Rights vs security & privacy
Individual Privacy or National Security: Which Matters More?
LNAT Section B ยท Model essay
The essay prompt
When the demands of personal privacy clash with the protection of the state and its citizens, which should carry greater weight? Take a clear position and defend it.
The stance
The question rests on a false binary: privacy and security are not rivals to be ranked but goods that mostly reinforce each other. Where they genuinely conflict, neither is categorically supreme; the deciding principle is proportionality, with privacy as the default and security-driven intrusion justified only when it is targeted, legally authorised and independently overseen.
Defining the terms
- Individual privacy โ The right to personal autonomy and to control information about oneself, including confidential communication and freedom from arbitrary state intrusion (Article 8 ECHR; s.8 of the Canadian Charter).
- National security โ The protection of the state and its population from serious threats such as terrorism, espionage, cyber-attack and foreign aggression, distinct from ordinary law-and-order policing.
- Which matters more โ Which value should prevail when the two genuinely conflict; framed properly, this asks not which is intrinsically superior but which should be the default and what justifies departing from it.
- Proportionality โ The legal test that a rights-limiting measure must pursue a legitimate aim, be rationally connected to it, go no further than necessary, and strike a fair balance (the Oakes test in Canada; the Article 8(2) ECHR analysis).
Assumptions to interrogate
- That privacy and security are zero-sum, so that gains in one must be paid for by losses in the other.
- That 'national security' is a single, stable concept rather than a malleable label that governments can stretch to justify a wide range of measures.
- That a society can be meaningfully 'secure' while its members are stripped of autonomy, or 'free' while exposed to serious unaddressed threats.
- That the long-run effects of normalised surveillance (chilled dissent, mission creep, eroded trust) are negligible or easily reversed.
The case for
Security is the precondition of every other right, including privacy
A state that cannot protect life cannot deliver privacy either; the right to life under Article 2 ECHR is the foundation on which the exercise of all other freedoms depends. Where intelligence prevents an atrocity, it preserves the very conditions in which privacy can be enjoyed. On this view, when the conflict is genuine and the threat grave, a proportionate intrusion on privacy is not the enemy of liberty but its guarantor.
Modern threats are technological and cannot be met blind
Terrorism, foreign interference and cyber-attack are coordinated through encrypted channels and cross-border data. Agencies that cannot lawfully access communications data fight without sight. The European Court accepted this in Big Brother Watch v United Kingdom (2021), holding that bulk interception is not inherently prohibited where it protects national security against serious external threats, provided it is bound by adequate safeguards.
Properly designed law converts intrusion into accountable protection
The danger is unregulated surveillance, not surveillance as such. The Investigatory Powers Act 2016 requires a Secretary of State's authorisation to be approved by an independent Judicial Commissioner before a warrant takes effect, the 'double-lock'. Oversight of this kind shows that targeted, time-limited and judicially supervised intrusion can serve security without becoming arbitrary, which is why it can sometimes rightly prevail over an individual privacy claim.
The case against
Privacy is the structural check that prevents security powers from being abused
Treated as expendable, 'national security' becomes a self-justifying licence for executive overreach. The House of Lords struck down indefinite detention without trial in A v Secretary of State for the Home Department (2004), holding that even a public emergency could not justify a disproportionate and discriminatory measure. Privacy and its associated protections are precisely what force the state to demonstrate proportionality rather than assert necessity.
Bulk and indiscriminate intrusion is disproportionate and chills a free society
Blanket data retention treats whole populations as suspects. In Digital Rights Ireland (2014) the Court of Justice annulled the Data Retention Directive as a serious, untargeted interference with Articles 7 and 8 of the Charter. Mass surveillance also corrodes the willingness to dissent, associate and inquire, the habits on which democracy depends, so its costs are political as well as personal.
Privacy is itself a security good, so the trade-off is partly illusory
Encryption protects banking, hospitals and elections; confidential medical records and the secret ballot are infrastructure, not luxuries. Weakening privacy weakens everyone's security, because back doors built for the state are exploitable by criminals and hostile powers. Far from competing, robust privacy is frequently a condition of genuine collective security.
The argument, step by step
- Reject the zero-sum framing: in most cases privacy and security advance together, so the question is wrongly posed if it assumes a permanent trade-off.
- Concede the strongest case for security: life is the precondition of all rights, modern threats are technological, and Big Brother Watch confirms bulk powers are not inherently unlawful when safeguarded.
- Establish the privacy default: where the two genuinely conflict, the burden lies on the state, because 'national security' is malleable and self-justifying if left unchecked.
- Deploy the case law on both sides: A (2004) and Digital Rights Ireland show courts striking down disproportionate, untargeted measures; Big Brother Watch and the IPA double-lock show targeted, overseen intrusion can be legitimate.
- Resolve through proportionality: targeted, authorised, time-limited and independently reviewed intrusion can prevail; indiscriminate, secret or open-ended surveillance cannot.
- Conclude that neither value is categorically supreme, but privacy is the default and proportionality is the principle that decides each genuine conflict.
The model plan
Thesis: false binary; privacy and security mostly reinforce each other, and where they truly conflict the deciding principle is proportionality, with privacy as the default. Intro (~90 words): define 'individual privacy' (Art.8 ECHR, s.8 Charter) and 'national security'; expose the zero-sum assumption; state thesis. Para 1 (FOR security): life (Art.2 ECHR) is the precondition of rights; modern threats are technological; Big Brother Watch v UK (2021) holds bulk interception not inherently unlawful if safeguarded; IPA 2016 'double-lock' shows accountable intrusion. Para 2 (AGAINST): privacy is the check that forces proportionality; A v SSHD (2004) struck down indefinite detention; Digital Rights Ireland (2014) annulled blanket data retention as disproportionate under Charter Arts 7-8. Para 3 (privacy IS security): encryption, medical confidence, secret ballot; back doors are exploitable; comparative: R v Spencer (Canada, 2014) protects online anonymity, Carpenter v US (2018) requires a warrant for location data, showing a cross-jurisdictional convergence on a warrant/proportionality default. Para 4 (resolution): the line is targeted + authorised + overseen vs indiscriminate + secret + open-ended. Conclusion (~70 words): neither categorically supreme; privacy default + proportionality decides. Link every paragraph back to '...therefore proportionality, not a fixed hierarchy, decides which prevails.'
The model essay
Asking whether individual privacy or national security 'matters more' assumes the two stand permanently opposed, so that every gain for one is a loss for the other. That assumption is mostly false. A secure state is what allows privacy to be enjoyed at all, and strong privacy protections are themselves part of a society's security. The honest answer is therefore not a ranking but a principle: where the two genuinely conflict, neither is categorically supreme, privacy is the default, and proportionality decides.
The case for security is real and must be met, not dismissed. The right to life under Article 2 of the European Convention is the precondition of every other freedom; a state that cannot prevent mass atrocity cannot guarantee privacy either. Modern threats compound this, because terrorism, espionage and cyber-attack travel through encrypted and cross-border channels, leaving agencies that cannot lawfully access data fighting blind. The European Court recognised as much in Big Brother Watch v United Kingdom (2021), holding that bulk interception is not inherently prohibited where it protects against serious external threats, provided it is bound by adequate safeguards. Where intrusion is targeted, authorised and proportionate, it can therefore rightly prevail over an individual privacy claim.
Yet privacy is exactly what stops 'national security' from becoming a self-justifying licence. The phrase is malleable, and a government that treats privacy as expendable need never prove that its measures are necessary. In A v Secretary of State for the Home Department (2004) the House of Lords struck down the indefinite detention of foreign terror suspects without trial, holding that even a public emergency could not justify a disproportionate and discriminatory response. Privacy and the protections clustered around it are what force the state to demonstrate proportionality rather than simply assert urgency. Therefore the burden, when the two collide, should lie on the state.
That burden is heaviest against indiscriminate intrusion. In Digital Rights Ireland (2014) the Court of Justice annulled the Data Retention Directive as a serious and untargeted interference with Articles 7 and 8 of the Charter, because it treated entire populations as suspects. Mass surveillance also chills the dissent, association and free inquiry on which democracy rests, so its costs are political as well as personal. East Germany's Stasi delivered 'safety' of a kind while annihilating the autonomy that makes safety worth having.
The deepest objection to the trade-off is that privacy is frequently a security good in its own right. Encryption protects banking, hospitals and elections; medical confidentiality and the secret ballot are infrastructure, not luxuries. Weakening privacy weakens everyone, because a back door built for the state can be opened by criminals and hostile powers alike. Courts across jurisdictions have converged on the same default: in R v Spencer (2014) the Supreme Court of Canada protected online anonymity by requiring a warrant for subscriber data, and in Carpenter v United States (2018) the US Supreme Court held that accessing historical location data is a search needing a warrant. The pattern is consistent: proportionality and prior authorisation, not unfettered access.
The resolving line is clear. Surveillance that is targeted, legally authorised, time-limited and independently reviewed can legitimately override a privacy claim when the threat is grave. Surveillance that is indiscriminate, secret or open-ended cannot, because it sacrifices the freedoms it claims to defend. Neither value is therefore categorically more important. Privacy is the default the state must displace, and proportionality is the test it must pass to do so. A democracy that abandons that test in the name of security ends up protecting the state while abandoning the citizen, which is no security at all.
Authorities worth knowing
A v Secretary of State for the Home Department (the Belmarsh case)
[2004] UKHL 56, [2005] 2 AC 68
Indefinite detention of foreign terror suspects without trial under s.23 of the Anti-terrorism, Crime and Security Act 2001 was incompatible with the ECHR: even a public emergency cannot justify a disproportionate and discriminatory measure, so security powers remain subject to proportionality.
Big Brother Watch and Others v United Kingdom
App nos 58170/13, 62322/14 and 24960/15 (ECHR, Grand Chamber, 25 May 2021)
Bulk interception is not inherently incompatible with Article 8 where it protects national security against serious external threats, but the UK regime violated Articles 8 and 10 for lack of adequate end-to-end safeguards; a nuanced 'safeguards, not prohibition' standard.
Digital Rights Ireland Ltd v Minister for Communications (and Seitlinger)
Joined Cases C-293/12 and C-594/12, EU:C:2014:238 (CJEU, Grand Chamber, 8 April 2014)
The Data Retention Directive 2006/24/EC was declared invalid as a wide-ranging and untargeted interference with Articles 7 and 8 of the EU Charter, exceeding the limits of proportionality; blanket retention treats whole populations as suspects.
R v Spencer
2014 SCC 43, [2014] 2 SCR 212 (Supreme Court of Canada)
There is a reasonable expectation of privacy in ISP subscriber information because online anonymity is a protected privacy interest under s.8 of the Charter; police generally need a warrant to compel disclosure.
Carpenter v United States
585 U.S. 296 (2018), No. 16-402
Government acquisition of historical cell-site location information is a Fourth Amendment search generally requiring a warrant on probable cause; the third-party doctrine does not defeat the user's privacy interest in comprehensive location data.
Investigatory Powers Act 2016
Investigatory Powers Act 2016 c.25
Establishes the 'double-lock': a Secretary of State's authorisation of interception and equipment-interference warrants must be approved by an independent Judicial Commissioner before taking effect, embedding proportionality and independent oversight in security surveillance.
How the law frames it
United Kingdom
Privacy is protected by Article 8 ECHR through the Human Rights Act 1998, subject to limits that are lawful, necessary and proportionate. Security surveillance runs largely through the Investigatory Powers Act 2016, whose 'double-lock' requires independent judicial approval of warrants. Courts police the balance: in A v Secretary of State (2004) the House of Lords held that even a declared emergency could not justify disproportionate, discriminatory detention.
Canada
Section 8 of the Charter guarantees protection against unreasonable search and seizure, and any limit must satisfy the Oakes proportionality test under s.1. In R v Spencer (2014) the Supreme Court recognised online anonymity as a privacy interest and required a warrant for ISP subscriber information, showing that even data held by third parties attracts a strong, proportionality-based default in favour of privacy.
ECHR
Article 8 protects private life and correspondence, but Article 8(2) permits proportionate interference for national security. The Strasbourg Court does not treat the two as a fixed hierarchy: in Big Brother Watch v UK (2021) it held that bulk interception is permissible in principle yet found violations where end-to-end safeguards were inadequate, while the CJEU in Digital Rights Ireland (2014) struck down untargeted blanket retention outright.
Counter-arguments and how to defeat them
Counter. The right to life comes first: a dead citizen has no privacy, so security must outrank it whenever lives are at stake.
Rebuttal. Agreed that life is foundational, which is why proportionate, targeted intrusion to avert a real threat is justified. But that argument supports security only at the point of genuine, evidenced danger; it cannot license blanket surveillance of people who pose no threat, as Digital Rights Ireland makes clear.
Counter. Independent oversight (judicial commissioners, FISA-style courts) already prevents abuse, so we can safely err toward security.
Rebuttal. Oversight is exactly why security measures can be legitimate, but it exists because privacy is treated as valuable; remove that premise and oversight becomes optional. Big Brother Watch shows safeguards can be inadequate even where a system claims them, so the default must remain privacy with the state bearing the burden.
Counter. Surveillance is narrow and most law-abiding citizens are unaffected, so privacy is not really harmed.
Rebuttal. Bulk regimes and 'temporary' emergency powers have a documented tendency to expand. Digital Rights Ireland concerned data retention for entire populations, not a narrow few, and the chilling effect on dissent harms even those never investigated. Targeted intrusion is defensible; indiscriminate intrusion is not.
Counter. Encryption and privacy tools shelter terrorists, so weakening them serves security.
Rebuttal. Back doors cannot distinguish between a terrorist and a hospital, a bank or a voter; weakening privacy weakens everyone's security, since the same vulnerability is exploitable by criminals and hostile states. Here privacy and security align, which is why courts in Spencer and Carpenter defend it rather than trade it away.
Conclusion
Privacy and national security are not rivals to be ranked but goods that mostly reinforce one another, and the framing of the question conceals that. Where they genuinely conflict, neither is categorically supreme. Privacy is the default the state must displace, and proportionality, targeted, authorised, time-limited and independently overseen intrusion, is the test it must pass. Big Brother Watch shows security measures can be legitimate; A v Secretary of State and Digital Rights Ireland show they are unlawful when disproportionate. A state that abandons that test protects itself while abandoning the citizen, which is no security worth having.
Evidence you can cite
- Under the Investigatory Powers Act 2016 'double-lock', most interception and equipment-interference warrants authorised by a Secretary of State cannot take effect until an independent Judicial Commissioner has also approved them, providing a statutory layer of judicial oversight over security surveillance.Investigatory Powers Act 2016 (UK), Part 2; Investigatory Powers Commissioner's Office (IPCO) on the double-lock โ source
- In Digital Rights Ireland (2014) the CJEU found that the Data Retention Directive obliged providers to retain traffic and location data for all subscribers across all means of electronic communication, an interference it held was not limited to what was strictly necessary.CJEU, Joined Cases C-293/12 and C-594/12, Digital Rights Ireland (8 April 2014) โ source
- In Carpenter v United States (2018) the records at issue revealed 12,898 location points for the suspect over 127 days, illustrating how routine data access can reconstruct a comprehensive picture of private life and so trigger Fourth Amendment protection.Carpenter v United States, 585 U.S. 296 (2018) โ source
Further reading
- J.S. Mill, On Liberty (1859), ch. 2-3, on liberty, dissent and the limits of state coercion.
- Council of Europe, ECHR Guide on Article 8 (private life, correspondence and surveillance case law).
- Investigatory Powers Commissioner's Office (IPCO), explanation of the 'double-lock' authorisation process.
- D. Anderson QC, 'A Question of Trust: Report of the Investigatory Powers Review' (2015).