• New EPIC report says government-deployed spyware poses grave threats to privacy, civil liberties and national security.
• Authors call for stronger accountability measures and ultimately a full ban on spyware use by state entities.
• Release comes amid renewed federal contracts and industry efforts to ease sanctions on major spyware vendors.

EPIC warns spyware use is undermining privacy protections

The Electronic Privacy Information Center has released a new report sounding alarms about the expanding use of highly intrusive spyware technology by government agencies.

The report describes how remotely deployed spyware allows authorities to seize total control of a target’s phone — siphoning existing data, monitoring future activity, and activating microphones and cameras without the user’s knowledge.

“Our phones serve as the ideal surveillance target,” said Maria Villegas Bravo, EPIC counsel and co-author. “Government spyware use not only violates victims’ constitutional rights, but their livelihoods, safety, and sense of security.”

Report outlines legal gaps and calls for sweeping reforms

The report provides a detailed primer on government surveillance through spyware and surveys the legal tools currently available to ensure accountability. It concludes that existing safeguards — including those rooted in the Wiretap Act — are being circumvented as agencies quietly acquire and deploy invasive tools without transparency or meaningful oversight.

EPIC recommends several reforms, culminating in a full prohibition on the acquisition and use of spyware by state government entities. “The utter lack of transparency … is concerning, pointing to circumvention of essential privacy protections and warrant requirements,” said EPIC Executive Director Alan Butler.

Concerns rise as government contracts and industry activity accelerate

EPIC’s warning comes as Immigration and Customs Enforcement reactivates a 2024 contract with Paragon Solutions, and as NSO Group — maker of the Pegasus spyware system — intensifies its campaign to lift U.S. sanctions. Those sanctions were imposed after evidence showed NSO tools had been used by foreign governments to target officials, journalists, activists and others.

“The proliferation of spyware should be a five-alarm fire,” said Jeramie Scott, director of EPIC’s Surveillance Oversight Program. “This report details exactly why the U.S. government has no business acquiring and deploying spyware.”

The organization argues that spyware-enabled surveillance is not inevitable and that policymakers still have tools available to prevent further erosion of privacy rights.

Thomson Reuters powers system used by ICE

What would government agencies do with such information? Well, a recent report from 404 Media says that Immigration and Customs Enforcement (ICE) recently invited staff to demos of an app that lets officers instantly scan a license plate, adding it to a database of billions of records that shows where else that vehicle has been spotted around the country, according to internal agency material viewed by 404 Media.

That data can then be combined with other information such as driver license data, credit header data, marriage records, vehicle ownership, and voter registrations, the material shows, according to the 404 report.

The capability is powered by both Motorola Solutions and Thomson Reuters, the massive data broker and media conglomerate, which besides running the Reuters news service, also sells masses of personal data to private industry and government agencies. The material notes that the capabilities allow for predicting where a car may travel in the future, and also can collect face scans for facial recognition.