Spy technology: Tempest improved (they want you to think this is new...)

Author Topic: Spy technology: Tempest improved (they want you to think this is new...)  (Read 13071 times)

0 Members and 1 Guest are viewing this topic.

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,941
The article claims this is a "Tempest-busting" technology.
In fact, it's an upgrade to the older TEMPEST technology.

The article takes an amused tone to all of this "spook" business.. but it's not funny.
This is a glimpse into technology that has been around for a long time.
That this student has improved on the technology currently 'acknowledged' to exist,
does not mean this is new to the people who make it their business to spy on us.

You can bet that the technology 'discovered' by the student is already implemented by the intelligence networks; and the latest technology won't be 'discovered' until it's time to retire it.


Spooks' secret TEMPEST-busting tech reinvented by US student
Young boffin blows gaff on mystery BAE submarine kit
By Lewis Page

A mysterious secret technology, apparently in use by the British intelligence services in an undisclosed role, has been reinvented by a graduate student in America. Full details of the working principles are now available.

Tristan Lawry, doctoral candidate in electrical and computer engineering, has developed equipment which can transmit data at high rates through thick, solid steel or other barriers. Significantly, Lawry's kit also transmits power. One obvious application here would be transmission through the steel pressure hull of a submarine: at the moment such hulls must have hundreds of penetrations for power and data cables, each one adding expense, weight and maintenance burden.

Regular Reg readers will recall that just such kit has previously been developed in the UK labs of arms globocorp BAE Systems: company boffins exhibited it at last year's Farnborough airshow, like Lawry suggesting that it would be of use in submarines. Intriguingly, the BAE inventors also revealed to the Reg that "other parties" within the British government – whom they couldn't name – had asked them to keep secret all details of how their equipment works.

This naturally enough led us to suspect that similar gear had in fact previously been developed in the secret labs of the UK government: the intelligence services are known to have large technical arms which occasionally invent things well before they are discovered elsewhere. The best-known example of this is public-key encryption, secretly developed by British communications spook-boffins years before being independently reinvented in US academia.

Just what the British spooks are doing with the through-metal power'n'comms gear is, of course, a secret. Nonetheless it's no secret at all that these days communications and computer systems can be remotely eavesdropped upon simply by picking up their own internal emissions: a properly-equipped van parked outside a building can snoop into electronics inside even if they make no use of wireless connections. This sort of thing is expensive and very difficult – not something that most organisations have to worry about – but serious spooks can and do carry out such operations.

This has led to the adoption of electromagnetic shielding and many other systems – for instance in accordance with the so-called TEMPEST standards – to protect systems which routinely handle highly sensitive data. Even if intruders manage to get in at some point and plant a receiver or bug inside such a room or building, it still won't be able to transmit what it picks up out through the shielding: and also its battery will run down after a while.

So how does it work?

If you had the through-metal technology now reinvented by Lawry, however, your intruder – inside mole or cleaner or pizza delivery, whatever – could stick an unobtrusive device to a suitable bit of structure inside the Faraday cage of shielding where it would be unlikely to be found. A surveillance team outside the cage could stick the other half of the kit to the same piece of metal (perhaps a structural I-beam, for instance, or the hull of a ship) and they would then have an electronic ear inside the opposition's unbreachable Faraday citadel, one which would need no battery changes and could potentially stay in operation for years.

Spooks might use such techniques even where there was no Faraday cage, simply to avoid the need for battery changes and detectable/jammable radio transmissions in ordinary audio or video bugs.

Naturally, if you knew how such equipment worked you might be able to detect or block it – hence the understandable plea from the British spooks to BAE to keep the details under wraps.

Unfortunately for the spooks, Lawry has now blown the gaff: his equipment works using ultrasound. His piezo-electric transducers send data at no less than 12 megabytes a second, plus 50 watts of power, through 2.5 inches of steel – and Lawry is confident that this could easily be improved upon. It seems certain that performance could be traded for range, to deal with the circumstances faced by surveillance operatives rather than submarine designers.

It also seems pretty much certain, now that they know what they're looking for, that counter-surveillance people will begin sticking transducers of their own onto the walls of their secure facilities and rooms. If they pick up ultrasonic vibrations – which will travel a long way if they're capable of carrying 50 watts of power – they'll know that they've been penetrated, and either hunt down the kit or just start transmitting jamming ultrasonics of their own.

Who knows, such countermeasures may already be routine in some circles, or the tech may well be in secret use for some completely different purpose. But the mere fact of the government suppression of BAE's technology tends to indicate that some sort of valuable trickery along these lines has been – or still is – going on.

The spooks will just have to hope that whoever-it-is doesn't watch this vid in which Lawry explains how his kit works ...


... or read this statement from the Rensselaer Polytechnic Institute, where he's working on his PhD. The through-barriers kit has put Lawry in the running to win a $30,000 student prize, which may be causing certain boffins in Blighty's secret labs to grind their teeth even more.


Student Innovation at Rensselaer Polytechnic Institute Transmits Data and Power Wirelessly Through Submarine Hulls

Steel walls are no match for Tristan Lawry. The doctoral student at Rensselaer Polytechnic Institute has developed and demonstrated an innovative new system that uses ultrasound to simultaneously transmit large quantities of data and power wirelessly through thick metal walls, like the hulls of ships and submarines...

... In our increasingly tetherless world, wires have been all but replaced by more convenient wireless connections in homes and offices – everything from phones and accessing the Internet to keyboards and printers. In the area of defense, a progression from wired to wireless systems presents an opportunity to improve the safety of naval vessels. Presently, to install critical safety sensors on the exterior of ships and submarines, the U.S. Navy is forced to drill holes in the hull through which cables for data and power transmission are run. Each hole increases the risk of potentially serious issues, including leaks and structural failure. Additionally, installing these sensors on commissioned vessels requires the use of a drydock or cofferdam, which can take months and cost millions of dollars.

Lawry’s invention solves this problem. Unlike conventional electromagnetic wireless systems, which are ineffective at transmitting power and data through vessel hulls because of the “Faraday cage” shielding effects they present, his patent-pending system uses ultrasound – high-frequency acoustic waves –to easily propagate signals through thick metals and other solids. Piezoelectric transducers are used to convert electrical signals into acoustic signals and vice versa, allowing his system to form wireless electrical bridges across these barriers. Lawry’s clever design features separate non-interfering ultrasonic channels for independent data and power transmission.

With this new system, Lawry has demonstrated the simultaneous, continuous delivery of 50 watts of power and 12.4 megabytes per second (Mbps) of data through a 2.5-inch-thick solid steel block in real time. These results far surpass all known previously published systems capable of simultaneous data and power transmission through metal. With only minor modifications, Lawry said he’s confident his design will have the capacity to support much higher power levels and data rates. His invention uses a powerful communication technology that allows the transmission system to adapt to non-ideal conditions and mechanical variations over time. This is critical for ensuring successful operation of the system in real-world conditions outside of a controlled laboratory environment.

Lawry’s complex combination of electronic and acoustic hardware, signal generation and detection technology, and power generation and collection equipment shares many characteristics with a state-of-the-art communications system such as a cellular phone. Using the three main building blocks of electrical engineering — power, communications, and computing — Lawry has developed a system that can communicate through a thick metal wall without the need for a battery or any supplemental power source. This means sensors on the outer hull of submarines can be made to work with systems on the other side of the wall for many years without the need for human intervention.

In addition to the hulls of ships and submarines, Lawry said his wireless data and power system could benefit many other applications where it is necessary or advantageous to continually power and monitor sensor networks in isolated environments. For example, his system could be used to power and communicate with sensors in nuclear reactors, chemical processing equipment, oil drilling equipment and pipelines, armored vehicles, un-manned underwater deep-sea exploration vehicles, or even space shuttles and satellites. (continued)


Read about TEMPEST:

From back in 2009... that's old news technologically. Imagine what they're using now!

TEMPEST (Transient Electromagnetic Pulse Emanation Standard)

Introduction to TEMPEST Attacks

If you are familiar with computer security, intelligence or electronic surveillance then there's no doubt you've heard about TEMPEST.

TEMPEST Attacks work on the principle that electronic devices such as monitors and fax machines emit electromagnetic radiation during normal use. With correct equipment such as antennas, receivers and display units an attacker could in theory intercept those emissions from a remote location (from across the street perhaps) and then replay the information that was captured. Imagine if this were possible how it could be misused to violate your privacy. Closing doors and blinds wouldn't do anything to stop a TEMPEST attack. If your monitor was displaying sensitive material then it would be exposed. However don't become paranoid for it's extremely difficult to execute an attack to "capture" what's being displayed, but in theory it's certainly possible.

TEMPEST Attacks are passive

Such an attack is passive in that it cannot be detected. A device emits compromising radiation which could be reconstructed from a remote location. This means that you cannot detect it as the device is not in any way connected/installed on your system. To simply put it your computer can't detect a guy down the street with equipment trying picking up radio emissions from your monitor.

How it works

All electronic devices big or small may emit low-level electromagnetic radiation. In fact your CPU chip is probably doing it right now. This happens whenever an electric current changes in voltage and thus generates electromagnetic pulses that radiate as invisible radio waves. These electromagnetic radio waves can carry a great distance in ideal situations.

Monitors that contain a CRT system contain an electron gun in the back of the picture tube which transmits a beam of electrons. When the electrons strike the screen they cause the pixels to light up (fluoresce). This beam scans across the screen from top to bottom very rapidly in a repetitive manner, line by line, flashing on and off, making the screen light and dark thus creating the viewed image. These changes in the high voltage system of the monitor generate the signal that TEMPEST monitoring equipment receive, process (reconstruct) and finally view.

Unshielded cables such as those from your computer to your monitor can act like an antenna which instantly increases the signal thus increasing the distance which a TEMPEST device may be located. A telephone line connection to your computer may also act as an antenna and that could also increase the distance to some lengths.

A simple example to highlight all this is done by using a simple vacuum cleaner and your TV. The motor in the vacuum generates an electromagnetic frequency which can sometimes be picked up by your TV (no doubt with the aid of an indoor antenna) and is displayed as fuzzy lines or snow which we end up calling interference. Of course emitted electromagnetic radiation doesn't contain any information and the interference we see is more annoying than useful.

Take the above example and replace the vacuum with a Video Display Unit (a privative version before VGA) and the TV with some surveillance antenna and a similar display unit. The electron gun in the display unit fires electrons to general the view on screen. Whilst this is happening there is radiation that leaks from the cable and the Video unit itself. It's certainly possible to attempt to pick up this electromagnetic "interference" and attempt to display on another screen hence a 3rd party could potentially see what's on your screen.

Success rate?

If TEMPEST attackers had a high success rate you wouldn't have to worry about a "middle of the night" break-in by some gang holding you at gun point. They never have to enter your home or office. Why? It's simply not necessary. All they have to do is point an antenna safely from a distance, then sit back and collect your personal data.

However it's painfully hard and extremely expensive to successfully complete such an attack. No longer do we use VDT's as VGA and its extended formats have completely taken over the world. VGA is extremely difficult to reconstruct from emitted "waste". We are really focusing on monitors here and and it must be remembered they were never designed to expose a perfect interference pattern and it's near impossible to reconstruct them.

Interestingly some electronic junkies have attempted to create a new breed of "software radio" which is designed to let computers tune into radio signals. Generally this can be done in any waveband and it promises to make this type of eavesdropping somewhat easier. A PC circuit board with a plug-in aerial does all the tuning under software control and the hardware has a digital signal chip which is important to cut down electronic noise. The most important thing to remember is that your monitor isn't releasing exact radiation to reproduce what's on your screen, so it would be extremely difficult for anyone to extract any worthwhile information.

You be perhaps be more fearful of devices that operate on the transmission of waves. CB radio are obvious and it's trivial to pick up a conversation from a cordless phone. Mobile phones are much more difficult but it's certainly possible to listen in to someone's call. Recreating anything from "waste" radiation is possible, but difficult and none the less very interesting.

PGP (encryption software) includes a secure text file viewer to view text files and email messages using a font that is said to be TEMPEST resistant (it's every so slightly blurred) meaning reading a sensitive email via a TEMPEST attack would be much harder than it already is!

You may be interested to know that when a file is deleted (and the recycle/trash bin is emptied) the actual data is still sitting on your disk. This applies to magnetic storage such as Floppy disks, and the common hard disk and even flash storage devices such as Memory Sticks, Compact Flash, Micro Drives and similar technologies.

When a file is "deleted" what actually happens? Your operating system removes the reference to that file on the file system. This reference had details such as where on the disk the file was. Whilst marked and available as free space the old data didn't move, it's just not seen on the file system but physically exists on the disk. The entire file remains on the disk until another data is created over the physical area, and even then it may be possible to recover data by studying the magnetic fields on the platter surface.

Three Myths...

   1. LCD displays on laptops or desktops eliminate the risks of TEMPEST attacks.

      The technology in LCD monitors may reduce the risk WHEN compared with your average CRT display. An LCD unit will not fully protect you. There have been rare accounts of "noisy" laptop screens being partially displayed on TVs.

   2. You can make a TEMPEST monitoring device for under $100 with parts from electronic stores. Perhaps it's true for Video Display Units (VDT), but NOT for VGA or SVGA monitors.

   3. It's it illegal to shield your PC from emanation monitoring?

      There could be export laws in different countries that prevent the export of such shields. But I seriously doubt that it's illegal to "make your own" shield to protect your computer.


Is It Possible to Eavesdrop on Electromagnetic Radiation?

Every electronic, electro-optical or electromechanical device gives off some type of electromagnetic signals, whether or not the device was designed to be a transmitter. This is why the use of cellular phones is not permitted on airplanes or in many areas in hospitals -- their unintentional signals can interfere with equipment sensitive to picking up electromagnetic radiation (EMR). Since World War II, scientists have known that the EMR that "leaks" from devices can be intercepted and, using the proper equipment, reconstructed on a different device.

The EMR that is emitted by electric devices contains the information that the device is displaying or storing or transmitting. With equipment designed to intercept and reconstruct the data, it is possible to steal information from unsuspecting users by capturing the EMR signals. For example, in theory someone sitting in a van outside a person's house can read the EMR that is emanating from the user's laptop computer inside the house and reconstruct the information from the user's monitor on a different device. Different devices have different levels of susceptibility to Tempest radiation. A handheld calculator gives off a signal as much as a few feet away, and a computer's electromagnetic field can give off emissions up to half a mile away. The distance at which emanations can be monitored depends on whether or not there are conductive media such as power lines, water pipes or even metal cabinets in the area that will carry the signals further away from the original source.

The U.S. government originally began studying this phenomenon in order to prevent breaches in military security. The government was using the technology to their advantage during WWII and realized that they needed to protect themselves against others using the same tactics against them. The name Tempest, or Tempest radiation originated with the U.S. military in the 1960s as the name of the classified study of what was at the time called "compromising emanations." Today the phenomenon is more commonly referred to as van Eck phreaking, named after Wim van Eck, the Dutch computer scientist who brought it to general attention in 1985 when he published his paper "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?," in which he demonstrated that the screen content of a video display unit could be reconstructed at a distance using low-cost home-built equipment - a TV set with its sync pulse generators replaced with manually controlled oscillators.

Van Eck phreaking is a major security concern in an age of increasing pervasive computing. High-security government agencies are protecting themselves by constructing safe rooms that through the use of metallic shielding block the EMR from emanating out of the room or by grounding the signals so that they cannot be intercepted. It is possible, though costly, for individual users to shield their home computer systems from EMR leakage. However, more and more manufacturers are creating products off-the-shelf that are safe from van Eck phreaking.

While the name Tempest was the code name for the military operations in the 1960s, at a later stage the word became an acronym for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions and an abbreviation of Transient Electromagnetic Pulse Emanation Standard.

The following links provide further information on EMR emanation and van Eck phreaking:

Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?

Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations
And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,941


(An appraisal of technologies of political control)

Part 3/4: Encryption and cryptosystems in electronic surveillance: a survey of the technology assessment issues.

Publisher: European Parliament
                 Directorate General for Research
                 Directorate A
                 The STOA Programme

Author: Dr. Franck Leprévost - Technische Universität Berlin

Editor: Mr Dick HOLDSWORTH, Head of STOA Unit

Date: April 1999

PE number: PE 168.184/Part 3/4

Encryption and cryptosystems in electronic surveillance: a survey of the technology assessment issues


The aims of this report are:

to remind Members of the European Parliament of the risks, in terms of electronic surveillance, inherent in the use of modern means of communication;

to provide Members with a reference document on encryption technologies and the current status of the standardisation procedures for these techniques;

to outline potential developments with regard to both secure communications and electronic surveillance methods;

to provide Members with a synopsis, in language that is precise and yet accessible to non-specialists, of recent technical documents on security of information which represent the latest developments in the practice and principles of international control bodies;

to propose to Members options which are in the best interests of European citizens, businesses and organisations.

The report is divided into six main sections.

The first is a brief description of modern means of communication and the risks their use entails; the second provides an overview of current cryptographic techniques: secret-key cryptography, public-key cryptography and quantum cryptography; these techniques are explained in detail in the three following sections. The third section gives a precise description of secret-key cryptography, outlines the state of the art as regards the data security of widely-used protocols and gives an update on the standardisation procedures for the future US federal standard, which is likely to become a world standard. The fourth section describes public-key cryptography in very clear terms, outlines the state of the art with regard to the standardisation procedures for public-key protocols worldwide and gives a technical interpretation of a Commission DG XIII document.

The practical implementation of quantum cryptanalysis and quantum cryptography may have a particularly significant international impact in political, diplomatic and financial terms: the fifth section outlines the latest developments in these two areas.

The Wassenaar Arrangement concerns export controls for conventional arms and sensitive technological products.

Thirty-three countries are party to the Agreement, including all the EU countries and the signatories to the UKUSA agreement. The sixth section consists of a technical interpretation of the amendments to the Wassenaar Arrangement of 3 December 1998, regarding data security. The final part of the report makes a number of proposals, with a view to protecting European citizens and the interests of European firms and organisations. It also provides a list of complementary research projects, with the aim of measuring more effectively the impact that certain international agreements are having in terms of electronic surveillance in Europe. The report includes a bibliography, listing the documents referred to.


1. Introduction

2. Means of communication used and risks involved

2.1 Standard telephones
2.2 Voice-scrambling telephones
2.3 Faxes
2.4 Cordless telephones
2.5 ISDN
2.6 Internet communications
2.7 The TEMPEST effect
2.8 PSNs


2. Means of communication used and risks involved

In this section we look at relatively hi-tech methods of communication; direct oral transmission and traditional mail are therefore not dealt with. For the sake of clarity and in keeping with standard practice in this field, we have designated Alice and Bob as two hypothetical individuals wishing to communicate.

2.1 Standard telephones. Standard telephone systems can be tapped without any technical difficulties: a microphone can be placed inside the telephone set; alternatively, the wires of the telephone exchange of the building where the target is located can be tapped, as can those of the telephone company’s central exchange. These techniques are largely undetectable by the target.

2.2 Voice-scrambling telephones. Secure telephones and fax machines are now available on the market. Their level of security may be very modest, depending on the legislation currently in force in their country of origin (see Section 7).

2.3 Fax machines. As things stand, fax machines should be considered as insecure as telephones. Fax-encrypting machines do exist, but their security level is contingent on legislation in their country of origin, as above.

2.4 Cordless telephones. Some older models transmit just above the AM broadcasting band and can thus be easily intercepted. Commercially-available scanners enable the more recent models to be tapped. Sometimes certain sound wave inversion techniques are recommended in order to combat tapping, but these solutions only provide a very low level of confidentiality. As regards cellular phones, the situation is more complex. Early models transmit in the same way as radios and so do not provide a high level of confidentiality, since conversations can be intercepted using inexpensive scanners (equally low-priced equipment can be purchased to increase the frequencies accessible to the scanners currently on the market). It is worth mentioning here the US Administration’s attempt to impose the Clipper standard on all portable phones developed in the United States. This would have allowed government agencies to retain keys enabling them to eavesdrop on conversations. Moreover, details of the encryption algorithm ‘Skipjack’, developed by the NSA, have not been made public.

The GSM system, the international standard for digital cellular phones, was developed by the GSM MoU Association (which became the GSM Association on 30 November 1998) in collaboration with the European Telecommunications Standard Institute ([13]), an international umbrella organisation bringing together public authorities, operator networks, manufacturers, service providers and users. GSM uses cryptographic techniques at various levels. As regards identification, GSM uses several algorithms, although in practice most operators use a protocol named COMP128. However, in April 1998 the Smartcard Developer Association ([28]), in collaboration with David Wagner and Ian Goldberg, researchers at UC Berkeley (USA), announced that it had developed a system whereby phones using the GSM standard could be cloned . But on 27 April 1998, Charles Brookson, chairman of the security group of the GSM MoU Association, stated that this would not be of any practical use to fraudsters.

With regard to confidentiality, GSM uses a protocol known as A5. There are two versions of this system: A5/1 and A5/2, which meet different needs. According to some experts, A5/2 is less secure than A5/1, which we will now discuss. The A5/1 protocol in theory uses 64 bits. But Wagner told us that in practice ([33]), in every phone he had seen, 10 bits had been systematically replaced with zeros, thus reducing the theoretical security of the system to 54 bits. The system is therefore even less secure than the 56 bits offered by DES, which can now be cracked all too easily (see 4.4). Work conducted before this discovery ([11]) had already reduced the real security of the system to 40 bits. It is therefore quite possible that by using similar methods, i.e. assuming that 10 bits are equal to zero, the actual security level of A5/1 – and hence the confidentiality of conversations - can be reduced even further.

On 24 February 1999, at the GSM World Congress in Cannes (France), Charles Brookson announced that GSM security had been reviewed and in particular that COMP128 had been revised.

2.5 ISDN. It is technically possible to tap an ISDN telephone with the help of software that remotely activates the monitoring function via the D channel, obviously without physically lifting the receiver. It is therefore easy to eavesdrop on certain conversations in a given room.

2.6 Internet communications. In a nutshell, the traditional mail equivalent of an e-mail on the Internet is a postcard without an envelope. Basically, such messages can be read. If they are in plaintext, they can be understood and any ‘secret reader’ can take measures which are detrimental to the two parties wishing to communicate. For example, if Alice sends a message to Bob and if Charles is a passive attacker, Charles knows what message has been sent but he cannot modify it. If, on the other hand, he is an active attacker, he can modify it. One way of circumventing this problem is by encrypting the messages (see Section 3). However, the solutions developed by Microsoft, Netscape and Lotus for encrypting e-mails are configured in such a way that the NSA can systematically read all e-mails thus exchanged outside the United States (although it is probably the only agency that is able to do so).

2.7 The TEMPEST effect. TEMPEST is the acronym for Temporary Emanation and Spurious Transmission, i.e. emissions from electronic components of electromagnetic radiation in the form of radio signals. These emissions can be picked up by AM/FM radio receivers within a range varying from a few dozen to a few hundred metres. Building on these data it is then possible to reconstruct the original information. Protective measures against such risks consist of placing the source of the emissions (central processors, monitors, but also cables) in a Faraday cage, or jamming the electromagnetic emissions. The NSA has published several documents on TEMPEST (see [25]).

All computers work by means of a micro-processor (chip). The PC chip market is dominated by Intel, which has a market share of over 80%. On 20 January 1999 Intel unveiled its new PSN-equipped Pentium III processor.

2.8 PSNs. Pentium III processors have a unique serial number called PSN (Processor Serial Number). Intel devised this technique in order to promote electronic commerce. The aim of the serial number is to enable anybody ordering goods via the Internet to be identified. Intel maintains that all users will be able to retain control over whether or not to allow their serial number to be read. However, software techniques enabling the number to be read have already been discovered (see [26]) . It is therefore possible to obtain the PSN secretly and to track the user without his or her knowledge.

The PSN is very different from the IP (Internet Protocol) address, even though a user’s IP address can be revealed to any webpage he or she chooses to visit. IP addresses are not as permanent as PSNs: many users have no fixed IP address that can be used to track their movements, as they may use masks via the proxy servers of Internet service providers. ISPs normally assign a different IP number per session and per user. Users can also change ISP, use a service which guarantees their anonymity, etc.

As it stands, the PSN can therefore be used for electronic surveillance purposes.

Moreover, it is still not known for sure whether PSNs can be cloned. If so, their use for identification purposes in electronic commerce would have to be ruled out.

And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40