Without malicious intent, ISPs are already doing this, both to sell aggregated traffic data and to shit all over their network.
On Sprint and ATT Mobility I cannot maintain many TCP connections for long durations - websockets will be killed after a while and require reconnection, long-connected TCP games will drop after a few minutes, quite a handful of HTTPS/TLS sites do not load and immediately hardfail with a TLS protocol error or connection reset, traffic appears modified and periodically injected, DNS is hijacked, images' hash values do not match the server side on plaintext connections, NXDOMAIN DNS values are hijacked, traffic crossing any port will be tampered with as long as it looks like HTTP/1.x, etc.
On Sprint and ATT Mobility I cannot maintain many TCP connections for long durations - websockets will be killed after a while and require reconnection, long-connected TCP games will drop after a few minutes, quite a handful of HTTPS/TLS sites do not load and immediately hardfail with a TLS protocol error or connection reset, traffic appears modified and periodically injected, DNS is hijacked, images' hash values do not match the server side on plaintext connections, NXDOMAIN DNS values are hijacked, traffic crossing any port will be tampered with as long as it looks like HTTP/1.x, etc.