Whether an ISP can do this is a technical question, not a legal one.  I think it can, but what do I know?  Your second question also isn't about the law.  You might have better luck posting it on a different board.

If the ISP has the information and gets a subpoena for it, it will usually have to comply.  However, subpoenas don't exist in a vacuum.  They can only be issued in an ongoing case, and the person whose records are being subpoenaed is supposed to get notice so that he can object and fight the subpoena if he wants to.

If your friend has a lawyer, the lawyer should have received a copy of the subpoena.  If he doesn't have a lawyer, he should have received this notice himself.

not a lawyer but know something about technology. ISP will have all the records. even instant messenger chats are stored. you can only clean your hard drive and not the servers of the ISP.
I heard of some new email service that "burns" all emails. you can set it to burn at any point in time. Saw it on CNBC can't recollect the name now.
Nothing is fool proof. Anything that you do on the internet is stored somewhere.

BTW based on what Sidone said the lady must be bluffing. If your friend did not get a subpoena then it must be bluff, unless the ISP bills were paid by the wife.

He originally posted this on the GD board, but was told that this was a legal matter and to take it to the Legal Board.

Perhaps there should be a "Cyber Issues" board?

(still not a lawyer)

Your description says a copy of every email sent was created and sent to an addy for an account to which the wife had access; it appears she hacked his email client program (Outlook, for example) to do this. No subpoena or ISP intervention is required in this scenario to get the data. This doesn't mean she didn't employ some social engineering to get this data. Whether it's admissable is a question for a lawyer (I am not one, ofc).

In any case, ISPs are required to alert the account holder before relinquishing data subject to a subpoena, with the obvious Patriot Act exceptions. Even so, most ISPs are very reluctant to do so. They do retain records of virtually every email and IM you've sent, and every website you've visited, intentionally or not. Check your Terms of Service for the details.

The best way for hiding activities from prying eyes is to:
a) understand the risks of the services you use (WWW, email, IM, etc.),
b) understand how the programs you use to access these services are configured (IE, Outlook, AIM, etc.) and how you can mitigate these risks,
c) password protect your account and use good password practices (don't write it down, don't tell anybody, change it often, more than eight characters, include non-alphanumeric characters, etc.), and
d) use "safe erase" software to physically delete the bits you want to disappear from your hard drive, delete unnecessary emails, regularly flush your browser and IM client caches and frequently defrag your hard drive.

I am so sorry this has happened to you. Remember, just because you're paranoid doesn't mean they're not out to get you. Good luck, bro...

Your description says a copy of every email sent was created and sent to an addy for an account to which the wife had access; it appears she hacked his email client program (Outlook, for example) to do this. No subpoena or ISP intervention is required in this scenario to get the data. This doesn't mean she didn't employ some social engineering to get this data. Whether it's admissable is a question for a lawyer (I am not one, ofc).

In any case, ISPs are required to alert the account holder before relinquishing data subject to a subpoena, with the obvious Patriot Act exceptions. Even so, most ISPs are very reluctant to do so. They do retain records of virtually every email and IM you've sent, and every website you've visited, intentionally or not. Check your Terms of Service for the details.

The best way for hiding activities from prying eyes is to:
a) understand the risks of the services you use (WWW, email, IM, etc.),
b) understand how the programs you use to access these services are configured (IE, Outlook, AIM, etc.) and how you can mitigate these risks,
c) password protect your account and use good password practices (don't write it down, don't tell anybody, change it often, more than eight characters, include non-alphanumeric characters, etc.), and
d) use "safe erase" software to physically delete the bits you want to disappear from your hard drive, delete unnecessary emails, regularly flush your browser and IM client caches and frequently defrag your hard drive.

I am so sorry this has happened to you. Remember, just because you're paranoid doesn't mean they're not out to get you. Good luck, bro...

Q1: Yes, it's possible for an ISP to do that.  I am in the technology industry and it's very easy to do and I have done it before.  It's not very time consuming to setup, however it is more of a  a pain to sift through the data.  There isn't a magic "reassemble all email button" or "give me all the IM's this person sent".  IF she did it via the (and didn't install some monitoring program on his PC's which is usually an easier way to go) that would have required some co-operation on their part.  Most ISPs are too big to get ahold of someone to do that for you and quite frankly don't really care about stuff like that unless it's being forced upon them by LE.  Also, there's a cost associated with it.  I'm sure that they wouldn't have done it for free.

Q2.  I don't use SW per se to keep my activities on masked, but I am very conscious of who uses my PC, what's installed, what websites I visit, etc.  I have Firefox installed as a secondary browser (it's not to uncommon to have more than 1 browser nowadays) and  I have ALL caching, histories, etc. disabled.  This way, I do all my hobby related activities from there so there is no history.  Also, make sure that you aren't going through any proxy servers as they will log the date, time, website you're visiting and other info as well.