Purpose - The purpose of this paper is to develop an approach for investigating the impact of surveillance technologies used to facilitate security and its effect upon privacy. Design/methodology/approach - The authors develop a methodology by drawing on an isomorphy of concepts from the discipline of Macroeconomics. This proposal is achieved by considering security and privacy as economic goods, where surveillance is seen as security technologies serving identity (ID) management and privacy is considered as being supported by ID assurance solutions. Findings - Reflecting upon Ashby's Law of Requisite Variety, the authors conclude that surveillance policies will not meet espoused ends and investigate an alternative strategy for policy making. Practical implications - The result of this exercise suggests that the proposed methodology could be a valuable tool for decision making at a strategic and aggregate level. Originality/value - The paper extends the current literature on economics of privacy by incorporating methods from macroeconomics.