Polskie społeczeństwo olewa zagrożenia gospodarcze, jakie niesie ze sobą szpiegowski system KSeF. Polacy nie chcą zauważyć, że polski rząd oddał naszą suwerenność cyfrową na tacy trzem obcym wywiadom. Moje liczne apele, artykuły i audyty z tym związane nie spotykają się ze zrozumieniem w Polsce. Żaden mainstreamowy dziennikarz śledczy czy ekspert cyberbezpieczeństwa nie chce tego zauważyć i podjąć tematu. Wszyscy trzęsą portkami przez rządem.
Przez ostanie 4 miesiące napisałem dziesiątki artykułów (dla ekspertów i dla laików), w których opisuję ten szpiegowski system centralnego gromadzenia faktur. Wszystkie moje tezy udowodniłem w audytach oraz odwołując się do oficjalnej dokumentacji. Temat w Polsce podjął tylko Włodzimierz Skalik i Krzysztof Bosak — żaden inny polityk, dziennikarz śledczy czy ekspert od cyberbezpieczeństwa tego tematu nie poruszył i nie zbadał.
Więc teraz kieruję mój przekaz do zagranicznych komentatorów, dziennikarzy i polityków. Może któryś z nich to podejmie i nagłośni u siebie. Proszę wszystkich zainteresowanych i oburzonych tym skandalem o przesyłanie tego tekstu dalej do zagranicznych ekspertów:
How Poland Gave Foreign Intelligence Services a Live View Into Its Economy
The Geopolitical and Architectural Disaster of Poland’s National e-Invoicing System, KSeF
I am writing to you because I have uncovered an architectural anomaly in Poland on a global scale — one with direct implications for data security, economic intelligence, and digital sovereignty in Central Europe.
The Polish government built a massive centralized invoice collection system, and then voluntarily placed security gateway systems owned by a French defense and intelligence-linked corporation at its front door. Here are four key facts that show the scale of the problem.
1⃣. Scale: These Are Not Tax Returns. This Is the Economy’s Bloodstream.
Poland is rolling out the National e-Invoicing System, known as KSeF, in a clearance model. Imagine if the U.S. Internal Revenue Service required every single B2B transaction in the entire country — from military equipment purchases by subcontractors, to drug deliveries, to consulting services — to pass through a central government server in real time before the invoice became legally valid.
The system collects data from the overwhelming majority of businesses operating in Poland. This is not a tax archive. It is a live radar system for the entire economy. Whoever has access to it knows everything about the country: supply chains, margins, weak points, dependencies, and business relationships.
2⃣. The Actor: French Economic Intelligence at the Gate
To protect this enormous system from external attacks, the Polish Ministry of Finance hired a foreign company to operate the WAF gateway — a Web Application Firewall. The company selected was Imperva, originally an American firm.
The problem is that in late 2023, Imperva was fully acquired by Thales — a French defense and technology giant deeply integrated with French intelligence structures. Among security analysts, it is no secret that France conducts highly aggressive economic intelligence operations, including against its own allies. The Polish state has handed them the keys to the front door of its own economy.
3⃣. Technology: A Legal Man-in-the-Middle and Fully Exposed Data
You may be thinking: “Surely this traffic must be encrypted.”
This is where we reach the technological absurdity that anyone can verify in the official API documentation published by the Polish government. The system is asymmetric in terms of security.
✅ Inbound traffic — upload
When a Polish company sends an invoice to the tax authority, the XML file is strictly encrypted at the application layer using AES-256. The Imperva gateway, now under Thales ownership, sees only an encrypted package. At this stage, the system appears secure.
❌JSON metadata — the information stream
In parallel with the encrypted invoice, the system generates and transmits technical responses in JSON format. These data include: the tax identification numbers of the seller and buyer, the full legal names of both entities, exact net amounts, VAT amounts, transaction currency, the unique KSeF invoice number, invoice type, and precise operational dates.
These data flow through the WAF gateway in plain, unencrypted form. For economic intelligence, this is ready-made analytical material. Without breaking any encryption, a foreign entity receives, in real time, a complete digital map of commercial relationships, pricing structures, and the financial condition of businesses operating in Poland.
❌Outbound traffic — download
Because the system validates invoices, every company must also download invoices from it — for example, in order to book purchase invoices in its accounting system. At this point, the Polish state serves the document back from its server as a fully exposed XML file, protected only by standard HTTPS.
Because Imperva operates as a WAF and reverse proxy, it terminates TLS by design. That means HTTPS traffic is decrypted at the gateway so the packets can be inspected. As a result, on the return path through the foreign provider’s servers, not only the JSON metadata but the full content of every invoice passes through in clear text after TLS termination. The guard at the gate sees the entire live data stream of Polish companies.
4⃣ . A Global Exception: Poland Is Alone in the World
Using services such as Cloudflare or AWS WAF to protect public websites is standard practice. But Poland is the only country in the world that has adopted this kind of architecture for a central clearance-based invoicing system.
Other countries that have introduced similar systems — for example, Italy with its SdI system, or countries in Latin America — keep TLS termination for such critical data strictly within state-controlled infrastructure, such as national agencies or national operators. No serious state voluntarily hands over TLS termination for a system this critical to a foreign commercial entity from the defense sector. Poland did.
‼️ Why Should This Matter to You?
This is a textbook case of security theater. Polish authorities claim the system is secure by pointing to encryption during invoice submission, while completely ignoring — or deliberately concealing — the fact that the data are exposed when invoices are retrieved.
Given U.S. intelligence law, including FISA and the CLOUD Act, as it applies to the American part of the operation involving Imperva, and given French economic interests through Thales, Poland has created a free signals-intelligence system against its own economy for foreign powers.
This does not only harm local Polish businesses. It is a direct strategic threat to every global company operating on the Polish market. Poland is a key economic and logistics hub in Central and Eastern Europe. The world’s largest American, Western European, and Asian corporations operate factories, research centers, subsidiaries, and major financial operations here — including companies in the technology, automotive, pharmaceutical, and defense sectors.
Deploying KSeF with this architecture means that foreign economic intelligence services have gained lawful, permanent visibility into the internal operational data of global business giants. Through Imperva WAF gateway logs, foreign services can analyze the margins of American investors, the cost structures of Asian factories, the supply chains of European conglomerates, and the cost of innovation being deployed on the Polish market.
In an age of information warfare and ruthless competition for technological advantage, the Polish government has created a precedent: it centralized unique business intelligence belonging to global capital, and then handed the keys to decrypting it to an external private intermediary controlled by foreign powers and their economic intelligence apparatus.
This is not a local tax-office problem. It is a systemic threat to the security of international business.
Grzegorz GPS Świderski
Twitter.com/gps65
t.me/KanalBlogeraGPS