First there was wiretaps at the telco central offices. Then there was Sandvine and DPI (deep packet inspection) to help curb Peer-to-peer file-sharing (BitTorrent) that was consuming all available bandwidth with piracy (according to the puppet masters at the MPAA and RIAA). Now there is NebuAd, where DPI meets targeted advertising. And Privacy is just a thing of the past. Common Carriage means nothing. It actually means that telcos are pipes (tubes if you will). What's in those pipes is none of their business.
If we lived in a regulatory environment where the US Constitution, Privacy, and Laws were actually applied evenly, most telcos would be in trial for breaking privacy laws and falsely advertising. (Unlimited and Internet have meanings and they aren't Limited and Walled Garden).
Many groups including the CDT charged that the targeted ads might be illegal.
"The Center for Democracy and Technology (CDT), the group laid out a legal argument alleging that ISPs that engage in NebuAd's program could run afoul of the 1986 Electronic Communications Privacy Act (ECPA) -- also known as the Wiretap Act -- as well as several states' privacy laws.
Not to mention the DMCA, which, in "Title II: Online Copyright Infringement Liability Limitation Act, provides a safe harbor for online service providers (OSPs, including ISPs) against copyright liability if they adhere to and qualify for certain prescribed safe harbor guidelines and promptly block access to allegedly infringing material (or remove such material from their systems) if they receive a notification claiming infringement from a copyright holder or the copyright holder's agent." (The full text of the act can be found here (PDF). In short, as long as the ISP just transmit data in the pipe, it is not liable for what transverses that pipe. Now with DPI, the ISP knows. Liability!
It's an ugly mess, but you can't put the genie back in the bottle. Privacy has been disappearing since the Internet went mainstream. You just need to Be Careful out there.