The U.S. government has spent years warning the world about commercial spyware — then, quietly, one of its most controversial agencies confirmed it uses it. That contradiction is now the story.

In April, U.S. Immigration and Customs Enforcement acknowledged for the first time that spyware is part of its surveillance arsenal, with ICE leadership describing the tool as necessary to penetrate encrypted communications used by transnational criminal and terror networks. But what ICE disclosed is only the beginning; what it did not disclose is where the alarm bells begin ringing.

What we know: spyware is in play, and “zero‑click” is the point

ICE’s admission matters because modern commercial spyware isn’t a glorified wiretap. Tools like Paragon Solutions’ Graphite are described as “zero-click,” meaning they can compromise a device without the target clicking a link — a capability that collapses the traditional user-safety assumptions around phishing and suspicious links. ‍

That capability has a long and uncomfortable global track record. WhatsApp disclosed that users including journalists and civil society members were targeted by Graphite, and Citizen Lab later identified infections on devices tied to journalists and humanitarian aid providers in Italy — a reminder that the same tool marketed as “lawful” can be deployed in ways that corrode democracy.

What we don’t know: the scope, the targets, the guardrails

The most consequential unknown is how the tool is used. Civil liberties advocates say it’s unclear, based on what has been disclosed, whether agents seek warrants and establish probable cause before deploying spyware — a central question because modern phones contain deeply sensitive personal content.

Even the procurement trail is murky. Reporting describes an ICE contract with Paragon that was paused under the previous administration and later revived, then “closed out” — leaving open the possibility of capability continuation through other contracting structures or vendors that bundle services. DHS has said ICE has no relationship with Paragon or the company that acquired it, while also refusing to confirm or deny operational capabilities. The result: formal denials that still leave practical access unresolved in the public record. ‍

The policy backdrop: a hard line… now under pressure

This debate exists because the U.S. previously tried to build guardrails. In 2023, the White House issued Executive Order 14093, restricting federal agencies from using commercial spyware that poses significant risks to national security or risks of misuse — including via contractors or third parties. The policy logic was explicit: spyware proliferation threatens human rights, civil liberties, and U.S. security interests.

But critics now argue those norms are eroding. Analysts and advocates quoted in recent reporting say the U.S. stance reached a “high-water mark” under prior actions that included sanctions and blacklisting, and they worry current decisions signal a softer posture toward the industry — even as spyware misuse remains widespread globally. ‍

The signal to the market: punishment can be temporary

One of the clearest “policy tells” came when the Treasury Department removed sanctions from three individuals tied to the Intellexa consortium and the Predator spyware tool — a move reported publicly as a reversal of earlier punitive action. Treasury framed it as an administrative process after petitions for reconsideration. Civil society groups warned that delistings like this risk communicating that spyware consequences are negotiable.

The next flashpoint: NSO, Pegasus, and Washington lobbying

Meanwhile, NSO Group — maker of the notorious Pegasus spyware — has been lobbying to get off the U.S. Commerce Department’s Entity List, while appointing former U.S. ambassador David Friedman as chairman. That push is politically and commercially significant because removal from the blacklist would ease U.S. business constraints and potentially reopen doors to U.S. government contracting. ‍

Why this matters: surveillance legitimacy requires transparency

The argument for spyware is always the same: encrypted platforms shield traffickers, terrorists, and hostile actors. The counterargument is also consistent: tools that can silently turn a phone into an intelligence source are dangerously prone to abuse — and the public has almost no visibility into when, how, and against whom they are used.

If spyware is becoming normalized inside U.S. agencies, the legitimacy of that choice will depend on something the commercial spyware ecosystem has historically lacked: credible transparency, enforceable oversight, and clear legal standards that survive political cycles.

‍