Actually, an ISP could use an SSL proxy to act as a man in the middle and have access to all of your traffic unencrypted. It would require them to install a certificate on your machine that tells your browser to trust the ISP's CA. See the following episode of Security Now, I think Steve Gibson explains how this works fairly well.
http://www.grc.com/sn/SN-112.htm
I don't know how legal it is for ISPs to do this, but I know some schools and corporations do.
Slashdot Mirror
Actually, an ISP could use an SSL proxy to act as a man in the middle and have access to all of your traffic unencrypted. It would require them to install a certificate on your machine that tells your browser to trust the ISP's CA. See the following episode of Security Now, I think Steve Gibson explains how this works fairly well. http://www.grc.com/sn/SN-112.htm I don't know how legal it is for ISPs to do this, but I know some schools and corporations do.