Francesco Nicodemo, a prominent political consultant deeply engaged with Italy’s center-left political sphere, has publicly disclosed that he was a target of the sophisticated Paragon spyware, adding another layer to an already complex and far-reaching surveillance controversy gripping the nation. For nearly a year, Nicodemo maintained silence regarding the alleged intrusion, citing a desire to avoid his situation being exploited for partisan political gain. However, he now asserts that the time for silence has concluded, demanding answers from authorities about why a private citizen involved in democratic processes would be subjected to such an advanced form of digital espionage.

Nicodemo’s revelation came via a social media post, where he articulated profound questions regarding the rationale behind his targeting. "Why me? How is it conceivable that such a complex and powerful tool was deployed against a private citizen, as if I were a drug trafficker or an existential threat to the state?" he wrote, emphasizing that the onus to explain this extraordinary circumstance now rests with others. This public statement follows earlier reports from the online news outlet Fanpage, which initially identified Nicodemo as one of several individuals who received a notification from WhatsApp in January, indicating potential state-sponsored hacking.

The Expanding Web of Surveillance

The inclusion of Nicodemo, a figure with deep ties to the Democratic Party (Partito Democratico) and its politicians, significantly widens the scope of Italy’s ongoing spyware scandal. This illicit surveillance campaign has previously ensnared a diverse array of individuals across Italian society, including investigative journalists, vocal immigration activists, and influential business executives. The consistent pattern emerging from these incidents directly contradicts the long-standing assertions by governments and developers of surveillance technologies, who typically claim their products are exclusively deployed against serious criminals, terrorists, or hostile state actors. These cases, however, suggest a troubling expansion of surveillance targets to include those engaged in legitimate civil and political activities.

The technology at the heart of this controversy, Paragon spyware, is developed by an Israeli firm, Paragon Technologies. Like its notorious peer Pegasus, developed by NSO Group, Paragon’s software is designed to infiltrate mobile devices, extracting vast amounts of data—from messages and call logs to location information—and even remotely activating microphones and cameras. These tools represent the apex of digital surveillance capabilities, offering governments an unprecedented window into the private lives of individuals.

A Global Phenomenon with Local Implications

The deployment of advanced spyware against journalists, activists, and political figures is not unique to Italy. Over the past decade, a global reckoning with the unchecked proliferation of these tools has taken shape. Reports by organizations like Citizen Lab and Amnesty International have documented widespread abuses of spyware, revealing its use against human rights defenders, opposition politicians, and critical media figures in numerous countries, from Mexico to Saudi Arabia, and India to Spain. This global context highlights a systemic challenge: the inherent "dual-use" nature of these technologies. While marketed as vital instruments for national security and law enforcement, their potent capabilities are ripe for misuse, transforming them into instruments of political repression and democratic erosion.

Italy’s specific entanglement with Paragon spyware began to surface with a series of alarming reports in late 2024 and early 2025. The initial wave of victims included journalists investigating sensitive political topics and activists working on immigration issues—areas often scrutinized by governmental bodies. The common thread among many of these targets was a notification from WhatsApp, a messaging service, alerting them to potential state-sponsored attacks on their devices. Such notifications are often the result of forensic analysis conducted by independent cybersecurity researchers or by the platforms themselves, who are increasingly proactive in identifying and disrupting these sophisticated attacks.

Calls for Transparency and Accountability

John Scott-Railton, a senior researcher at The Citizen Lab, a renowned interdisciplinary laboratory based at the University of Toronto that investigates digital threats against civil society, has been a leading voice in exposing the abuses of spyware, including those involving Paragon. He noted that while the Italian government has provided some clarity for certain spyware targets, many cases remain "troublingly unclear." Scott-Railton emphasized the urgent need for comprehensive transparency from Italian authorities. "None of this looks good for Paragon, or for Italy. That’s why clarity from the Italian government is so essential," he stated, further suggesting that Paragon itself holds a significant responsibility to shed light on these incidents. "I believe that if they wanted to, Paragon could give everybody a lot more clarity on what’s going on. Until they do, these cases are going to remain a weight around their neck." Scott-Railton also independently confirmed that Nicodemo was among those who received the WhatsApp notification.

The lack of immediate official explanation from the Italian government or Paragon Technologies’ representatives underscores the opacity that often surrounds such national security operations. Natale De Gregorio, who collaborates with Nicodemo at their public relations firm, Lievito Consulting, confirmed Nicodemo’s stance, indicating that he would not offer further comments beyond his public Facebook post and statements to Fanpage. This silence from official channels leaves a void that is often filled with speculation and distrust, further eroding public confidence in democratic institutions and the rule of law.

Official Inquiries and Conflicting Findings

The question of who precisely commissioned the surveillance of Nicodemo and others remains officially unanswered. However, an Italian parliamentary committee, known as COPASIR (Comitato Parlamentare per la Sicurezza della Repubblica), confirmed in June that Italian intelligence agencies were indeed responsible for targeting some of the victims within Italy. These intelligence agencies operate under the purview of the current right-wing administration led by Prime Minister Giorgia Meloni. The Prime Minister’s office, when contacted for comment on these developments, did not respond, maintaining a posture of official silence. Similarly, Jennifer Iras, Vice President of Marketing for REDLattice, a cybersecurity company that recently merged with Paragon following its acquisition by the U.S. private equity firm AE Industrial, also declined to comment.

A significant development in the scandal occurred in February when Paragon Technologies announced it had severed ties with its government clients in Italy, specifically the intelligence agencies AISE (Agenzia Informazioni e Sicurezza Esterna – External Intelligence and Security Agency) and AISI (Agenzia Informazioni e Sicurezza Interna – Internal Intelligence and Security Agency). This decision followed the initial wave of public revelations and intense scrutiny, suggesting that the company recognized the reputational and legal risks associated with continued engagement amidst mounting controversy.

However, COPASIR’s subsequent findings in June presented a nuanced and, in some respects, contradictory picture. The committee concluded that certain publicly identified victims, specifically immigration activists, were "lawfully hacked" by Italian intelligence services. This assertion implies that the surveillance, while intrusive, was conducted within the bounds of existing legal frameworks governing national security operations. Yet, COPASIR’s investigation also found no evidence that Francesco Cancellato, the director of Fanpage.it—a news website known for its investigative journalism, including probes into the youth wing of Meloni’s far-right ruling party—had been targeted by either the AISI or AISE. Notably, the committee did not extend its investigation to Cancellato’s colleague, Ciro Pellegrino, another reported victim.

The Broader Market for Surveillance Tools

The revelations in Italy also cast a spotlight on the global market for sophisticated surveillance tools and the complex relationships between their developers and government clients. Paragon Technologies, for instance, has publicly confirmed that the U.S. government is one of its customers, and it maintains an active contract with U.S. Immigration and Customs Enforcement (ICE). This highlights a critical aspect of the surveillance industry: these tools are not exclusively sold to repressive regimes but are also acquired and deployed by democratic governments, ostensibly for legitimate national security and law enforcement purposes.

This widespread adoption by democracies raises fundamental questions about oversight, accountability, and the protection of civil liberties. When such powerful tools are deployed against political consultants, journalists, or activists, even under the guise of national security, it creates a chilling effect on freedom of expression and political dissent. It underscores the urgent need for robust legal frameworks, independent oversight mechanisms, and transparent reporting requirements to prevent the abuse of these technologies and to safeguard the democratic fabric of societies. The case of Francesco Nicodemo serves as a stark reminder of the delicate balance between state security interests and individual privacy rights in the digital age, a balance that is increasingly threatened by the unchecked proliferation and deployment of advanced surveillance technologies.