Securing trust is now a priority. Identity theft, phishing and pharming have exposedshortcomings in the criminal law. The online environment is now seen as the playground ofcriminals. Online criminal activities pose significant social and economic costs. Apparently, theFraud Act 2006 is the instrument that will now neutralise the threats posed by phishers and identitythieves. This concept paper is an attempt to chart a less tenuous path of claim and counterclaim thatoften rears its head when the subject turns to personal Internet security. Accordingly, the paper aimsto initiate a debate on how we can begin to think about information security and the role of lawagainst the growing threats posed by identity thieves and phishing. I draw on the insights of Sun Tzuin The Art of War as way of understanding how best we can manage and reduce complexity. Thedebates have all too often focussed on liability rules and legal reform. The resulting impasse can beovercome if the problem is first of all properly characterised. A balanced policy debate requires anunderstanding of two key matters - ‘trivergence’ and the gullible computer user. The hypothesis isthat before we can think about regulatory tools to curb practices like phishing an identity theft weneed a better understanding of the interactions between data, devices and networks.