The Danger To All Americans

How the spyware economy…legal loopholes…and “order theater” place your freedom…yes…yours…in the crosshairs

The Jack Hopkins Now Newsletter #518: Tuesday, September 2nd, 2025

ICE has reactivated a $2 million contract with Paragon Solutions…

…an Israeli commercial-spyware vendor now owned by U.S. private-equity firm AE Industrial Partners (AEI). This follows a 2024 pause while the White House reviewed the deal under the administration’s spyware restrictions.

As of September 2, 2025…a stop-work order on the contract between the U.S. branch of Paragon Solutions and the cyber division of U.S. Homeland Security Investigations has been lifted…and the contract has been re-enabled.

This move has drawn criticism from human rights advocates..who argue for a more comprehensive approach to regulating commercial spyware.

The technology from Paragon allows ICE to hack mobile phones…and can even secretly capture and record messages sent when using encrypted apps like WhatsApp and Signal.

This isn’t about left or right.

It’s about you. Your phone. Your family. Your city. Your name in a database you never consented to join.

The line between security and control is thin. It snaps quietly. Not with troops on corners. Not with sirens. With contracts. With software. With three-letter acronyms and four-line memos no one reads.

If you think this is someone else’s problem…immigrants…activists, “bad guys”…you’re late. The tools don’t check party registration. They don’t care how you vote. They don’t even need a warrant if they can buy what they want from data brokers or get it from a “commercial partner.”

I’m going to show you the machine. The money. The loopholes. The “order theater” you’ll be sold on TV. And what to do before this creeps from their phone to yours.

Read fast. Freedom decays silently.

The costume that sells control

Power rarely shows up in a uniform first. It arrives in costume.

• “Pilot programs.”

• “Task forces.”

• “Public–private partnerships.”

• “Counter-threat analytics.”

These are polite hats for the same head: expanded surveillance with softened edges. The pitch writes itself:

“We’re losing control. Cities are chaos. Criminals are tech-savvy. We need better tools. The tools exist. Why are you against safety?”

You’ve heard the lines. They work because they’re half true. We do need competent policing and real national security. We also need guardrails.

Here’s what’s changed: the guardrails are being unbolted by software that looks like IT procurement…not emergency powers.

You won’t see “martial law.” You’ll see a license renewal. A training. A dashboard.

That dashboard will have you in it.

The four levers (and why they’re pointed at you)

1) Commercial spyware in official hands

In October 2024, reporters surfaced a $2 million contract between ICE and Paragon Solutions…an Israeli mercenary-spyware vendor whose “Graphite” product can compromise iPhones and read encrypted messages.

The contract covered hardware…licenses…and training. It was paused by the White House for a compliance review. Then…after ownership changes…it was re-activated. Paper trail and all.

In June 2025, Citizen Lab published forensic confirmation that Graphite had compromised a journalist’s device that year; the AP amplified the finding and Meta had already said around 90 WhatsApp users were targeted…primarily in Europe.

Paragon says it bans abuse and sells to democracies. The logs tell their own story.

“Hold on,” you might say. “Didn’t the U.S. ban this stuff?”

In March 2023, the White House issued Executive Order 14093: the U.S. government shall not make operational use of commercial spyware that poses significant counterintelligence or human-rights risks.

Tough words. But EO 14093 is a policy filter…not an automatic kill-switch. Agencies can argue a particular vendor now clears the bar after a review…a re-domiciling…or “enhanced compliance.” That’s the wiggle room.

Meanwhile…the administration did swing hard at some players: Intellexa/Cytrox and associates were sanctioned by Treasury and State.

Good. But here’s the practical signal the bureaucracy internalized: some spyware firms are untouchable; others…if not sanctioned…might be manageable with lawyers… audits…and PR. That’s not a bright line. That’s a mood.

Then private equity stepped in. In late 2024…U.S.-based AE Industrial Partners moved to acquire Paragon and merge it with Virginia-based REDLattice…an offensive-cyber shop it already owned.

U.S. ownership. New coat of paint. Same underlying category: device intrusion at scale.

If you think a change of mailing address changes the risk profile…you haven’t worked around incentives.

2) Agents, not troops…the workaround that looks lawful because it is

In security politics…there’s a shiny object: troops.

Presidents threatening deployments. Governors resisting. We’ve covered that fight before. But the real play…the one that requires no Insurrection Act…is federal agents and software. DOJ, DHS, USMS, ATF, FBI. Jackets…not fatigues. Warrants in some cases. Memoranda in others.

You don’t need to believe in conspiracies to see the pattern. 2020 previewed it. 2025 is perfecting it. Federal agents surge into “hot spots.”

The nightly stats roll. The cameras roll faster. Meanwhile…the technical stack beneath them expands: scraping…correlation…device exploits…cross-agency data sharing.

Most of this never hits TV because it looks like IT. Not “force.”

This is why the spyware story matters. It’s the skeleton inside the enforcement suit.

3) The analytics you won’t see until they flag you

Two more quiet names in the stack: Fivecast ONYX and Voyager Labs.

• CBP listed Fivecast ONYX in DHS’s AI use-case inventory: a platform to analyze public social media and other open-source data for “threats.” That same DHS page later said CBP would discontinue ONYX in 2025 for budget reasons. Note the phrasing: budget…not principle. The capability exists. It will reappear with another vendor…another line item.

• Voyager Labs…sued by Meta for scraping and enjoined from Facebook’s platforms…sold tools the NYPD bought for millions. When you can’t buy the exploit…you buy the context: who you follow…where you congregate…what your photos reveal. You don’t need to break a phone to map a movement.

Put this together with commercial spyware and you get the two-headed dragon: intrusion + inference. Break in when you can. Guess when you can’t. Build dossiers both ways.

4) The data broker economy…legal cheating

If an agency can buy the data you thought was private…does it need a warrant?

Welcome to the data broker economy…where your location…purchases…and app exhaust are packaged and resold. Lawmakers are finally waking up…but the market is years ahead.

Agencies don’t have to break rules if they can route around them with a procurement card.

The pattern is the point: superior tools…soft justifications…and behaviors that set new baselines without a single statute changing. That’s how norms die. Not with an explosion. With a spreadsheet.

“But I have nothing to hide” (the most expensive sentence you’ll ever say)

You are not the audience for your own data.

Data is collected for purposes you didn’t write…interpreted by people you’ll never meet…acted on by institutions that never have to explain themselves to you unless you’re rich enough to make it hurt.

“Nothing to hide” assumes permanent benevolence and permanent accuracy. You won’t get either.

• False positives are inevitable. A shared IP. A reused phone number. A location hop that makes no sense because you were on a plane.

• Future reinterpretation is guaranteed. What was legal today may be incriminating tomorrow when a state legislature flips a switch and retrofits sins to citizens.

• Political drift is certain. Your data crosses administrations like a deed. It acquires meaning with each new boss.

The people repeating “nothing to hide” haven’t been mis-tagged by a system with no appeal. Yet.

How we got here (and why it escalates)

Fear is a budget:

Crime waves…migration, protests…everything can be sold as an emergency. Emergencies buy software. Software is sticky. Once funded…it finds reasons to justify itself.

Private equity smells alpha:

Intrusion tech and surveillance analytics are high-margin…recurring-revenue businesses…exactly what money likes. When AE Industrial Partners could re-flag Paragon and meld it with REDLattice…it didn’t “clean” the tech. It scaled it.

Policy is selective:

The White House hammered Intellexa/Cytrox and kept NSO on the naughty list. Good. But ICE’s Paragon contract going from award → pause → reactivation underlines the new normal: case-by-case exceptions and “compliance” gymnastics.

Courts are slow.

By the time a judge rules…the tool has iterated twice. The contract has a cousin. The evidence is already in a database…cited with authority and sphinx-like indifference.

The narrative sells itself.

“We restored order.” Three words and a B-roll of seized weapons. No one asks how the sausage got made. They only ask for more sausage.

The next 18 months (and what they’ll try)

1) Rename and routinize

Every controversy gets a rename. The tool becomes “forensics.” The scrape becomes “open-source triage.” The exploit becomes “device-admin forensics support.” Same mouth…new lipstick.

2) Normalize through “wins”

Expect pressers pairing the tool with headline arrests. It’s how you launder a capability into acceptance: link it to the worst cases and let osmosis do the rest.

3) Spread through interagency agreements

Can’t get it approved over here? Borrow it from over there. Watch for interagency MOUs…joint task forces…and “pilot assistance” between components. The building blocks are already in place…DHS components have bought or tested tools like Fivecast; local police have bought Voyager. The network effect is the product.

4) Sand down the policy edges

EO 14093 sounds firm. The implementation will be case-law by memo…exceptions justified…reviews completed…vendors recertified after “ownership changes.” AEI + Paragon + REDLattice is your model case.

5) Silence the critics by category

“Only bad actors fear this.” “Civil libertarians don’t care about victims.” “We’re in a war with cartels.” When you hear this rhetoric…understand: it’s not addressed to you. It’s addressed to the timid center that will accept permanent surveillance in exchange for “temporary calm.”

The danger to all Americans (not just the usual targets)

Journalists:

Devices targeted…sources exposed. We already have forensic confirmation of Graphite hitting a journalist’s iPhone in 2025. If officials can do it to reporters overseas…they can do it to reporters here…legally….if they can buy the data or frame it as “foreign nexus.”

Clergy & counselors:

Privilege collapses when metadata maps your congregation…your clients…your sessions. They don’t need your notes if they have your patterns.

Women & healthcare workers:

In states criminalizing aspects of reproductive care…location and purchase data becomes a dragnet. Today’s “just analytics” is tomorrow’s “probable cause.”

Local officials:

City councilors…prosecutors…school board members…anyone who can be pressured with “investigations” assembled from exhaust.

You:

Because the circle always widens. Every new category of “risk” expands the net. The tool has to earn its keep.

The most chilling part? None of this requires visible lawbreaking. It can be “within policy,” “under review,” “in compliance.”

That’s the point.

What the advocates got right (and what they missed)

Civil-liberties groups warned for years about NSO’s Pegasus…Intellexa’s Predator… and cousins. They were right. The U.S. sanctioned Intellexa/Cytrox and kept NSO on the Entity List. Good.

But the enforcement patchwork missed two realities:

1. The market adapts. Paragon rolls in…gets U.S. money…then U.S. ownership. New year..new logo. The capability persists. The customer list grows.

2. Domestic demand is bipartisan. Both parties like “order.” Both sell “security.” The fight is not left vs. right. It’s guardrails vs. momentum. Momentum usually wins unless the public resists with precision.

“Order theater”: your nightly seduction

You’ll see uniforms on screen. You won’t see the stack: data brokers → OSINT scrapers → social graph inferencers → device exploits.

You’ll be told the arrests couldn’t happen without “new tools.” You won’t be shown the false positives,,,the overshoot…the mission creep.

It’s theater. Professionally staged. The audience leaves reassured. The tool budget renews. The machine hums.

Theater is a tactic. Discipline is the antidote.

The discipline: how to fight this like a professional… not a tourist

For citizens (yes, you can move needles)

1) Practice data hygiene.

• Audit your phone: remove apps you don’t use; kill unneeded location permissions.

• Use hardware keys and passkeys; enable automatic OS updates.

• Ditch “free” VPNs; use reputable providers sparingly.

• Separate personas: advocacy…work…personal…different emails…different browsers…different phones if you’re high-risk.
  You won’t be invisible. You will be harder.

2) Stop donating your life to brokers.

Opt-out flows are tedious by design. Do them. Use email aliases. Put a price on your data by refusing to give it away. Your future self will thank you.

3) Don’t be a passive consumer of “order theater.”
When you see a press conference, ask three questions:

• Which agency?

• Which authorities/tools?

• Which mission (written, not spoken)?
  If none are clear…you’re being sold a show.

4) Demand receipts from your city.

City councils approve contracts. Most never read them. Make them. FOIA the memoranda. Show up at procurement hearings. Ask about use policies…audits… retention…appeal. The room will be empty. Your voice will be loud by default.

5) Support real oversight, not performative hearings.

Look for bills with teeth: warrant requirements for brokered data; vendor disclosure; mandatory public use policies; independent audits; civil remedies. Cosmetic “transparency portals” are breadcrumbs.

For state & local officials (steal this checklist)

1) Write the policy before you buy the tool.

No policy = no purchase. Policy should specify purpose…data sources…access limits… retention,,,appeal…discipline.

2) Ban “back-door warrants.”

No buying location or sensitive data from brokers your agency couldn’t get via warrant. Put it in law…not in a memo.

3) Require vendor attestations with penalties.

No secret “capabilities surveys.” Vendors must disclose exploit chains…foreign sales… and past abuse findings (e.g., Citizen Lab reports). Lie once…lose contract + damages.

4) Mandate independent audits.

Not vendor self-assessments. Independent security and civil-liberties audit…annually… public.

5) Default to state-only guardrails.

If you’re a governor…keep your Guard under Title 32 (your command)…not federalized. It’s the difference between state discipline and federal theater. (Agents will still operate; keep your house in order.)

6) Put a clock on retention.

Data that sticks forever becomes policy by sediment. If you’re serious about rights… delete by default.

For Congress (you can fix this faster than the courts)

Codify the EO:

Make the core of EO 14093 binding federal law, with an enforceable definition of “commercial spyware” that survives re-domiciling and ownership musical chairs.

Outlaw warrant-dodging:

Prohibit agencies from buying from brokers data that would otherwise require a warrant.

Vendor registry:

Require a public registry of vendors selling device-intrusion or large-scale analytics to federal agencies…including contract values and use cases (redact specifics as needed).

Create a private right of action:

If you’re wrongfully surveilled or your device is wrongfully compromised…you can sue the vendor and the agency. Money gets attention.

“But we need these tools” …the only honest answer

Yes. In some cases…we do.

Here’s the difference between discipline and decay:

• Discipline: narrow missions…layered oversight…strict retention…real audits…real remedies.

• Decay: broad missions…vibe-based emergency language…“proprietary” black boxes…permanent retention…zero recourse.

You can have tools that catch real predators and real criminals without turning a nation into an open-air panopticon. Democracies pull this off by choosing friction…paperwork…judicial checks…documentation…deletion…over convenient drift.

If you’re allergic to friction…you’re allergic to freedom. Freedom is work.

The objection file (read this when the slogans start)

“If you’ve done nothing wrong, you have nothing to fear.”
False. You have plenty to fear from bad data…bad inferences…and future reinterpretations of your lawful behavior.

“We only target the worst of the worst.”
Then put it in writing. With metrics. With audits. With deletion schedules. If the scope is narrow…prove it.

“These are democracies; they don’t abuse tech.”
Ask Greece and Poland about Predator and Pegasus scandals. The slope is shorter than you think. The U.S. is not immune. (That’s why Intellexa/Cytrox were sanctioned.)

“Ownership changed; it’s American now.”
Compliance theater. The exploit doesn’t care who owns the stock. It only cares who points it…and who pays.

“Social media is public…no expectation of privacy.”
Right. But mass inference from scraped data is a different animal than “public.” The law is catching up. Move policy faster.

What happens if we do nothing (and what happens if we act)

Do nothing:

• The procurement cycle becomes policy.

• Device exploits normalize as “forensics.”

• Inference engines become “triage.”

• Data-broker purchases replace warrants.

• False positives pile up…quietly.

• The tools drift…from worst cases to convenient cases to everyone.

Act with discipline:

• The best tools survive with guardrails.

• The worst die in sunlight.

• Agencies fight crime without owning the population.

• Vendors adapt to a market that demands proof…not puffery.

• Courts get cases that matter because you’ve created paper trails and remedies.

Pick your future. Not with a tweet. With policy. With pressure. With personal hygiene.

The close (and the standard I’m asking you to hold)

I’m not against security. I’m against lazy power.

Lazy power loves software because it looks boring on a spreadsheet and heroic on a stage. It prefers order theater to hard work. It wants you quiet. It wants your data forever. It wants your consent by inattention.

Don’t give it.

Be the adult in the room:

• Demand narrow missions or no missions.

• Demand deletion by default.

• Demand audits with teeth.

• Demand that agencies stop buying what they can’t get by warrant.

• Demand the paper trail that gives you remedies when…not if…someone gets it wrong.

You won’t get perfection. You will get leverage. That’s enough. Leverage moves budgets. Budgets move policy. Policy moves behavior.

And if you take nothing else from this: technology is never “neutral” in the hands of the state. It either has guardrails or it has momentum. Momentum always points at you eventually.

Pick guardrails.

Do it now. Before the next contract makes you a “data point” with no appeal.

Back soon. Chin up…deep breath in. Shoulders back.

-Jack

P.S. Free is great. Paid keeps the lights blazing….plus member briefs…and priority Q&A. →

Notes & sources (selected)

• ICE–Paragon contract (award details; “fully configured proprietary solution including license, hardware, maintenance, training”); pause under White House review; reactivation reported: USAspending; WIRED reporting.

• EO 14093 (prohibiting operational use of commercial spyware that poses significant counterintelligence or human-rights risks): Federal Register; White House text; contemporary coverage.

• Citizen Lab forensic confirmation (Paragon Graphite compromise of a journalist’s iPhone, 2025); APamplification; Meta notifications.

• AE Industrial Partners acquisition of Paragon; planned merger with REDLattice: Reuters.

• Intellexa/Cytrox sanctions (Treasury/State); broader context on Predator’s resilience: OFAC releases; AP; ICIJ.

• DHS AI inventory showing CBP’s use of Fivecast ONYX and note of discontinuation in 2025 (budget): DHS.

• Voyager Labs litigation & prior NYPD use: Guardian; company statement on Meta case.