Paragon Solutions: Surveillance and the Constitution

The Fourth Amendment of the United States Constitution states that the people of the United States have the right against unreasonable search and seizures. However, the Constitution was written long before digital communication existed. As digital surveillance capabilities expand, courts continue to grapple with the question of how to uphold Fourth Amendment rights. 

Digital Surveillance, Section 8, and the Fourth Amendment

How does monitoring of online activity fall under the Fourth Amendment? Digital monitoring has existed for a long time, and companies that conduct these observations face scrutiny for unethical observation. Pegasus spyware, for example, allows full-device access. Both Section 8 of the Charter of Rights and Freedoms (Canada) and the Fourth Amendment (United States) specify that warrants are needed to complete searches (including digital ones), and demands probable cause and a specified location, meaning surveillance must be narrowly targeted. This raises constitutional concerns, as Pegasus allows the administrator to search the whole device, exceeding the scope of a targeted search.

Paragon Solutions Inc. claims to offer a surveillance tool, Graphite, that targets messages rather than full-device contents. However, limiting the scope of extraction does not automatically resolve the core questions of oversight, access control, and privacy risk.

Corporate Background 

Paragon Solutions Inc. is an Israeli-founded spyware company whose products are sold to government agencies for investigative efforts. Established in 2019 by former Israeli Prime Minister Ehud Barak and former Unit 8200 commander Ehud Schneorson, Paragon states that it sells its tools only to governments that “respect democratic norms and human rights” (Citizen Lab). 

In 2024, Paragon Israel transferred ownership to Parent Paragon Inc., a U.S.-based entity, for a reported $500–900 million. Public reports indicate ongoing discussions regarding a potential merger or partnership with U.S. cybersecurity firm REDLattice, which may expand Paragon’s integration within U.S. intelligence.

Concerns About Undisclosed Surveillance 

An investigation by the Citizen Lab at the University of Toronto discovered that Paragon’s monitoring infrastructure contains duplicated encryption certificates, meaning certificates stored on customer-side servers also appear on Paragon-linked servers. While Paragon customers have access to certificates corresponding to the devices monitored by Graphite, this duplication suggests that Paragon retains potential access to encrypted data.

Although there is no evidence that Paragon is exploiting this access, this capability alone raises privacy and constitutional concerns. Capability matters, as it determines what could be done without oversight, not only what is documented to have occurred.

Canadian and U.S. Government Involvement 

In Canada, the Royal Canadian Mounted Police reported using an “On Device Investigative Tool” in 2022 but did not disclose the vendor. The described functionality aligns with Paragon’s Graphite tool, though the vendor has not been independently confirmed. Additionally, the Ontario Provincial Police reported using similar software in 2019 to intercept private messages.

In the United States, Paragon has confirmed active contracts with federal agencies. Immigration and Customs Enforcement (ICE) reactivated a previously suspended contract with Paragon, despite internal concerns that Graphite could extract encrypted communications without individualized warrants or user awareness (Franceschi-Bicchierai, 2025).

This raises constitutional concerns, as the need for warrants typically required under the Fourth Amendment and Section 8 of the Charter could be bypassed.

Implications for Privacy and Oversight

Paragon Solutions exemplifies a broader structural issue: the expansion of state surveillance capacity through private vendors operating without transparency, oversight, or public accountability. 

When surveillance infrastructures are built without transparency, constitutional rights may be undermined before courts have the opportunity to respond. Communities that are targeted by policing and immigration enforcement face disproportionate harm.

To address these risks, legal frameworks should consider mandatory disclosure of government surveillance vendor contracts, independent audits of data access and retention systems, and transparency regarding cross-border surveillance arrangements. The digital era requires confronting the ways corporate and state surveillance partnerships reshape privacy and constitutional protection.

This article is written for educational and public-interest research purposes and does not allege illegal or unethical conduct by any named entity. Key research sources include reporting and technical analysis from the Citizen Lab (2023), TechCrunch (2024–2025), and public procurement records. This article is based on publicly available information.