Being as I am a Network Operator (NOC) at the worlds largest dedicated Webhosting Company and ISP, I will enlighten you.

1) The way he was "Watching Him" was most likely a Packet Capture. All it takes is running ettercap on the router in front of the TNT Access Servers, and you can capture all incoming and outgoing packets. You see, these data packets are physicly going through our network at our DataCenter Colo facility, therefore you play by our rules. There is no Privacy cause your on our Network. Also, read the AUP or TOS you may find it very informative on such matters.

3) We are constantly scanning trough our Core Captures to find the most obvious malicious packets. This is automated and is called an IDS.(Intrusion Detection System) It ususally blocks DOS attacks, port scans, ect... among other tools that I will not mention we are watching 100% of the time. 24/7 365 days a year. (No Holidays Off)