- Background
Hermes' name[1] (Greek god – patron of roads, travellers, merchants of shepherds, thieves and trade) was changed by all cases on 4 March 2024 – after the publication of the Electoral Gazette entitled "‘Election’ reveals. Hermes, or Pegasus bis at the National Prosecutor's Office[2]” on the acquisition and usage of software by the National Prosecutor's Office of this name. It should be stressed, as a substance of fact, that Hermes was to be acquired in 2021, for the amount of PLN 15 million – at a time erstwhile the lawyer General/Minist of Justice was Zbigniew Ziobro, while the National Prosecutor was Bogdan Świecczkowski. This publication sparked both discussions and a wave of comments and assessments on whether the Polish prosecution (and de facto public opinion) will deal with a substance of the kind Pegasus[3]whether it can be a proverbial and alleged media “capitone”. Of course, as the experience of life shows – on the Polish publicist scene the sentences are divided.
At this point, it should be stressed that the first information received by the public was highly disturbing. According to them, Hermes was to be software more advanced than Pegasus and be nothing “Harvester, allowing you to execute elements of investigative IT (...) how to track your telephone on an ongoing basis[4]“. In opposition to the reports of Gazeta Wyborcza, the net portal trusted 3rd party.pl, in which Adam Haertle presented the position – according to which Hermes is to be actually an analytical instrument and to constitute:
“a tool to automate the collection processes from open sources of OSINT... If we give him the data of the object of our interest, he will look at the information available to the public on the web (searches, social networking sites, forums, specialist services) and download everything about the given name, surname and pseudonym. The data collected will be written for further analysis, due to the fact that it will not learn from them.[5].’
Adam Haertle further notes:
‘What interesting, there are many free tools with akin possibilities. Why the National Prosecutor's Office decided to spend millions on a commercial tool. It's a much more interesting subject of investigation for real journalists.[6]“
On Hermes, Mirosław Maj besides said that:
“Everything indicates that it is simply a tool of a completely different kind than Pegasus. It is referred to as the OSINT kind tool, or white intelligence, which consists in collecting data from public, open sources, for example available on the Internet.(...) It's not a tool that's utilized to break into someone's telephone and take over information or break security. Eventually, it uses open sources that do not request to be hacked into. The simplest OSINT tools could even be a Google search engine. (...) I do not know precisely the functionality of this tool, so I will say this: it would gotta do amazing things, which are highly advanced analysts, to make sense to pay so much for them. The net is full of tools of this type, which are available even for free. Everyone can install it at home and usage it (...). This PLN 15 million is simply a immense sum.[7]“
- What's the interest?
The publication of the Electoral Gazette has launched a further series of events and statements, and the full issue, which is no longer much doubtful, should be the subject of an evaluation and, moreover, of further sound discussion. At this point, it should be noted that the comment on the case was denied by the erstwhile National Prosecutor Bogdan Świecczkowski, who besides did not give any circumstantial and applicable answer to any of the questions asked by GW journalists[8].
Indeed, the first message that allowed to shed fresh light on the case (from a different position from the journalistic perspective) was issued by Deputy lawyer General – Prosecutor Michał Ostrowski (published on the profile conducted on the portal "X" by the Association
‘Ad Vocem’ indicating that ‘Hermes is simply a form of advanced web search engine. It is an OSINT criminal analysis tool and does not breach any safeguards."
In the end, answers to the key and colloquial question, "What are we standing on?", said the National Prosecutor's Office, which in its communication stated that on the 1 hand... process activities will be carried out to verify the appropriateness of buying and utilizing a professional tool to automate the collection of information from open sources of OSINT (Open origin Intelligence) ... This strategy enables the acquisition and processing of information
from a number of available sources (e.g. information from social networks, websites, data posted on net forums and disclosed in published databases). ...
The Regional Prosecutor's Office has been appointed to carry out an investigation to clarify all the circumstances relating to the decision-making process for the acquisition of this system, the acquisition procedure and the usage of software for the analysis of OSINT data.in Rzeszów[9].
- Conclusions
Regardless of which side of the dispute, there is no uncertainty that the decision to consider it essential to verify both the acquisition itself and the subsequent usage of Hermes does not rise doubts and appears not only rational but even necessary. This conclusion follows, on the 1 hand, from the fact that the acquisition of the device was spent on public money, which in itself justifies not only the state but besides the social/journal control of specified activities, as well as on the another hand, the device whose ability to interfere with citizens' privacy has not yet been full explained or presented. What even seems crucial in this respect is that even those who are nonsubjective can be described as cybersecurity specialists were incapable to clearly specify Hermes' full scope of capabilities. Speaking in the same tone, it is impossible to accuse journalists (in creto Wyborcza newspapers), that they published the information they obtained.
On the contrary, given the experience of Pegasus, the raising of this topic,
and thus Hermes' public presentation was necessary. It is not without reason that the relation between 1 software and the another (and this is not only the origin of their names) remains strong in the present case, since, in addition to the verification of the purchasing circumstances, it is not little crucial to ask how practically and so erstwhile Hermes was used.
In ending the subject of spending public funds, it should be stressed here that as an undisputed issue (seen de facto in all public statements) doubts as to the appropriateness of spending PLN 15 million on the device, which (at least according to any statements) was intended to be utilized only for the analysis of OSINT, in cases where equipment is available for this intent and which are definitely cheaper (or even free). Therefore, while the issue which is beyond uncertainty is that the applicable law enforcement authorities should have access and the anticipation of utilizing the best devices, the acquisition of licences to them is always subject to review for its rationality, usefulness and reasonableness.
The expenditure of the estimated amount of money is 1 of the essential threads. However, what cannot escape anyone's attention is besides the legal question, which lawyers (and even more so prosecutors, who have a work to uphold the regulation of law) should be most sensitive. While the analysis itself and the collection of information from open and publically available sources are legal and do not require any additional procedural conditions[10]The key condition for the admissibility of specified material is that it is obtained without prejudice to any privacy rules and regulations. erstwhile moving this issue to the procedural ground, it should be stated that the usage of the evidence obtained in the alleged white interview will be full legal and admissible (and thus will not exposure you to a charge of violation of the common law) if law enforcement authorities are able to show and, from a applicable point of view, repeat the "track" of obtaining specified evidence – without having to break any safeguards[11]. Thus, the White Intelligence activity can be compared to the analysis and collection of data by the Police (or another law enforcement authorities) in an open and publically accessible place, e.g. the city marketplace or street, and not a private property (no substance how hard access to it would be).
By moving these considerations to digital reality, it is essential to verify and find whether, in the course of its work, Hermes collects only the data and information that are available from each user of the network – then there will be no basis to believe that in any case it goes beyond OSINT – and de facto the only question which remains to be answered at that time "was it worth the price paid?".
If, on the another hand, its usage permits or involves the anticipation of collecting data that are subject to restrictive regulations to any degree relating to the protection of privacy, specified as information from private groups on social media, data usually not available (as a consequence of the exclusion of their disclosure by the user himself) or secrets legally protected (telecommunication data), then specified action will should be considered as interfering
in civilian rights and freedoms to the degree that it will not be admissible to apply, without maintaining appropriate conditions. It should be pointed out here that the issue of privacy cannot be a slogan in a democratic state. Apart from the fact that the right to the protection of private life is regulated in Article 47 of the Constitution of the Republic of Poland[12]This right is protected on the basis of European legislation. It is worth noting that the Court of Justice of the European Union has repeatedly said that actions of a associate State which affect civilian rights and freedoms cannot be arbitrary but should be carried out in accordance with the rule of proportionality[13].
Today, it seems that both the public and the prosecution itself have besides small data to yet answer the question whether Hermes poses (or not) a threat to the privacy of network users, which so must lead to the conclusion that it is essential for an independent body to measure its action.[14].
I personally support the prosecution's and law enforcement efforts to improve my techniques,
and thus the search for newer (and hence multiple) better solutions to combat
with a broad sense of crime. Undoubtedly, technology, whose pace of improvement at the beginning of the 21st century has gained unprecedented momentum, can supply phenomenal support in this area on the 1 hand, and on the another hand, it should always be borne in head that its usage may affect
with interference in civilian rights and freedoms, which at the time cannot be in a democratic legal state any and unspoilt activity – which protects not only the law of the Polish citizen, but besides European authorities.
Written by Prok. Bolesław Laszak
Member of the Lex Super Omnia Prosecutors' Association
[1] In the following part of the publication, the word Hermes – will mention exclusively to software, not to Greek mythology.
[2] https://electoral.pl/7,75398,30758731, electoral-union-hermes-mean-pegasus-bis-in-prosecution.html – accessed March 5, 2024
[3] See the Resolution of the Sejm of the Republic of Poland of 17 January 2024 on the appointment of an Investigative Commission to analyse the legality, regularity and usefulness of operational and investigative activities undertaken, inter alia, with the usage of Pegasus software by members of the Council of Ministers, peculiar services, Police, taxation and customs and taxation control authorities, authorities designated for the prosecution of crimes and prosecutions between 16 November 2015 and 20 November 2023, M. P. 2024, item 70
[4] Ibid.
[5]https://trustedthirdpage.pl/post/choice-blow-why-hermes-no-is-more advanced-pegasus/ – accessed March 5, 2024.
[6] Ibid.
[7]https://www.fakt.pl/policy/how-action-hermes-expert-from-cybersecurity-explaination/hdxmwqg – accessed March 5, 2024.
[8]html – accessed March 5, 2024.
[9]https://www.gov.pl/web/prosecution-national/assignment-in-the-a-programme-analytical-about-name-hermes – accessed 5 March 2024
[10] On the margins of consideration, it should be noted that even the Council of Europe Convention on Cybercrime of 23 November 2001 drawn up in Budapest (Polish text Dz. U. 2015 item 728) provides for geographically independent, cross-border access to publically available data.
[11] Should specified doubts arise on the part of the Court of First Instance or on the grounds of the defendant’s plea.
[12] Constitution of the Republic of Poland of April 2, 1997, OJ 1997 No 78, item 483.
[13] An example of specified a ruling – relating to de facto e.g. to regulate mandatory electronic communications service providers to implement in their networks the means of automated data analysis (by filtering all traffic and location data retained by electronic communications service providers at the request of and on the basis of the parameters specified by the competent national authorities) is Judgment of the EU Court of Justice of 6 October 2020 concerning Joined Cases C-511/18, C-512/18 and C-520/18, where the Court considers that specified action constitutes a peculiarly serious intervention and can comply with the request of proportionality only in situations where a associate State is faced with a serious threat to national security, which is real and timely or foreseeable, and provided that their retention is limited to what is strictly necessary.
[14] What is even more crucial – there is no right to refuse specified an examination to the authority of the prosecution.
![PiS will return to power in 2027. Almost half of Poles say so. [POLL]](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAYAAABytg0kAAAAFElEQVQYV2N8+vTpfwYGBgZGGAMAUNMHXwvOkQUAAAAASUVORK5CYII=)
![Chełm. W ubiegłym tygodniu odeszli od nas... [6-07-2025]](https://static2.supertydzien.pl/data/articles/xga-4x3-chelm-w-ubieglym-tygodniu-odeszli-od-nas-29-06-2025-1751756380.jpg)
