Can employees at a local telephone ISP read my e-mails and monitor my web surfing and tell others about what they read/see?
Yes. Yes, they can.
The real question is, would they? Probably not. And yet … there are new concerns that they might occasionally even be required to.
If it’s of real concern to you, what might you do? I do have some ideas.
Become a Patron of Ask Leo! and go ad-free!
If you have a connection to the internet, it’s provided by an ISP; that’s what the acronym stands for: Internet Service Provider. Be it your work, school, phone or cable company, your internet service is provided by someone, and that someone is your ISP.
Not only do they provide your internet connection, they completely control it.
Your ISP knows a lot about you. Traditional ISPs, like telephone and cable companies (and quite possibly many “non-traditional” ISPs, such as wireless providers and others), know where you live, so as to be able to physically get your connection to you (not to mention where to send the bill).
For example, as I’ve said over and over and over and over, in order to locate you by your IP address, it typically takes law enforcement and a court order. Where do they take that court order? To your ISP, to get them to reveal your physical location.
Monitoring your connection
Your ISP also controls the equipment that all your internet data flows over once it leave your location. You connect to your ISP, and your ISP routes the data to where it’s supposed to go elsewhere on the internet.
Can they “sneak a peek” at your data while they route it? Absolutely they can.
The question is: would they?
Folks, I’ve said this before too: we’re just not that interesting. Why would anyone want to spend time looking at gigabytes of data just so they can spy on your surfing habits or email? Most ISPs are overworked enough as it is, without adding some kind of electronic voyeurism to their job.
In my strong opinion, most people need do nothing to protect themselves from their ISP.
Protecting your connection
Several possible solutions come to mind.
- Secure connections. Any connection that begins with https, instead of http, is an encrypted connection. So while your ISP can see which sites you are visiting, the data actually sent to or displayed from the web site on an https connection is encrypted. Using an https connection to a service like Gmail is one way to secure your email from snooping.
- Anonymous web surfing. Using services like Tor, your ISP can tell that you’re using an anonymizing service, but they cannot tell where you’re surfing; it’s all encrypted. It’ll be slower, but it’ll be encrypted. Of course, you’re trusting the anonymizing service not to snoop on you.
- Encrypted email. There are several ways to send encrypted email (though, sadly, none are particularly easy). Your ISP will be able to see who you’re emailing, but your message will be encrypted and hidden.
- VPN services. There are services available that will allow you to set up a VPN, or “Virtual Private Network” connection, to their services, which then connect you to the internet. Typically meant for people who use WiFi hotspots a lot (where snooping is a much greater risk and issue) everything between you and the service is encrypted; thus, your ISP can’t see a thing. Of course, the VPN service can, as it becomes a kind of ISP itself.
So it really all boils down to your level of paranoia, which could be quite legitimate or not, compared with the amount of effort you’re willing to put into keeping your connection secure.
But ultimately, I don’t believe that their ISP snooping on them is something most people need to worry about.
On the other hand…
In recent years, some governments have begun to require that ISPs keep at least some information about your internet habits. Anything your ISP can see is, potentially, logged and made available, should those governments come knocking.
What’s kept? Which ISPs? How long? Which governments?
There’s no way to know with certainty. Indeed, the landscape is changing often, and today’s answer to any of these questions might be different tomorrow.
Once again, I maintain that most of us simply aren’t that interesting, and aren’t likely to be doing anything that would warrant the interest of your government, much less of your ISP.
However, it’s certainly worth knowing what is possible, and perhaps might even be required, so that you can take any steps you feel are appropriate to protect yourself.