Your Internet service provider (ISP) is your local link to the worldwide computer network known as the Internet. Every page request you make and every e-mail you send must travel through your ISP's routers first. It would seem, therefore, that your ISP has the power to scan and save every piece of data that flows through its system.
The truth is that it does have the power. Fortunately for us, it doesn't have the money or the desire to archive every bit of information that comes its way.
ISPs in the United States don't routinely save the Web surfing histories and e-mail conversations of their users [source: McCullagh]. It would simply be too expensive to save all of that data and the public outcry from privacy rights and civil liberties organizations would be deafening.
However, ISPs can (and do) track the online behavior of suspects targeted by an ongoing Homeland Security or law enforcement investigation into charges of terrorism or child pornography.
In European Union countries, ISPs are now required by a European Commission regulation to save e-mail logs of their users for up to two years [source: Tryhorn]. The e-mail logs don't contain the contents of the messages, only information on who sent messages to whom and when. The logs can be used in criminal investigations.
A hot topic in the U.S. concerns ISPs who partner with advertising firms that store cookies on users' browsers to collect "behavioral targeting" data designed to cater to visitors of various Web sites. The advertisers claim they don't associate collected data with individual IP addresses, but privacy groups are still up in arms [source: Greenburg].