End-to-end encryption like SSL (https) is meant to limit the middle man's ability to 'see everything'. Instead of seeing the details of your Google search, all they see is that you accessed Google at [x] time, and exchanged [y] amount of data.
This is why there is such a push for end to end encryption on web traffic, chat apps, etc.
ISP can very easily see what you searched for even with SSL. SSL encrypts the TRAFFIC so they can't see the content of the webpages, But your search terms are right there naked in the URL even though it is https secured. This is unfortunately the case for Google, Bing and even DuckDuckGo. Try it and you can see for yourself.
At least DDG offers in their options to scramble the URL but one has to know about that feature AND enable it. It is in their settings under Privacy and you have to turn OFF GET (2nd option). https://duckduckgo.com/settings#
> But your search terms are right there naked in the URL even though it is https secured
You are correct that the terms are in the URL, however only the browser and endpoint can see them. All your ISP sees is that you accessed example.com, and not example.com/search-terms-here. The TLS handshake is for the domain only, then encryption kicks in, then everything after is encrypted.
Your ISP cannot see what you are searching for, they can only see which sites you use for search.
Using their CPE routers implies (but does not guarantee) that you are using them for NAT and firewalling, and thus the ISP has a device inside your security perimeter.
This is why there is such a push for end to end encryption on web traffic, chat apps, etc.