Should spyware such as Graphite be implemented on smartphones to enable governments to spy on journalists, activists, and aid workers. This is spyware which no one can see, leaving traces no one can find. This is not Orwellian science fiction. This is happening today, in democracies like ours.
Alexandra Winterstein
27 April 2026
German version
Most of us are familiar with “software as a service” – but have you heard of “surveillance as a service”?
Common malware spyware such as phishing bots usually target their victims randomly. Mercenary spyware, on the other hand — the classier “surveillance as a service” — is highly sophisticated, stealthy and insidious. By using zero click exploits, mercenary software bypasses a smartphone’s security systems entirely. No user action is needed. It can target the private communication devices of citizens, journalists, activists or politicians. This sneaky use of spyware is all the more dangerous when used by governments against its own citizens — clandestinely, without accountability, slowly eroding democracy and civil rights, one phone at a time.
What sounds Orwellian is already a reality. NSO Group (Israel cyber-intelligence firm) and its flagship product Pegasus, Intellexa’s Predator, and Paragon Solutions’ Graphite, are three examples of companies manufacturing mercenary spyware. Paragon Solutions’ Graphite, (developed by Israel) is of particular interest politically and technically. In 2025, under the Trump administration, Graphite was licensed to U.S. Immigration and Customs Enforcement (ICE). In doing so, it effectively sidestepped Executive Order 14093, which had previously sought to prohibit the use of spyware.
Paragon Solutions was founded in 2019 in Israel by five Israeli intelligence officials including the former Prime Minister and Minister of Defense, Ehud Barak. The company has sought to distance itself from the darker reputation of its competitors, such as the NSO Group, which has been linked to several scandals. Most notorious was its alleged role in the surveillance of Saudi journalist Jamal Khashoggi in 2018, subsequently leading to his brutal murder.
Paragon, by contrast, marketed itself as the more ethical alternative. In 2024, the company was acquired by the US private equity firm AE Industrial Partners and subsequently merged into REDLattice, a Virginia-based cybersecurity firm. Today, Paragon’s entire public presence consists of a single webpage , where the company describes itself as “known for empowering ethical cyber defense.”
How does Graphite Work?
Graphite is an exceptionally sophisticated tool. It infiltrates a smart phone silently, reads encrypted messages as written in plain text, and leaves minimal traces for investigators to find, all without the target ever knowing. At the heart of Graphite’s power is the zero-click exploit. The breach happens secretly in the background, requiring nothing from the victim at all.
Once installed, Graphite operates beneath the protections that apps provide. It intercepts messages before they are encrypted outbound, and intercepts again after they are decrypted inbound, rendering those protections meaningless. From there, operators gain access to call logs, photos, contacts, GPS location, and app data. The microphone and camera can be silently activated at will. In short, Graphite does not merely monitor a phone. It transforms it into a surveillance device — one that its owners continue to trust and use. Graphite has a self-defense module which can detect if the device is being forensically analyzed and is capable of initiating a self-destruct mode to prevent discovery and proof of evidence. It functions i.a. as a live surveillance tool.
Graphite Exposed
The mandate of The Citizen Lab, a research unit at Toronto’s Munk School of Global Affairs & Public Policy, is to investigate “novel threats to democracy, human rights and global security in the digital ecosystem.” In 2025, working with spyware targets who had come forward, The Citizen Lab mapped a server infrastructure that revealed a pattern of Paragon deployments in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Among the findings was evidence of a growing spyware capability even within Canadian law enforcement, specifically among Ontario-based police services.
As of March 2025, almost 100 journalists and activists in 14 countries, have been documented as having been targeted by Graphite, but it is suspected that this is only the tip of the iceberg.
Why Mercenary Spyware is so Dangerous to Democracy and Civil Rights?
When spyware targets journalists and activists, free press is muffled. The fear of surveillance alone is enough to produce self-censorship. Stories are left unpursued, sources left uncontacted, misconduct left unexposed. When turned on aid workers and human rights defenders, entire movements are paralyzed, as trust in secure communications erodes. Millions of people place their faith in apps like Signal, WhatsApp, and Telegram precisely because they are end-to-end encrypted. Graphite renders that protection meaningless.
Graphite and other mercenary spyware are dangerous to democracy because they give governments — including elected ones — the power to secretly surveil the very people whose job it is to hold them accountable: journalists, lawyers, activists, opposition politicians, and civil society workers. A democratic society where people cannot communicate privately is a democracy in name only.
For example, for over a year, the European Parliament Committee failed to implement the recommendations of its own Parliamentary Committee of Inquiry into Pegasus and similar spyware. Despite ongoing scandals in Serbia, Spain, Greece, Poland, Hungary, and Italy, neither national, nor European authorities have taken meaningful action. Amnesty International resolutely states: Graphite cannot be independently audited, cannot be held accountable for upholding human rights, and therefore should be banned outright.
Spyware software such as Graphite enables multiple actors – wealthy individuals, corporations, and intelligence services of governments – to conduct surveillance concurrently, operating inside democracies. What makes this even more dangerous, is that there is not one omniscient authority, but many smaller, agile ones.
Perhaps the most chilling Big Brother aspect isn’t the spying itself, but its effect on human behavior. Research consistently shows that when a person suspects they are being surveilled, they change what they say, who they contact, and what causes they support. This is the subversive effect on free speech and free association that Orwell warned us about. One does not have to arrest every journalist; they just have to wonder whether their phone was hacked. Uncertainty is all that is needed; it feeds on itself. This silence would result if Graphite and other mercenary spyware were allowed to penetrate our democracies.
Paragon’s multi-million USD valuation tells its own story. A Graphite license can cost millions of dollars, thus the financial incentive to sell to more clients and more countries simultaneously.
