[enginous]

Indeed, although I don't agree "internet-enabling software" is trivial in terms of engineering and support costs, considering the range of devices today. But mostly I just wanted to clarify on the point that interception is not fully transparent: that the ISP does need to compromise every device that connects to the network.

But I do agree with your original point that to the extent possible, there should be legislation (if there isn't already) against intercepting TLS-encrypted connections of ISP customers, in cases where the ISP is also a browser-approved CA or is actually willing to distribute its own CA cert.