Yes. Yes, they can.
The real question is, would they? Probably not. And yet … there are new concerns that they might occasionally even be required to.
If it’s of real concern to you, what might you do? I have some ideas.
Become a Patron of Ask Leo! and go ad-free!
If you have a connection to the internet, it’s provided by an ISP; that’s what the acronym stands for: Internet Service Provider. Be it your work, school, phone, or cable company, your internet service is provided by someone, and that someone is your ISP.
Not only do they provide your internet connection, they completely control it.
Your ISP knows a lot about you. Traditional ISPs, like telephone and cable companies (and quite possibly many “non-traditional” ISPs, such as wireless providers and others), know where you live, so as to be able to set up your connection physically (not to mention know where to send the bill).
As I’ve said over and over and over and over, to locate you by your IP address typically takes law enforcement and a court order. Where do they take that court order? To your ISP, so they can reveal your physical location.
Monitoring your connection
Your ISP also controls the equipment your internet data flows over once it leaves your location. You connect to your ISP, and your ISP routes the data to where it’s supposed to go elsewhere on the internet.
Can they “sneak a peek” at your data while they route it? Yes, they can.
The question is, would they?
Folks, I’ve said this before too: we’re just not that interesting. Why would anyone spend time looking at terabytes of data just so they can spy on your surfing habits or email? Most ISPs are overworked enough without adding some kind of electronic voyeurism to their job.
In my strong opinion, most people need do nothing to protect themselves from their ISP.
Protecting your connection
OK, what if you still want to protect yourself? What if you have a legitimate reason for being paranoid?
Several possible solutions come to mind.
- Secure connections. Any connection beginning with https, instead of http, is an encrypted connection. So while your ISP can see which sites you are visiting, the data sent to or displayed from the website on an https connection is encrypted. Using an https connection to an email service like Gmail is one way to secure your email from snooping.
- Anonymous web surfing. If you use services like Tor, your ISP can tell you’re using an anonymizing service, but they cannot tell anything more than that — everything’s encrypted. It’ll be slower, but it’ll be encrypted. Of course, you’re trusting the anonymizing service not to snoop on you.
- Encrypted email. There are several ways to send encrypted email (though sadly, none are particularly easy). Your ISP will be able to see who you’re emailing, but your message will be encrypted and hidden.
- VPN services. You can set up a VPN, or “Virtual Private Network” connection, to the internet. Typically meant for people who use Wi-Fi hotspots a lot (where snooping is a much greater risk and issue) everything between you and the VPN service is encrypted; thus, your ISP can’t see a thing. Of course, the VPN service can, as it becomes a kind of ISP itself.
It all boils down to your level of paranoia — legitimate or not — compared to the amount of effort you’re willing to put into keeping your connection secure.
But ultimately, I don’t believe ISP snooping is something most people need to worry about.
On the other hand…
In recent years, some governments have begun to require ISPs to keep information about your internet habits. Anything your ISP can see is potentially logged, to be available should those governments come knocking.
What’s kept? Which ISPs? How long? Which governments?
There’s no way to know with certainty. Indeed, the landscape changes often, and today’s answer to any of these questions might be different tomorrow.
Once again, I maintain that most of us simply aren’t that interesting, and aren’t likely to be doing anything warranting the interest of your government, much less your ISP.
However, it’s certainly worth knowing what is possible, and what might even be required, so you can take any steps you feel are appropriate to protect yourself.