An ISP doing this would be carrying out a misrepresentation. In some jurisdictions this would
be a forgery offence, in others plain and simple fraud. In the UK it would classify as
preparing/planning for unauthorised access and theft of data within the computer misuse and
data protection acts. Even if a private prosecution against such an ISP failed, the bad
publicity would cost it more than it might have to gain. The Sony rootkit is a similar example
and frankly I'm surprised that prosecutions did not take place over it.
There seems to be an attitude here that large companies are above the law; that it does not
apply to them, but this is partly because the rudimentary laws which do cover the digital
domain are widely misunderstood and not yet adequately tested in court in such cases of
Technically the way to defeat this involves DNSSEC and a certificate forest with trees rooted
at the top-level domains established and maintained as part and parcel of DNS domain
registration and renewal.