Except now the magician is a dashboard, and the trick requires neither audience consent nor applause. WhatsApp was the first to sue NSO in 2019 after discovering Pegasus infections delivered via unanswered calls.² Apple followed, citing a 2021 zero-click chain dubbed FORCEDENTRY, and later a 2023 attack named BLASTPASS.³ Each allowed infection with no user input, penetrating even updated phones protected by Apple’s Lockdown Mode.
“End-to-end encryption is still intact—but the ‘ends’ are poisoned.”
The United States knew about these tools long before it bought one.
While the labs issued warnings and the vendors polished their demos, American agencies began quietly pulling out their wallets.
In October 2024, ICE signed a $2 million contract with Paragon Solutions, an Israeli firm that builds the Graphite spyware suite.⁴ The contract was suspended during internal review. But less than a year later—on September 1, 2025—it was reactivated under the Trump administration, just as global scrutiny of mercenary spyware hit a new peak.⁵
Graphite is no theoretical product. In 2025, Citizen Lab tied it to zero-click infections on patched iPhones, describing behavior indistinguishable from Pegasus: full device compromise, encrypted message access, and persistent control.⁶ By fall, rights groups were protesting and congressional staffers were asking why a re-sanctioned vendor had resumed operations inside U.S. law enforcement.
“A stop-work order was lifted… giving ICE access to a stealth cyber-weapon.”
What does that mean in practice? That means an officer with access can open a web portal and click on a name. Behind that click, the system launches a batch of invisible probes—zero-click exploits—against that person’s phone. If even one takes, a full surveillance stream opens: messages, keystrokes, locations, camera, microphone.
You don’t need a telecom wiretap. You don’t need a hacker. You don’t even need the target to make a mistake.
Which is exactly what makes it more dangerous than anything that came before.
Back then, surveillance meant tapping the line, not the person. CALEA made carriers wiretap-ready, not phones. Metadata—who you called, when, from where—was gathered in bulk under Section 215, but the message itself stayed private unless seized. Stingrays, those fake towers police used to scoop up cell traffic, pushed the edge, but still lived outside the glass.
Spyware ended that boundary. It didn’t need the signal. It moved in. It turned the keyboard into a microphone, the camera into a witness. Privacy collapsed inward.
“Yesterday’s wiretaps lived in the network. Today’s live in your pocket.”
That shift—device over network—explains why so many technologists, from Apple engineers to civil rights lawyers, treat mercenary spyware as a red line.⁷ It doesn’t just read encrypted messages; it reads them before they’re encrypted. It doesn’t just hear you in a room; it hears you when you’re alone.
The EU has launched a parliamentary investigation.⁶ Meta continues its lawsuit against NSO.⁸ But in America, the waters are murkier. The ICE–Paragon contract remains active.⁹ And it’s not just ICE.