U.S. Immigration and Customs Enforcement has confirmed it is using a spyware tool capable of hacking phones and intercepting encrypted messages, according to a Department of Homeland Security response to congressional inquiries. The acknowledgment, which came in an April 1 letter to lawmakers, has intensified a clash between national security agencies and members of Congress who say the tool poses serious risks to civil liberties, particularly for immigrant communities. The disclosure also raises hard questions about whether existing federal restrictions on commercial spyware are being followed in substance or merely on paper.
What is verified so far
The core fact is now on the record: DHS has told Congress that ICE’s Homeland Security Investigations unit is using what it described as a “specific tool” approved for operational use. That language comes from an official statement by Rep. Summer Lee (D-Pa.) and colleagues, who characterized the DHS reply as insufficient and vowed continued oversight. The tool in question is Israeli-made spyware with the ability to hack phones and encrypted apps, and its deployment is tied to the reactivation of a deal with Paragon Solutions, an Israeli surveillance firm.
The federal policy that is supposed to govern this kind of technology is Executive Order 14093, published on March 30, 2023. That order, available through the Federal Register, prohibits U.S. government use of commercial spyware that poses risks to national security. But the order also contains exceptions for tools that have been approved through internal review processes. ICE and DHS appear to be relying on one of those exceptions, though neither agency has publicly detailed the review that led to approval or explained how ongoing monitoring is being conducted.
Congressional concern predates the April 1 DHS response. Rep. Shontel Brown (D-Ohio) led an oversight letter to DHS, according to her office, questioning ICE’s use of mass surveillance technology and demanding transparency about the agency’s tools and their legal basis. That letter, per Rep. Brown’s office, was dated October 6, 2025, though the DHS response cited by Rep. Lee’s office is dated April 1. The timeline discrepancy between these two dates is addressed below.
ICE’s use of commercial spyware also sits within a broader ecosystem of government surveillance tools, from cell-site simulators to large data analytics platforms. Civil liberties advocates argue that the combination of powerful hacking capabilities and historically limited oversight of immigration enforcement agencies makes this particular deployment especially sensitive. For immigrant communities that already fear contact with ICE, the knowledge that agents may have access to invasive spyware could further chill communication and organizing, particularly over supposedly secure messaging services.
What remains uncertain
Several significant gaps remain in the public record. The full text of DHS’s April 1 response has not been released publicly. Lawmakers have summarized its contents, but the actual letter, its legal reasoning, and any attached compliance documentation are not available for independent review. Without that material, it is impossible to assess whether ICE’s use of the Paragon tool satisfies the specific conditions laid out in EO 14093 or whether the agency is stretching the order’s exception clauses beyond their intended scope.
The timeline itself presents a puzzle. According to Rep. Brown’s congressional office, the oversight letter to DHS is dated October 6, 2025, which falls after the April 1 DHS response cited by Rep. Lee. One plausible reading is that the October letter represents a second round of oversight, prompted by dissatisfaction with the earlier DHS reply. Another possibility is that the dates refer to different threads of correspondence that have not been fully described in public statements. Neither office has clarified the relationship between the two documents, and no public record resolves the sequence definitively.
Equally unclear is the operational scope of the spyware itself. Reporting identifies the tool as capable of intercepting encrypted communications on platforms like Signal and WhatsApp, but ICE has not disclosed how many times it has been deployed, against whom, or under what legal authority individual operations proceed. No operational logs, technical specifications, or usage limits have been made public. The absence of this information is precisely what has frustrated oversight efforts. As Rep. Lee’s statement put it, DHS’s response “falls short of transparency,” a characterization that suggests lawmakers received little beyond a bare acknowledgment.
The role of Citizen Lab and the Knight First Amendment Institute also deserves attention. Both organizations have been identified as expert sources on the technical and civil liberties dimensions of commercial spyware. However, neither group’s specific findings or assessments regarding ICE’s use of the Paragon tool have been detailed in the available reporting. Their involvement signals that independent technical scrutiny may be forthcoming, but no public analysis from either group has been cited in connection with this particular deployment, leaving the public reliant on congressional summaries and sparse agency language.
There is also uncertainty about how this tool interacts with existing warrant requirements and judicial oversight. If ICE is using the spyware under traditional wiretap or search warrants, courts may be approving highly intrusive capabilities without fully understanding the technology’s reach. If, instead, agents are relying on other statutory authorities tailored to immigration enforcement, judges and defense counsel may have even less visibility into how evidence is being collected and what collateral data is swept up along the way.
How to read the evidence
The strongest piece of evidence in this story is the DHS acknowledgment itself, relayed through official congressional channels. When a federal agency confirms to sitting members of Congress that it is using a specific surveillance tool, that constitutes a primary admission, not a leak or allegation. The fact that DHS used the phrase “specific tool” approved for “operational use” is significant because it places the agency’s own language on the record, even if the fuller context remains classified or withheld.
EO 14093 is the second layer of primary evidence. The order’s text is publicly available and establishes clear criteria for when commercial spyware may or may not be used by the federal government. Any assessment of ICE’s compliance depends on matching the agency’s actions against those criteria. But because the internal approval process is not public, outside observers are left comparing the order’s plain language against DHS’s vague confirmation, a mismatch that favors the agency’s discretion over public accountability. In effect, the public can see the rulebook but not the scorecard that would show whether ICE is following it.
The congressional press releases from Rep. Lee and Rep. Brown are useful but carry an inherent limitation. They are political documents issued by lawmakers who are pressing for stronger oversight, and their framing reflects that posture rather than a neutral factual account. That does not make them unreliable, but it does mean readers should distinguish between direct quotations of DHS language and the lawmakers’ own characterizations of that language. When Rep. Lee says DHS “falls short of transparency,” for example, that is an evaluative claim about how much information was shared, not a verbatim excerpt from the agency’s letter.
Readers should also be cautious about conflating the capabilities of the spyware with its documented use. The Paragon tool appears technically capable of extensive hacking and interception, yet the public record does not show how often or how broadly ICE has actually deployed it. In surveillance reporting, there is often a gap between what a system can do and what agencies are authorized or resourced to do in practice. Until more documentation emerges, claims about scale should be treated as speculative.
Why the stakes extend beyond ICE
Although this dispute centers on a single DHS component, the implications reach across the federal government. EO 14093 was intended to set a government-wide standard for commercial spyware, signaling that tools associated with human rights abuses or security risks would be off-limits. If ICE can quietly obtain an exception for a powerful foreign-made system without public explanation, other agencies may follow the same path, turning the order’s safeguards into a largely internal, and therefore opaque, compliance exercise.
The episode also highlights the asymmetry between the secrecy surrounding surveillance tools and the relative openness of other parts of public life. People can freely browse job listings and careers, manage their online accounts, and choose to subscribe to publications or support independent journalism, but they have almost no visibility into how often their communications might be subject to invasive government hacking. That imbalance makes congressional oversight, and the limited disclosures it can force into the open, one of the few available checks.
For now, the public record establishes three points: ICE is using a foreign commercial spyware tool; DHS believes that use fits within the exceptions of EO 14093; and key members of Congress are unconvinced that the agency has been adequately transparent or constrained. Until the underlying correspondence, legal justifications, and technical safeguards are disclosed, the debate will continue to hinge on partial evidence, and on how much trust the public is willing to place in secret internal reviews of extraordinarily powerful surveillance technology.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
