Israel’s Paragon, a spyware developer that gained notoriety after winning a contract with the US government, is the third company to have recently felt the backlash. Unlike the infamous Israeli government contractor, NSO Group, the company created spyware that can remotely hack into mobile phones and encrypted messaging apps. This significant capability would raise grave privacy and security concerns. It has most severely impacted journalists and human rights defenders, who have been disproportionately targeted in response.
Founded in Israel, Paragon sought to create a reputation separate from NSO Group, which has faced international backlash for its technology’s misuse. Paragon took a courageous decision to pivot away from NSO Group. This decision made headlines after the story broke that its spyware was instrumental in targeting 90 such people—journalists and members of civil society across two dozen countries. Among those harmed were activists opposed to Italy’s cooperation with Libya, emphasizing the moral dimensions of this use of technology.
And the US government recently awarded Paragon a $2 million contract. The Department of Homeland Security even chose them to provide commercial spyware to the US Immigration and Customs Enforcement (ICE). The contract was soon after temporarily suspended for a compliance review to take place. This review made certain it was compliant with an executive order prohibiting US government use of spyware. We are happy to report that recent public procurement documents verified that this pause has been lifted!
Even with the contract’s revival still in the rearview mirror, questions remain about what it means to give ICE access to such tools for exploitation and hacking. John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto, has expressed troubling fears. As a result, he’s concerned that governments would abuse Paragon’s spyware. He stated,
“Invasive, secret hacking power is corrupting. That’s why there’s a growing pile of spyware scandals in democracies, including with Paragon’s Graphite.”
Scott-Railton made the additional case that this stems from the fact that mercenary spyware technology has been adopted by many governments and puts everyone at risk.
“As long as the same mercenary spyware tech is going to multiple governments, there is a baked-in counterintelligence risk. Since all of them now know what secret surveillance tech the US is using, and would have special insights on how to detect it and track what the US is doing with it.”
The Biden administration is taking an entirely different approach from its predecessor. To address the abuses associated with this spyware technology, U.S. officials put NSO Group on a commerce department blacklist. They claim that NSO Group has assisted foreign governments in carrying out dangerous surveillance against dissidents and journalists. This move, made permanent in their Executive Order, reflects a maturing appreciation for the harms associated with these surveillance technologies.
Paragon’s spyware was recently accused of purposely targeting human rights activists and journalists. This makes for great advertising, but raises important ethical issues about how AI is being used. Scott-Railton noted that these technologies were “designed for dictatorships, not democracies built on liberty and protection of individual rights.”
The implications of this contract go far deeper than just protecting a national security sensitive in the immediate term. There is a larger conversation about the role of private companies in surveillance and the potential for abuse when powerful technologies are made available to government agencies. Critics contend that absent robust accountability, such technologies erode democratic norms and threaten civil rights and civil liberties.