Profile of a Safety and Security Researcher: Zeki Erkin

During his Bachelor’s and Master’s at the Istanbul University of Technology, Zeki Erkin did what he loved most, in his own words, he was “playing with numbers and number theory. My BA end-of-year project was about zero-knowledge proofs and secret sharing, two concepts that were quite unusual and not much in practice. I was also interested in steganography, and the idea of hiding communication from the naked eye. The project covered subjects of secrecy, trust and sharing, and I loved it. It certainly paved the way for my work in security and privacy.”

While looking for my PhD subject I came across Professor Inald Lagendijk, who was already combining security and privacy in his work. It was a perfect match. From my perspective as a researcher looking into the different components of private and secure communication, I found myself in a rich environment of many variants at TU Delft.

“All my life, I really cared about the individual’s rights. The right to privacy is contained in the Universal Declaration of Human Rights and everyone agrees that individual personal privacy and full control of it is essential. But in the face of a society dependent on high-density information technology and electronic media, it is becoming increasingly difficult to implement this human right in digital systems. Cryptography offers a way to protect sensitive data and protect individual privacy.”

“Back in 2002, when I was a computer scientist, the subject of privacy was not a point of major concern in business. The emphasis was on security, especially concerning products or services. But even then, two decades ago, I already believed it was our role as scientists to provide the tools and means in digital systems for everyone to be able to protect their privacy. Because if we weren’t going to do this on behalf of citizens, then who would?”

“In the last ten years, there have been many changes in the field. Privacy has been promoted from lesser status as an add-on workshop at security conferences, to the headliner at privacy conferences and symposiums. The initial resistance that I often faced in getting funding for our research, was linked to the elevated status of digital security at the time. When a manager suggested that I switch subjects to get grants and apply to the security field “because privacy isn’t getting you anywhere”, I strongly disagreed! Research needs to look  further and aim for the betterment of society. We should avoid acting with an ‘industry mindset’ which is short-term oriented. Let’s look at 5 or ten or fifteen-year projects. I think long-term academic projects are vital, but who will do it?”

In 2018 there was a light at the end of the tunnel and that light was called GDPR. The EU recognised an individual right to control one’s own data. People started to take notice of privacy. Compliance was the buzzword of the year. But basic compliance was not enough. The big change was when major companies realised they could collect and analyse data if they collaborated using cryptography. “It’s a very positive sign that after two decades, our privacy research is paying off.”

Zeki believes an effective framework for security and privacy requires three things; The first is education and awareness of risks and rights, starting with basic training in privacy and security knowledge for every child at school. Secondly, authorities need to set solid laws and regulations in place. “Thirdly, we need technical solutions, but companies are still somewhat reluctant and unwilling to be the first to take the leap because privacy protection requires overhead. And this is where I can play my part, together with colleagues worldwide."