ICE Confirms Use of Israeli Spyware That Can Hack Phones Without a Click

Zero-Click Surveillance Goes Domestic

Immigration and Customs Enforcement is now using military-grade spyware inside the United States, according to a letter from acting ICE Director Todd Lyons obtained by NPR. The tool, called Graphite, can hack into phones and read encrypted messages without the target ever clicking a link or opening a file.

Lyons confirmed the agency's use of Graphite in an April 1 letter responding to questions from Democratic lawmakers who had been asking about the spyware since October. His justification? Disrupting fentanyl traffickers and foreign terrorist organizations.

But civil liberties advocates and members of Congress aren't buying it. The admission comes as ICE has massively expanded its surveillance dragnet under the Trump administration's mass deportation campaign, sweeping up data on American citizens who protest ICE operations alongside immigrants targeted for removal.

The Spyware's Track Record

Graphite was developed by Israeli company Paragon Solutions and uses what security researchers call "zero-click" technology. That means it can infect a device through WhatsApp or other messaging apps without requiring any action from the user. No suspicious link to click, no malicious attachment to open. The spyware just appears.

Last year, WhatsApp disclosed that Graphite had been used to target approximately 90 journalists and civil society members across multiple countries. Researchers at The Citizen Lab at the University of Toronto later identified specific victims in Italy, including journalists and humanitarian aid workers. The Italian government's use of Graphite became so controversial that Paragon ended its contracts with Italian agencies in 2025.

Now that same technology is being deployed by a U.S. immigration enforcement agency with a documented history of civil rights abuses and mission creep.

From Biden Pause to Trump Green Light

The timeline of ICE's Graphite contract reveals how quickly guardrails can disappear. The agency signed a $2 million deal with Paragon Solutions at the end of the Biden administration, but the contract was immediately paused for review.

The pause was meant to ensure compliance with a 2023 executive order Biden signed barring the use of commercial spyware that poses national security risks or could be misused by foreign governments. That review apparently didn't take long once Trump returned to office. The contract was revived last fall.

In his letter, Lyons claims he has "certified" that the tool doesn't pose security risks or risk of improper use by foreign actors. That certification might carry more weight if Paragon Solutions were still an Israeli company. But the firm was purchased by American private equity firm AE Industrial Partners in late 2024 and merged with cybersecurity company REDLattice. Neither company responded to NPR's request for comment.

The corporate shuffle conveniently sidesteps concerns about foreign control while doing nothing to address the civil liberties implications of ICE having access to technology that can silently compromise any smartphone.

Who Gets Targeted?

Lyons' letter provides almost no details about how ICE is using Graphite, who can be targeted, or what legal process the agency follows before deploying it. He simply states that any use "will comply with constitutional requirements" and will be coordinated with ICE's legal office.

Rep. Summer Lee, one of three Democratic lawmakers who demanded answers about the spyware, told NPR the response "makes one thing clear: They are moving forward with invasive spyware technology inside the United States."

Lee expressed frustration that Lyons dodged substantive questions about legal authority and potential targets. "The people most at risk, including immigrants, Black and brown communities, journalists, organizers, and anyone speaking out against government abuse, deserve more than secrecy and deflection from an agency with a long record of overreach and abuse," she said.

That concern isn't theoretical. ICE has already used its expanded surveillance tools extensively on American citizens who protest the agency's activities. The deployment of Graphite raises the stakes considerably. Unlike location tracking or license plate readers, this spyware can access the content of private communications, including messages users believed were protected by end-to-end encryption.

The Administrative Subpoena Loophole

Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation, highlighted a particularly alarming possibility in Lyons' response. "The biggest concern now is that Lyons' response doesn't rule out ICE using an administrative subpoena to deploy this malware against people living in the United States as part of their ideological battle against constitutionally protected protest," Quintin said.

Administrative subpoenas are orders ICE can issue without a judge's approval. They're supposed to be used for obtaining records relevant to immigration investigations. If ICE claims it can use administrative subpoenas as legal justification for deploying military-grade spyware, it would effectively give the agency unchecked surveillance power over anyone it deems relevant to an investigation.

The timing of this revelation is significant. Congress is currently debating whether to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, a controversial surveillance authority that has been repeatedly abused to spy on Americans. Lawmakers are also considering whether to close a legal loophole that allows federal agencies to buy bulk data about millions of Americans from commercial data brokers without a warrant.

ICE's admission that it's deploying powerful spyware with minimal transparency or oversight underscores why those debates matter. When agencies can purchase surveillance capabilities that would require a warrant if developed in-house, constitutional protections become meaningless.

An Agency With a History

ICE's assurances that it will use Graphite responsibly ring hollow given the agency's track record. This is the same agency that has repeatedly been caught lying about the criminal histories of people it detains, that has separated thousands of children from their families, and that has conducted workplace raids that terrorize entire communities.

Under the Trump administration's current mass deportation push, ICE has shown even less restraint. The agency has arrested people at schools, hospitals, and courthouses. It has detained U.S. citizens. It has used facial recognition and other surveillance technologies with virtually no public accountability.

Now ICE has access to spyware that can turn anyone's phone into a listening device without leaving a trace. The agency says it will only use this power against fentanyl traffickers and terrorists. But it won't say how it defines those terms, what evidence is required before deployment, or who reviews those decisions.

We're supposed to just trust them. The same agency that has consistently demonstrated it cannot be trusted with the power it already has.