AAs Woody Allen said, "When people are out to get you, paranoia just makes good sense"! The short answer is, yes, your ISP can access your data -- some types more easily than others.
Let us start with the information that your ISP can most easily access. E-mail actually sits on a server at your ISP until you download it. It is a simple matter of reading the files in which the e-mail resides. In addition, if someone sends e-mail to you and gets everything correct in the address but mistypes your user name, a copy of that mail is often sent to the system's postmaster.
Another security problem arises when you are using proxies for Web browsing. The proxy server keeps track of what is being accessed. By examining the records on the proxy server an ISP can find out what Web pages you have been accessing.
The above types of information are available to your ISP without going to the trouble of specifically setting up systems to obtain data.
Most of the data is just passing through your ISP. Data is sent in the form of packets. When you send or receive a file, that file is divided up into smaller units and sent over the Internet. At the other end the packets are put back together in the correct order to recreate the file. It would be a bit tricky, but an ISP could keep a copy of the packets being sent and received by you and stitch them back together to replicate files and chat sessions. This would be further complicated by the fact they would have to guess what sort of information was being sent -- videoconferencing, chat etc.
I doubt that ISPs would bother accessing individual subscribers' data. Yes, people could be intercepting what you are sending. But it would be unlikely to be a casual observer for chat or videoconferencing. That is, it is not like eavesdropping on a telephone conversation.
Why is the Internet so insecure? To cut a long story short, security was simply not built into the protocols that make up the Internet. This means that if you need to keep information secure you need to have security in each individual application that you use (eg the secure HTML documents that Netscape introduced which are often used to allow users to send private information, such as credit card details, over the Internet.)
If the information you send over the Internet requires confidentiality and security, you should check to see if your ISP has a policy on subscriber privacy and confidentiality. I believe such issues will be addressed across the industry as self-regulation comes into place for ISPs.
Neville Clarkson adds: There's no doubt that ISPs can listen in on their subscribers' communications, but the technical challenges and sheer cost of doing so on any significant scale suggest that they are unlikely to bother. If you are an ISP, or an ISP customer who believes they have been spied upon, the Help Screen would welcome your comments.
- Roy Chambers