When duties arising from two different rights are incompatible with one another, the rights in question can be said to be in conflict. Public discourse at the moment is flooded with claims about the incompatibility between privacy and security. According to popular belief, the more privacy individuals enjoy, the less the state is able to provide security, and vice versa. In other words, the state seems to have incompatible duties: on the one hand, to respect its citizens’ right to privacy by refraining from spying on them, and on the other hand, to guarantee the safety of its citizens, their right to security, which, so the argument goes, cannot be done without spying on the general population. This paper focuses on the supposed trade-off between privacy and security in the context of terrorist threats and mass surveillance. I will follow Waldron’s (1989) framework for assessing rights in conflict by first weighing security against privacy—assessing the importance of the interests at stake, the trade-offs involved and the possible successive waves of duties generated by the failure to comply with a primary duty, and the need for proportionality—and finally focusing on possible internal connections between privacy and security that may suggest these rights are less in conflict than is usually thought. The paper ends with some reflections on the implications for encryption.