ICE Just Admitted It Uses Zero Click Spyware That Can Read Your Encrypted Messages

What ICE Just Confirmed

In a letter dated April 1, 2026, ICE acting director Todd Lyons confirmed for the first time that U.S. Immigration and Customs Enforcement is actively using Graphite, a powerful spyware tool made by Israeli firm Paragon Solutions. The letter was a belated response to an October inquiry from three Democratic members of the House Committee on Oversight and Government Reform.

According to Lyons, the agency uses Graphite to intercept encrypted messages from fentanyl traffickers and members of foreign terrorist organizations. He framed the tool as necessary "to counter terrorists' thriving exploitation of encrypted communications platforms."

How Graphite Works

Graphite is not your typical surveillance tool. It uses what is known as zero click technology, meaning it can infect a target's phone without the victim ever clicking a link, opening a file, or taking any action at all.

In attacks documented by researchers, attackers added targets to a WhatsApp group and sent a PDF. The victim's phone automatically processed the document, exploiting a zero day vulnerability to install the Graphite implant. From there, the spyware escaped WhatsApp's sandbox to compromise other apps on the device.

Once installed, Graphite operates at the device level. It can extract messages from encrypted apps like WhatsApp and Signal, access stored data, and activate the microphone and camera. The tool reads messages after decryption on the device itself, bypassing end to end encryption entirely.

The $2 Million Contract

ICE initially signed a $2 million contract with Paragon Solutions at the end of the Biden administration. The contract was quickly paused in 2024, then revived by the Trump administration in fall 2025.

Paragon itself has changed hands. Founded in 2019 by former Israeli Prime Minister Ehud Barak and Ehud Schneorson, the former commander of Israel's Unit 8200, the company was acquired by American firm AE Industrial Partners in late 2024 and merged with cybersecurity company REDLattice.

Already Used Against Journalists

This is not a theoretical concern. In early 2025, WhatsApp disclosed that approximately 90 journalists and members of civil society across multiple countries had been targeted with Graphite. Researchers at the University of Toronto's Citizen Lab later identified specific journalists and humanitarian aid workers in Italy whose devices were infected through WhatsApp messages.

The fallout was severe enough that Paragon ended its contracts with the Italian government in 2025. Citizen Lab's research also suggests that Australia, Canada, Cyprus, Denmark, Israel, and Singapore may be Paragon clients.

Why Civil Liberties Groups Are Alarmed

"They are moving forward with invasive spyware technology inside the United States," said Representative Summer Lee in response to the disclosure.

The Electronic Frontier Foundation's Cooper Quintin warned that ICE's response "doesn't rule out ICE using an administrative subpoena to deploy this malware against people." Unlike a traditional wiretap warrant, an administrative subpoena does not require approval from a judge.

Civil liberties advocates have expressed particular concern that the tool could be turned against protesters, organizers, and marginalized communities without adequate judicial oversight. The history of Graphite's deployment against journalists makes that worry more than hypothetical.

What You Can Do

Zero click spyware like Graphite represents the most advanced tier of surveillance technology. While ordinary users are unlikely to be individually targeted, the precedent matters for everyone. Here are steps to reduce your exposure:

• Keep your phone's operating system and messaging apps updated. WhatsApp patched the vulnerability Graphite exploited.
• Enable Apple's Lockdown Mode if you have a high threat profile. Apple says no device in Lockdown Mode has been compromised by spyware.
• Use disappearing messages in Signal and WhatsApp to limit the data available if a device is compromised.
• Be aware that encryption protects messages in transit, but device level spyware reads them after they arrive. No messaging app can fully defend against a compromised phone.

The Bigger Picture

ICE's confirmation lands at a time when government surveillance requests to Big Tech are surging and federal cybersecurity agencies are operating with reduced oversight capacity. When a tool designed for counterterrorism has already been used against reporters, the question is not whether scope creep will happen but how far it has already gone.