WIRED has learned that a $2 million contract that U.S. Immigration and Customs Enforcement signed with Israeli commercial spyware provider Paragon Solutions has been suspended and placed under compliance review.
The White House’s scrutiny of the contract marks the first test of the Biden administration’s executive order restricting the government’s use of spyware.
He one year contract between Paragon’s US affiliate in Chantilly, Virginia, and ICE’s Homeland Security Investigations (HSI) Division 3, was signed on September 27 and was first reported on October 1 by WIRED. A few days later, on October 8, HSI issued a stop-work order for the award “to review and verify compliance with Executive Order 14093,” a DHS spokesperson tells WIRED.
He executive order signed by President Joe Biden in March 2023 aims to restrict the US government’s use of commercial spyware technology while promoting its “responsible use” that aligns with the protection of human rights.
DHS would not confirm whether the contract, which it says covers a “fully configured proprietary solution that includes licensing, hardware, warranty, maintenance and training,” includes the implementation of Paragon’s flagship product, Graphite, a powerful spyware tool that reportedly extracts data primarily from cloud backups.
“We immediately reached out to DHS leadership and worked together very collaboratively to understand exactly what was implemented, what the scope of this contract was, and whether or not it complied with the procedures and requirements of the executive order,” said a senior US official. . an administration official with firsthand knowledge of how the executive order works tells WIRED. The official requested anonymity to speak candidly about the White House’s review of the ICE contract.
Paragon Solutions did not respond to WIRED’s request for comment on the contract review.
The process set forth in the executive order requires a thorough review of due diligence regarding both the vendor and the tool to see if any is involved. concernssuch as counterintelligence, security and inappropriate use risks. Also stipule that an agency cannot make operational use of commercial spyware until at least seven days after providing this information to the White House or until the president’s national security advisor gives consent.
“Ultimately, department leadership will have to make a determination. The result may be, based on the information and facts we have, that this particular provider and tool does not encourage a violation of the requirements of the executive order,” the senior official says.