Andy Boyd, the CEO of Red Lattice (the company that now owns spyware maker Paragon), went on the Risky Business podcast this week.
The host Patrick Gray asked Boyd about the contract that the company signed with ICE.
Here is the whole exchange. (starts at ~18:00)
https://www.youtube.com/watch?v=AOQETNsmTEU&t=1191s—PATRICK:
Now we're actually on to something that is somewhat relevant to your day job, Andy, because we've got a story here from 404 Media where they are suing the US government, or they're suing ICE to get its spyware contract with Paragon.
I guess this is interesting for a couple reasons, right?
I understand that ICE is extremely unpopular in the United States, and in my opinion, quite reasonably so, given some of the stuff that they've been doing on the streets of the United States. They've earned some scrutiny, in my opinion.
*
*But I think also we've got to remember that Homeland Security Investigations is a division of ICE. So the idea that Homeland Security Investigations might want this sort of software is entirely reasonable.
*
*
So just reading from HSI's website, "It is the principal investigative component of DHS and is responsible for investigating, disrupting and dismantling transnational criminal organizations and terrorist networks that threaten or seek to exploit the customs and immigration laws of the United States."
*
*So if I had to bet, it would be dollars to donuts that that is the sort of use that, you know, HSI is using it for that sort of thing, not just deploying spyware onto the devices of people who are suspected of entering the United States without prior approval.
*
*Now, we have you here. So I figured I wanted to ask you about this report to see if you've got anything to say because we have had your company come out and make statements along the lines of, well, we don't actually have a relationship with ICE because that means, well, maybe a contract expired and then we've had now suspicions from other quarters of the media "Oh, well, perhaps they're accessing this technology through a third party."
We've got you here. Do you have anything you can share with us on this?
*
*
—BOYD
Yes, I guess I'm going to violate my rule of "I'm just a friend of Patrick." So for this one question.
Yes, as the CEO of Red Lattice, I'm not going to comment on specific customers, whether or not we have said specific customers.
But what I will say is that Red Lattice has a very specific policy on evaluating our customers before we sign any contract with them. This is something that is in the public domain.
*
*You Google the HSI writeup, our policies and how we go about evaluating potential customers. We only sell to liberal democracies, we only sell to countries that adhere to their rule of law. We sell to legitimate intelligence, military, and law enforcement authorities for conducting legitimate missions that fall under the laws of whatever country that may be in and that applies to the United States government as well.
*
*
—PATRICK
Yeah and I mean we should say too that this is a two million dollar contract which in the context of this industry is tiny. I mean can you say — would you acknowledge that?
*
*
—BOYD
I would acknowledge that any one of us, you, me, or James would be happy to have two million dollars at any time of day, but for a large company that may or may not be working with a government as big as the US government, that would be a fairly small contract, yes.
*
*
—PATRICK
Yeah, yeah. And I mean, I think we would point out too that there was some controversy around Paragon, the use of Paragon technology in Italy. I think where that ended up is you gave them the old heave-ho, didn't you?
*
*
—BOYD
Yeah, I'm not going to, again, that speaks to a very specific customer that is in the public domain. I think, Patrick, your inferences may be correct, but I'm not going to comment anymore on that one.
