Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threatens Americans’ freedom of movement and freedom of speech.”

Their letter follows publication of a notice that ICE had lifted a stop-work order on a $2 million deal with Israeli spyware company Paragon Solutions, a contract that the Biden administration had frozen one year ago pending a review of its compliance with a spyware executive order.

Paragon is the maker of Graphite, and advertises it as having more safeguards than competitors that have received more public and legal scrutiny, such as NSO Group’s Pegasus, a claim researchers have challenged. A report earlier this year found suspected deployments of Graphite in countries across the globe, with targets including journalists and activists. WhatsApp also notified users this year about a Paragon-linked campaign targeting them. The tool can infect phones without its target having to click on any malicious lure, then mine data from them.

“Given the Trump Administration’s disregard for constitutional rights and civil liberties in pursuit of rapid mass deportation, we are seriously concerned that ICE will abuse Graphite software to target immigrants, people of color, and individuals who express opposition to ICE’s repeated attacks on the rule of law,” the three congressional Democrats, two of whom serve as ranking members of House Oversight and Government Reform subcommittees, wrote Monday.

The trio behind the letter are Reps. Summer Lee of Pennsylvania, top Democrat on the Subcommittee on Federal Law Enforcement; Ohio Rep. Shontel Brown, ranking member of the Subcommittee on Cybersecurity, Information Technology and Government Innovation; and Rep. Yassamin Ansari of Arizona.

Their letter pointed to two Supreme Court rulings — Riley v. California from 2014 and Carpenter v. United States from 2018 — that addressed warrantless surveillance of cellular data. “Allowing ICE to utilize spyware raises serious questions about whether ICE will respect Fourth Amendment protections against warrantless search and seizure for people residing in the U.S.,” the lawmakers wrote.

The trio also asked for communications and documents about ICE’s use of spyware, as well as legal discussions about ICE using spyware and its compliance with the 2023 Biden executive order. They also sought a list of data surveillance targets.

ICE’s surveillance tactics have long drawn attention, but they’ve gained more attention in the Trump administration, which has sought to vastly expand the agency. ICE has conducted raids that have often swept in U.S. citizens. Other federal contracting records have pointed to ICE’s intentions to develop a 24/7 social media surveillance regime.

DHS and ICE did not immediately answer requests for comment about the Democrats’ letter. ICE has not provided answers about the contract in other media inquiries. 

404 Media is suing for information about the ICE contract.

The post House Dems seek info about ICE spyware contract, wary of potential abuses appeared first on CyberScoop.

The top lawmakers on a key House cybersecurity panel are hoping to remove a barrier to entry for cyber jobs in the federal government.

Introduced this week, the Cybersecurity Hiring Modernization Act from Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio, would prioritize skills-based hiring over educational requirements for cyber jobs at federal agencies. 

Mace and Brown — the chair and ranking member of the House Oversight Cybersecurity, Information Technology, and Government Innovation Subcommittee, respectively — said the legislation would ensure the federal government has access to a “broader pool of qualified applicants” as the country faces “urgent cybersecurity challenges.”

“As cyber threats against our government continue to grow, we need to make sure our federal agencies hire the most qualified candidates, not just those with traditional degrees,” Mace said in a press release Thursday. “This bill cuts red tape, opens doors to skilled Americans without a four-year diploma but with the expertise to get the job done, and strengthens our nation’s cybersecurity workforce.”

Brown said in a statement that expanding the cyber workforce is “imperative” to “meet our nation’s growing need for safe and secure systems.” The bill aims to “remove outdated hiring policies, expand workforce opportunities to a wider pool of talented applicants, and help agencies hire the staff that they need,” she added. 

The bill calls on the Office of Personnel Management to annually publish any education-related changes that are made to minimum qualification requirements for federal cyber roles. OPM would also be charged with aggregating data on educational backgrounds of new hires for those cyber positions.  

Agencies would still be permitted to include minimum education requirements for cyber jobs, but “only if a minimum education qualification is required by law to perform the duties of the position in the State or locality where the duties of the position are to be performed,” per the bill text. Education can be considered if that schooling “directly reflects the competencies necessary to satisfy that qualification and perform the duties of the position.”

Easing education requirements for federal cyber contracting jobs was a priority for Harry Coker, the Biden administration’s national cyber director, and other legislation in recent years has also attempted to address the issue. 

Mace has also tried in the past to scrap minimum education requirements on federal cybersecurity jobs, introducing the Modernizing the Acquisition of Cybersecurity Experts Act in 2023. The bill passed the House but stalled out in the Senate.

The post House lawmakers take aim at education requirements for federal cyber jobs appeared first on CyberScoop.