By ByteBot
In September 2025, U.S. Immigration and Customs Enforcement spent $1.4 billion on surveillance technology—the highest in at least 18 years. The contracts include Paragon Solutions’ “Graphite” zero-click spyware that accesses your phone without any interaction, Zignal Labs’ AI system monitoring 8 billion social media posts daily, and Palantir’s ImmigrationOS AI tracking platform. But here’s what should alarm developers: ICE openly admits these tools will target “dissenters” and American citizens, not just undocumented immigrants. Zero-click exploits bypass all consent, violate Fourth Amendment protections, and embody everything wrong with surveillance tech. And developers are the ones building them.
Zero-Click Spyware: Complete Access Without Consent
Paragon Solutions’ Graphite spyware doesn’t need you to click a suspicious link or download a file. The attack is disturbingly simple: someone adds you to a WhatsApp group and sends a specially crafted PDF. Your device automatically processes it, exploiting a zero-day vulnerability to install the spyware. Within seconds, attackers have complete access to encrypted messages, photos, and real-time location data. The spyware can even escape Android’s sandbox to compromise other apps on your phone.
ICE reinstated a $2 million contract with Paragon in August 2025 after pausing it under White House review. Citizen Lab documented how WhatsApp discovered the active exploit and notified over 90 targets, including civil society members and journalists whose iPhones were hacked even while fully patched. Apple eventually shipped a fix in iOS 18.3.1, but devices were vulnerable during the exploit window—which is exactly how zero-click attacks work.
This isn’t theoretical. Congressional lawmakers warn that Graphite’s zero-click capability poses a “serious threat to civil liberties” because it provides warrantless access to private data. There’s no opt-out, no notification, no consent. Privacy advocates describe it as having “essentially complete access to your phone” in a way that “really goes against our Fourth Amendment protections.” For developers, this raises an urgent question: should anyone be building technology explicitly designed to bypass user consent?
Mission Creep: From Immigration to “Dissenters”
ICE sold these surveillance tools as necessary for locating undocumented immigrants. That’s not what’s happening. The Trump administration has openly signaled that these technologies will be used on American citizens who oppose ICE’s actions. The Brennan Center reports that “what’s new is that the federal government now openly says it will use its supercharged spy capabilities to target people who oppose ICE’s actions.”
Zignal Labs, which signed a $5.7 million contract with ICE, operates AI-driven software that analyzes 8 billion social media posts per day—the same platform used by the Israeli military and Pentagon. Facial recognition systems scan public spaces without warrants. Palantir’s ImmigrationOS aggregates data from multiple sources to flag individuals based on algorithmic pattern detection. None of this requires judicial oversight. NPR’s investigation found that ICE is mounting what privacy experts call a “mass surveillance campaign on American citizens,” not just immigration enforcement.
This is purpose creep at scale. When surveillance infrastructure is built for one stated goal and then redirected toward political dissent, we’ve crossed a constitutional line. Developers need to understand: the tools you build for “national security” will be weaponized against protesters, activists, and anyone the government deems a problem.
Developer Ethics: Where’s the Resistance?
In 2018, thousands of Google employees protested Project Maven, a Pentagon program using AI to analyze drone footage. They signed petitions, organized walkouts, and ultimately forced Google to drop the contract. The message was clear: developers have ethical red lines, and building AI for military targeting crosses them.
So where’s the resistance to ICE surveillance contracts? Engineers at Paragon Solutions are building zero-click exploits that violate privacy by design. ML engineers at Zignal Labs are training AI systems to surveil 8 billion social media posts daily. Data scientists at Palantir are creating algorithmic tracking systems that flag American citizens without transparency or appeal. Yet there’s been minimal public pushback.
Privacy by design principles exist for a reason. Developer ethics literature is explicit: if you become aware of potential harms your system could cause, you have a responsibility to mitigate them—or refuse to build it. Zero-click spyware can’t be built ethically. It’s designed to bypass consent, violate privacy, and enable warrantless surveillance. The question isn’t whether these tools can be built. It’s whether developers should refuse to build them.
The tech industry faces a choice. Will you draw the line at zero-click exploits? Or will you build whatever the contract says and claim you’re “just the engineer”?
$1.4 Billion with Zero Oversight
September 2025 saw ICE spend $1.4 billion on surveillance technology in a single month—the highest in at least 18 years. The contracts span facial recognition algorithms, iris-scanning apps, smartphone spyware, real-time location tracking, and AI social media monitoring. Privacy advocates describe the procurement environment as a “wild west” with no regulatory framework or meaningful oversight.
Democratic lawmakers have raised legal concerns and demanded answers about warrant requirements for Graphite deployment. ICE has largely ignored them. There’s no federal data privacy law governing how agencies acquire and deploy surveillance tech. There’s no requirement for warrants before using facial recognition in public spaces. There’s no transparency about which American citizens are being monitored or why. Palantir’s ImmigrationOS uses AI to flag individuals based on pattern detection, but the criteria and algorithms remain opaque.
We’re watching the construction of a mass surveillance apparatus with none of the constitutional safeguards that should apply. And the spending is accelerating, not slowing down.
Draw the Line
Developers built the surveillance state. Developers can refuse to maintain it.
If you work on zero-click exploits, facial recognition systems, or AI surveillance platforms, you’re not “just following orders”—you’re making ethical choices about the tools you create and who gets harmed by them. The Google Maven precedent proves that organized developer resistance works. The question is whether the tech industry has the integrity to apply that lesson to ICE surveillance contracts.
For everyone else: demand privacy legislation that requires warrants for digital surveillance, prohibits zero-click exploits for domestic use, and creates real oversight for agencies deploying AI tracking systems. The Fourth Amendment wasn’t written for a world where your phone can be compromised by receiving a PDF, but its protections matter more than ever.
ICE spent $1.4 billion building a surveillance machine that targets American citizens without warrants. The only question left is whether developers will keep building it—or finally refuse.
