Many authors in the privacy literature cite a renowned 1890 Harvard Law Review article by Judges Warren and Brandeis entitled The Right to Privacy as a seminal work in the US legal tradition . Warren and Brandeis explicitly argued that the right of individuals to “be let alone” was a distinct and unique right, claiming that individuals should be protected from unwarranted publications of any details of their personal life that they might want to keep confidential.1 In this sense, this right to privacy relates to the modern concept of informational self-determination. It is interesting to note that Warren and Brandeis did not cite the US Constitution’s Fourth Amendment,2 which protects the property and dwelling of individuals from unwarranted search and seizure (and, by extension, their electronic property and communications). The Fourth Amendment is often cited by privacy advocates, especially in relation to surveillance technologies and to attempts to control cryptographic tools. The Fourth Amendment also underpins much privacy legislation in the USA, such as the Electronic Communications Privacy Act, or ECPA.3 Constitutional guarantees of privacy also exist in other legal texts, for example the EU Convention on Human Rights [67, §8].
In the United States, case law provides more material for HCI practitioners. Famous cases involving the impact of new technologies on the privacy of individuals in the United States include Olmstead v. United States (1928), which declared telephone wiretapping constitutional; Katz vs. United States (1967), again on telephone wiretapping and overturning Olmstead; Kyllo vs. United States (2001), on the use of advanced sensing technologies by police; and Barnicki vs. Vopper (2001) on the interception of over-the-air cell phone transmissions.
Regulatory entities such as the FTC, the FCC, and European Data Protection Authorities also publish rulings and reports with which HCI professionals working in the field of privacy should be familiar. For example, the EU Article 29 Working Party has issued a series of rulings and expressed opinions on such topics as the impact of video surveillance, the use of biometric technologies, and the need for simplified privacy policies.
Finally, HCI researchers often cite legal resources such as the European Data Protection Directive of 1995  and HIPAA, the US Health Insurance Portability and Accountability Act of 1999 . Many of these data protection laws were inspired by the Fair Information Practices (discussed in more detail in section 3.5.1), and impose a complex set of data management requirements and end-user rights. HCI practitioners should be aware that different jurisdictions use legislation differently to protect privacy, and that there is much more to privacy than the constitutional rights and laws described above.
2.2 Philosophical Perspectives on Privacy
1 Warren and Brandeis claimed that the right to privacy is unique because the object of privacy (e.g., personal writings) cannot be characterized as intellectual property nor as a property granting future profits.
2 “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, […].”
3 The ECPA regulates the recording of telecommunications and personal communications at the US Federal level, including wiretapping by government agencies. It generally outlaws any recording of which at least one party being recorded is not aware and requires various types of warrants for wiretapping or recording other telecommunication data for law enforcement purposes.
end-user-privacy-in-human-computer-interaction-v57.docPage 8 of 85