404media.co via Reddit June 1st 2026

ICE Redacts $2M Paragon Graphite Spyware Contract

surveillance cybersecurity surveillance privacy government-ai

Key insights

ICE released only 77 of 673 potentially responsive pages from its $2 million Paragon Graphite contract, with most content redacted.
Paragon's Graphite spyware can remotely hack mobile phones to extract messages from Signal, WhatsApp, and Facebook Messenger.
ICE closed its Paragon contract in January 2026, but FOIA litigation over the withheld pages continues.

Why this matters

The near-total redaction of a commercially procured spyware contract demonstrates that FOIA litigation may be structurally insufficient to surface technical scope, pricing, and deployment parameters when agencies invoke applicable exemptions. For security practitioners and companies building encrypted communication tools, the Graphite case shows that federal law enforcement can procure mobile extraction capabilities against apps like Signal with essentially no public accountability for how those capabilities are scoped or constrained. The gap between ICE Acting Director Todd M. Lyons' public justification and the withheld technical documentation means independent assessment of the tool's actual deployment is currently impossible.

Summary

404 Media sued ICE and got 77 of 673 pages from its $2 million Paragon contract. Capabilities, pricing, and release notes are almost entirely blacked out. Graphite, Paragon's phone-hacking spyware, extracts messages from Signal, WhatsApp, and Facebook Messenger. ICE Acting Director Todd M. Lyons cited fentanyl trafficking as justification; Paragon's own docs describe an OPSEC team dedicated to "minimizing the risk of exposure and attribution." Essentially: (404 Media, ICE, Paragon) in a lawsuit over whether federal spyware contracts must answer to public disclosure. - FOIA filed October 2024; lawsuit followed September 2025 after ICE missed its 20-day response deadline. - Contract closed January 2026; DHS confirmed no active Paragon deal by May 2026. The near-total redaction shows how federally procured spyware can resist public accountability even under court-ordered FOIA production.

Potential risks and opportunities

Risks

If courts compel fuller disclosure, ICE faces detailed public scrutiny of specific Graphite deployments that may expose individual surveillance targets to civil rights litigation
Without transparency on Graphite's use during the contract period, Congress and oversight bodies cannot verify the tool was not applied beyond the fentanyl justification cited by Acting Director Lyons
Paragon's explicit OPSEC framing around minimizing attribution creates legal exposure if those measures were used to conceal surveillance activities from judicial review

Opportunities

Digital rights organizations including EFF and ACLU gain precedent-setting leverage to demand disclosure across other federal spyware contracts beyond this single Paragon deal
Signal Foundation and Meta have documented evidence of Graphite targeting their encrypted messaging apps, strengthening the technical and political case for accelerated zero-click exploit mitigations
Congressional oversight committees have a concrete documented case to demand a comprehensive audit of all HSI surveillance tool contracts, creating a policy reform opening for transparency advocates

What we don't know yet

Which FOIA exemptions ICE invoked to redact 596 of 673 pages: not disclosed in the June 1, 2026 release
Whether HSI deployed Graphite beyond the fentanyl and criminal-network scope cited by Acting Director Lyons: withheld in the redacted capabilities section
What prompted ICE to close the Paragon contract in January 2026: agency has not stated whether this reflects a policy shift or a transition to a successor contract

Shared on Bluesky by 4 AI experts

Emily M. Bender @emilymbender.bsky.social amplified

Jason Koebler @jasonkoebler.bsky.social

We (404 Media) sued ICE because it failed to release public documents about its spyware. Now some docs are coming out but they're massively redacted. We are continuing to fight in court & are hopeful we'll get more: www…
View on Bluesky →
404 Media @404media.co: Paragon's software is capable of remotely breaking into phones and accessing messages from encrypted messaging apps. Our lawsuit aims to pry… →
Joseph Cox @josephcox.bsky.social: We've sued ICE and received documents about its $2 million spyware contract. But there's more to come. Read the documents here: www.404medi… →
Jason Koebler @jasonkoebler.bsky.social: We (404 Media) sued ICE because it failed to release public documents about its spyware. Now some docs are coming out but they're massively … →

Originally reported by 404media.co

Read the original article →

Original headline: 404 Media Sues ICE Over Paragon Spyware Contract — Agency Releases Only 77 of 673 Pages, Obscuring Graphite's Signal and WhatsApp Extraction Capabilities