta found that it has been used in Italy to spy on journalists and civil society actors, including humanitarian workers. Without strong legal guardrails, there is a risk that the malware will be misused in a similar manner by the U.S. Government. These reports undermine Paragon Solutions’s public marketing of itself as a more ethical provider of surveillance malware. Reportedly, the contract is being reactivated because the US arm of Paragon Solutions was acquired by a Miami based private equity firm, AE Industrial Partners, and then merged into a Virginia based cybersecurity company, REDLattice, allowing ICE to circumvent Executive Order 14093 which bans the acquisition of spyware controlled by a foreign government or person. Even though this order was always insufficient in preventing the acquisition of dangerous spyware, it was the best protection we had. This end run around the executive order both ignores the spirit of the rule and does not actually do anything to prevent misuse of Paragon Malware for human rights abuses. Nor will it prevent insider threats at Paragon using their malware to spy on US government officials, or US government officials from misusing it to spy on their personal enemies, rivals, or spouses. The contract between Paragon and ICE requires all US users to adjust their threat models and take extra precautions. Paragon’s Graphite isn’t magical, it’s still just malware. It still needs a zero day exploit in order to compromise a phone with the latest security updates and those are expensive. The best thing you can do to protect yourself against Graphite is to keep your phone up to date and enable Lockdown Mode in your operating system if you are using an iPhone or Advanced Protection Mode on Android. Turning on disappearing messages is also helpful that way if someone in your network does get compromised you don’t also reveal your entire message history. For more tips on protecting yourself from malware check out our Surveillance Self Defense guides.

Related Issues

State-Sponsored Malware

Related Cases

AlHathloul v. DarkMatter Group

Related Updates

Press Release | August 13, 2025

Torture Victim’s Landmark Hacking Lawsuit Against Spyware Maker Can Proceed, Judge Rules

PORTLAND, OR – Saudi human rights activist Loujain Alhathloul’s groundbreaking lawsuit concerning spying software that enabled her imprisonment and torture can advance, a federal judge ruled in an opinion unsealed Tuesday. U.S. District Judge Karin J. Immergut of the District of Oregon ruled that Alhathloul’s lawsuit...

Deeplinks Blog bySophia Cope, Andrew Crocker | August 2, 2024

EFF to Ninth Circuit: Don’t Shield Foreign Spyware Company from Human Rights Accountability in U.S. Court

Legal intern Danya Hajjaji was the lead author of this post.EFF filed an amicus brief in the U.S. Court of Appeals for the Ninth Circuit supporting a group of journalists in their lawsuit against Israeli spyware company NSO Group. In our amicus brief backing the plaintiffs’ appeal, we argued...

Deeplinks Blog byCooper Quintin, Eva Galperin | February 8, 2024

EFF Helps News Organizations Push Back Against Legal Bullying from Cyber Mercenary Group

Cyber mercenaries present a grave threat to human rights and freedom of expression. They have been implicated in surveillance, torture, and even murder of human rights defenders, political candidates, and journalists. One of the most effective ways that the human rights community pushes back against the threat of targeted surveillance...

Press Release | May 8, 2023

Suit by Renowned Saudi Human Rights Activist Details Harms Caused by Export of U.S. Cybersurveillance Technology and Training to Repressive Regimes

PORTLAND, OR — The Electronic Frontier Foundation (EFF), the Center for Justice & Accountability (CJA), and Foley Hoag LLP on Monday filed an amended complaint with the U.S. District Court for the District of Oregon on behalf of renowned Saudi human rights activist Loujain Alhathloul against...

Deeplinks Blog byKaren Gullo | April 14, 2023

Comunicado de prensa para Latinoamérica: La propuesta de tratado de la ONU sobre ciberdelincuencia carece de suficientes salvaguardias de derechos humanos, lo que agrava las amenazas a la privacidad y las libertades civiles en Latinoamérica

VIENA-El martes 18 de abril, a las 10:00 am hora del Pacífico (1:00 pm hora del Este), expertos de Electronic Frontier Foundation (EFF) y tres aliados latinoamericanos de derechos digitales informarán a los reporteros sobre las amenazas únicas a la privacidad que plantea la propuesta de Tratado sobre Delitos...

Deeplinks Blog byCooper Quintin | February 10, 2023

Uncle Sow: Dark Caracal in Latin America

In 2018, EFF along with researchers from Lookout Security published a report describing the Advanced Persistent Threat (APT) we dubbed "Dark Caracal." Now we have uncovered a new Dark Caracal campaign operating since March of 2022, with hundreds of infections across more than a dozen countries. In this report...

The banner for the 2022 Year in Review blog series

Deeplinks Blog byBill Budington, Cooper Quintin | December 24, 2022

EFF’s Threat Lab Sharpens Its Knives: 2022 in Review

EFF’s Threat Lab is dedicated to deep-dive investigations that examine technology-enforced power imbalances in society. In 2022 we’ve sharpened our knives and honed our skills in an effort to bring down the stalkerware industry, taken aim at invasive surveillance by police, raised red flags around the security and privacy...

Deeplinks Blog byKaren Gullo | April 28, 2022

EFF Statement on the Declaration for the Future of the Internet

The White House announced today that sixty one countries have signed the Declaration for the Future of the Internet. The high-level vision and principles expressed in the Declaration—to have a single, global network that is truly open, fosters competition, respects privacy and inclusion, and protects human rights and fundamental...

Deeplinks Blog byBill Budington | April 4, 2022

Anatomy of an Android Malware Dropper

Recently at EFF’s Threat Lab, we’ve been focusing a lot on the Android malware ecosystem and providing tools for its analysis. We’ve noticed lot of samples of Android malware in the tor-hydra family have surfaced, masquerading as banking apps to lure unsuspecting customers into installing them. In this...

Legal Case

AlHathloul v. DarkMatter Group

EFF is representing prominent Saudi human rights activist Loujain AlHathloul in a lawsuit against spying software maker DarkMatter Group and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts.AlHathloul is among the victims of an illegal spying program created and run by...