Measures have included placing spyware vendors like NSO Group and Intellexa on the so-called Entity List to prevent any US companies from doing business with them; enacting a visa restriction policy against multiple individuals “who have been involved in the development and sale of commercial spyware or who are immediate family members of those involved,” and imposing consecutive rounds of sanctions against spyware vendors. In 2019, as Paragon was developing Graphite, the company enlisted WestExec Advisors, a prominent Washington, DC, consulting firm cofounded by former Obama administration officials, including current US secretary of state Antony Blinken, to advise on its “strategic approach to the US and European markets,” a company executive told the Financial Times. Many of these efforts followed President Joe Biden signing an executive order in March 2023 that effectively restricted the US government’s use of commercial spyware technology while promoting its “responsible use” that aligns with the protection of human rights. US Immigration and Customs Enforcement has signed a $2 million contract with Israeli commercial spyware vendor Paragon Solutions, according to documents reviewed by WIRED. On a global level, the US is leading an initiative stipulated in the “Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware,” which now counts 21 signatories, including Germany, France, UK, Japan, and South Korea, while it recently announced that it would fund governments and civil society groups around the world to develop spyware-related research and regulation. In the US, Paragon boosted its presence in the wake of the signing of the executive order and started hiring intelligence veterans, including former CIA and FBI officers at its subsidiary, “hoping it would pick up new business.” Fresh reports from February 2024 confirmed the steady growth. US Immigration and Customs Enforcement’s one-year contract with Paragon’s US subsidiary comes amid the Biden administration’s years-long crackdown on commercial spyware vendors. The fact that the spyware vendor has neither been placed on an entity list nor have any of its executives been sanctioned by the Biden administration suggests that Paragon’s lobbying efforts have been successful. Paragon was founded in 2019 by veterans from the Israel Defense Forces’ powerful intelligence Unit 8200 with the active involvement of former Israeli prime minister Ehud Barak as an investor who is estimated to own a sizable slice of the company. Paragon’s contract comes amid a comprehensive effort by the US government to reshape the commercial spyware market over the past three years. It is unknown whether the contract is for the deployment of Paragon’s flagship product, Graphite—a spyware that reportedly extracts data primarily from cloud backups—or another of the company’s products or services. To remain in the US government’s “good graces,” Paragon in February 2023 hired another DC-based lobbying firm, Holland & Knight, “with a good track record in avoiding sanctions,” as some reports point out. When a senior US administration official was asked specifically about potential abuses of Paragon’s flagship product, they said that the executive order “requires the heads of agencies to review any activity that might be relevant,” without excluding the possibility of lawful use. Israeli media reported in June that a US private equity fund with a portfolio of security companies has been in talks to acquire control of Paragon, estimating its valuation at $1 billion. Paragon, which characterizes itself as a scrupulous kind of spyware maker, is likely responding to the US government’s global push for responsible surveillance.
This Cyber News was published on www.wired.com. Publication date: Tue, 01 Oct 2024 18:43:06 +0000