RE: Schneier: ISPs should bear security burden