U.S. ICE Deploys Graphite Spyware for Immigration Enforcement Surveillance
What Happened – The U.S. Immigration and Customs Enforcement (ICE) agency publicly confirmed that it employs surveillance software developed by the Israeli firm Graphite. The tool, classified as “spyware,” is used to monitor individuals under immigration investigations.
Why It Matters for TPRM –
- Government agencies are sourcing high‑risk surveillance tools from foreign vendors, raising supply‑chain and data‑sovereignty concerns.
- Use of such software can expose partner organizations to legal and reputational risk if data is collected without proper safeguards.
- The disclosure highlights the need for continuous vetting of third‑party surveillance and intelligence products.
Who Is Affected – Federal law‑enforcement bodies, contractors that provide services to ICE, and any third‑party data processors linked to immigration case management.
Recommended Actions –
- Review contracts and data‑processing agreements with ICE‑related vendors for clauses on surveillance tool usage.
- Conduct a risk assessment of any third‑party solutions that could be integrated with Graphite’s spyware.
- Verify that appropriate privacy impact assessments (PIAs) and export‑control compliance are in place.
Technical Notes – The spyware is a proprietary product from Graphite, reportedly capable of remote device access, keystroke logging, and location tracking. No specific CVEs were disclosed. Source: Schneier on Security