There’s an office in London that contains something critical to the security of the global internet — a bunch of swinging pendulums.
They’re not even connected to anything, but their perpetual swinging action is what keeps the internet safe(r) from hackers and protects your online transactions from fraudsters.
What they are doing to make things safe is swinging randomly — and in the computer world, being random is surprisingly difficult. After all, computers are supposed to be reliable and predictable, which is the last thing you want if you’re trying to create randomness.
And randomness is a critical component of making the internet secure from hackers.
To understand, it helps to step back a bit and understand how computers keep things secure, and it’s down to creating random numbers.
When two computers talk to each other they exchange security keys to encrypt their messages in a method known as Public-key cryptography, which underpins most modern security systems. The software that creates those security numbers needs to ensure they are randomly generated so that no one can guess the next security number they create.
Many computer programs can create what looks like a random series of numbers, but there’s always a nagging doubt that someone will find an undetected pattern in the apparently random numbers, and that’s a weakness they could exploit. What is needed is genuinely random numbers, and as it happens, the best way of getting them is to leave the computer world for the real world and tap into nature’s inherent randomness.
One of the most famous examples can be found in Cloudflare’s San Francisco offices. A camera watches a wall of Lava Lamps, and a digital camera captures the lamps’ random patterns and turns that picture into a number — a very random, very unpredictable number.
That random but so far insecure number is fed into a CSPRNG program, which spits out a new secure random number, which is, in turn, passed onto the live computer network to create the security keys needed for modern communications.
(it’s vastly more complex than that)
Having one wall of Lava Lamps is good, but wise people will want backups, so more is better. Having them in different locations is even better, and designing totally different systems in each location is the very best.
So, in London, there’s a room full of randomly swinging pendulums.
As they swing, a camera records the patterns they make — not just the swinging arms but also the shadows behind them. The alcove is lit by daylight, so the shadows cast by the swinging double-pendulums will change depending on how sunny it is or, more usually in London, how gloomy it is.
Yes, the British weather is playing its part in securing the internet.
They didn’t use Lava Lamps in London (which is a pity as they were invented in the UK) but used a different design. This is partly because they are almost modern artworks, so some variety is nice, but also because in the vanishingly tiny chance that someone manages to predict how lava lamp bubbles form in the San Francisco office, their London, Singapore and Texas (and soon Lisbon) offices all have different ways of generating random numbers.
The random numbers created at the Cloudflare offices are sent to their data centres, where they are combined with some other randomness generated locally — such as the heat of the power supply or how fast someone is typing — to add more randomness and make it even harder to crack the code.
All this effort goes into securing everything from your lolcats to your online banking.
But it helps that it also looks very pretty.
As Cloudflare’s CTO, John Graham-Cumming explained, he had considered using the flow of the Thames as a source of randomness in London, but that proved impractical, so he turned to pendulums, and the ones he chose are nicknamed chaotic pendulums because the way they swing is so unpredictable. John added that pendulums also felt appropriate for the London office with the Harrison Timekeepers nearby in Greenwich Observatory, and Cloudflare’s London office isn’t that far from the greatest pendulum of them all – at Big Ben.
The initial design was a single pendulum, but after the pandemic, they decided to expand the collection to fill a large wall with swinging pendulums. The pendulums aren’t uniquely designed for this purpose — you can buy The Swinging Sticks yourself — although, in this case, they’ve been specially coloured to match Cloudflare’s colour scheme. The only maintenance is to swap out the batteries occasionally or give them a bit of a clean.
The original pendulum has now been donated to the Science Museum as an example of developments in computer encryption.
What’s been created in London is quite an attraction, and staff from other Cloudflare offices who visit the UK often pose in front of the swinging sticks for photos. Amazingly, taking selfies increases the security of the system because people randomly deciding to stand in front of a load of randomly swinging pendulums improves the randomness of the patterns created.
Selfies are good!
Other visitors often ask receptionists to explain the “modern art” on the wall or ask if those are the things from the Iron Man 2 movie—which indeed they are.
Normally, security systems are exceptionally wary of photos being taken of their systems, and I have often been told not to take photos of this or that when visiting a secure place. So it felt a bit odd to stand in front of something so important to the security of the internet and be invited to take photos of it. It felt wrong, but wasn’t. In fact, they’re happy to talk about their swinging pendulums because they’re as close to an unhackable way of creating the random numbers that secure the internet as can be devised, and it’s quite a tangible way of showing people what goes into providing the modern world we live in.
And it all happens right in the centre of London as well.
Disclaimer: This website uses Cloudflare services, but that did not affect arranging the interview.
Fascinating!
Thank you.
Can anyone visit?
Saw Michael Portillo at the Mathmos factory in Poole – home of the laban lamp – on Wednesday evening’s “Great British Railway Journeys”. Fascinating!
“lava” lamp obvs. Perishing autocorrect!!!
Beautiful, simple, unpredictable, and secure? A near perfect solution.
Can the public actually visit and see the pendulum’s in the office building or was this special access arranged?!