Headline
ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions
US Immigration and Customs Enforcement’s one-year contract with Paragon’s US subsidiary comes amid the Biden administration’s years-long crackdown on commercial spyware vendors.
US Immigration and Customs Enforcement has signed a $2 million contract with Israeli commercial spyware vendor Paragon Solutions, according to documents reviewed by WIRED.
The one-year contract between the company’s US subsidiary in Chantilly, Virginia, and ICE’s Homeland Security Investigations Division 3 was signed on September 27 and covers a “fully configured proprietary solution including license, hardware, warranty, maintenance and training.”
Paragon has received the award under the FAR 6.302-1 rule reserved for unique and innovative services not otherwise available to the government and not via the typical competitive process.
It is unknown whether the contract is for the deployment of Paragon’s flagship product, Graphite—a spyware that reportedly extracts data primarily from cloud backups—or another of the company’s products or services. ICE and Paragon did not immediately respond to WIRED’s requests for comment.
This is not Paragon’s first government agency contract. The New York Times reported in December 2022 that the US Drug Enforcement Administration had used Graphite. Similarly, an intelligence publication reported in March 2023 that Paragon had landed a major contract in Singapore worth “tens of millions of dollars.”
Paragon’s contract comes amid a comprehensive effort by the US government to reshape the commercial spyware market over the past three years. Measures have included placing spyware vendors like NSO Group and Intellexa on the so-called Entity List to prevent any US companies from doing business with them; enacting a visa restriction policy against multiple individuals “who have been involved in the development and sale of commercial spyware or who are immediate family members of those involved,” and imposing consecutive rounds of sanctions against spyware vendors.
Many of these efforts followed President Joe Biden signing an executive order in March 2023 that effectively restricted the US government’s use of commercial spyware technology while promoting its “responsible use” that aligns with the protection of human rights.
On a global level, the US is leading an initiative stipulated in the “Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware,” which now counts 21 signatories, including Germany, France, UK, Japan, and South Korea, while it recently announced that it would fund governments and civil society groups around the world to develop spyware-related research and regulation.
Paragon, which characterizes itself as a scrupulous kind of spyware maker, is likely responding to the US government’s global push for responsible surveillance. On the website of its US subsidiary, the company boasts that it provides its customers with “ethically based tools,” while one of its investors maintains that the company’s software provides “cutting-edge capabilities that make the world safer.”
Elsewhere, Paragon states that it limits its extraction of information from targeted devices “to conversations on chat apps” and that it “works solely with police forces and intelligence agencies that meet the standards of an enlightened democracy, which includes only 39 countries.”
Paragon was founded in 2019 by veterans from the Israel Defense Forces’ powerful intelligence Unit 8200 with the active involvement of former Israeli prime minister Ehud Barak as an investor who is estimated to own a sizable slice of the company.
The company has received investment from the Boston-headquartered Battery Ventures, “considered to be one of the world’s top venture capital firms,” and two of its founders formerly worked for Blumberg Capital, another large US venture capital firm.
Israeli media reported in June that a US private equity fund with a portfolio of security companies has been in talks to acquire control of Paragon, estimating its valuation at $1 billion.
To secure its unique US-approved, “ethical” positioning, Paragon has made “deliberate efforts” since its establishment to break into the US market, notes the Atlantic Council.
In 2019, as Paragon was developing Graphite, the company enlisted WestExec Advisors, a prominent Washington, DC, consulting firm cofounded by former Obama administration officials, including current US secretary of state Antony Blinken, to advise on its “strategic approach to the US and European markets,” a company executive told the Financial Times. Avril Haines, a former WestExec staffer, is now the US director of national intelligence.
To remain in the US government’s “good graces,” Paragon in February 2023 hired another DC-based lobbying firm, Holland & Knight, “with a good track record in avoiding sanctions,” as some reports point out. Lobbying expenditure disclosure reveals a spend of a minimum $280,000 in 2023 and 2024 for this campaign.
The fact that the spyware vendor has neither been placed on an entity list nor have any of its executives been sanctioned by the Biden administration suggests that Paragon’s lobbying efforts have been successful.
In addition, Biden’s executive order leaves enough margin for the deployment of tools like Graphite. When a senior US administration official was asked specifically about potential abuses of Paragon’s flagship product, they said that the executive order “requires the heads of agencies to review any activity that might be relevant,” without excluding the possibility of lawful use.
Meanwhile, the company continues to grow and is advertising several roles in Israel. In the US, Paragon boosted its presence in the wake of the signing of the executive order and started hiring intelligence veterans, including former CIA and FBI officers at its subsidiary, “hoping it would pick up new business.” Fresh reports from February 2024 confirmed the steady growth.
Paragon’s $2 million contract with ICE is tangible proof that the company’s approach is paying off. It remains to be seen whether Graphite’s deployment will align with the protection of human rights, privacy, and democracy.