Greetings. Over on the NNSquad (Network Neutrality Squad) mailing list, the topic has arisen of ISPs spying on Web traffic and using the derived data to insert their own ads into the user data stream.
In my view, such behaviors by any conventional general purpose ISP with their paid subscribers is unacceptable, even when opt-outs of some sort are supposedly available (from the spying or just from the ads? -- Not clear!) This appears to represent a clear violation of basic network neutrality principles.
A fairly new patent application demonstrates the depth of intrusion that has been contemplated for the associated enabling devices [emphasis added]:
United States Patent 20070233857 (Application)
It's important to note the vast difference between this sort of activity by a primary ISP, vs. ad insertions at Web sites that occur with the cooperation or at least the assent of the Web site operators.
The latter category only affects users who choose to visit particular Web sites or use specific services (e.g. Gmail) as an affirmative (essentially, an opt-in) choice. While it's possible in some cases to argue the fine points of privacy issues related to ad serving systems in this class of environments, it's generally the case that these services are chosen voluntarily by users on a case-by-case basis.
However, since ordinary "last mile" ISP circuits represent the only means of accessing the Internet for the vast majority of consumers and businesses, ISPs drafting their conventional paying customers on a default basis into pervasive traffic monitoring and modification regimes, are taking improper and unacceptable advantage of their gateway roles and are obviously behaving in a non-neutral and potentially highly abusive fashion.
This sort of ISP behavior may arguably be more acceptable in some very specialized situations -- such as with WiFi access services provided without charge for example, but even then only with full and complete disclosure and ironclad privacy protections, with appropriate data destruction - expiration - anonymization guidelines for the collected transactional data.
For ISPs providing conventional paid Internet access services -- even where such protections and guidelines are present -- these monitoring and traffic modification systems deployed in any form other than with affirmative customer "opt-in" cannot be condoned and should not be accepted by any Internet users.