Not what they can, what they MUST as required by law. Assuming US, see DTA aka CALEA - at any time little green men with a warrant can ask for tranparrent packet capture of ISP client's traffic.

Also, in many places (Europa) there is collection and retention requirements for ISPs.