There's a thread about it on NANOG right now.
Presumably this one... "ISPs and full packet inspection" http://mailman.nanog.org/pipermail/nanog/2012-May/048364.html
That seems to be more about network ops than targeting specific users. There's a world of difference between routine sniffing of your traffic for statistical, engineering, budget, policy, education and debugging purposes (ie: to prioritize/ban traffic, etc)...
and taking action based on a user specific external report or request, or looking for users to act upon, or just plain spying on people.
The former happens every day without much issue. The latter is the problematic area.
There are some good links in that thread though. NSL and subpoena handling comes up on NANOG once in a while.