tobala said:
EDIT: Anyone know if it's possible to detect a mirror port?
By definition, no. The ISP could use any form of packet sniffing or packet replication to obtain full copies of bidirectional data flow and there is structurally no way to identify that action. The only technology on the horizon that has such a capability is built on quantum principles, and works because anybody reading the "packet" (actually a quantum bit, or qubit) permanently alters the packet. Clearly, however, such a protocol is non-routable and difficult to envision in a real-world system in the next few decades.
It's pathetically easy to overcome the weaknesses the DEA used in this case to get their 30-year convictions:
1. Never allow unauthorized physical access to a machine being used for sensitive stuff. If you don't carry it with you and sleep in a room with it at night, have a few good protection dogs that live in the same room as the computer. Both these cases involved the cops breaking into someone's facility and installing software or hardware for key logging - and breaking in again to get it back (if memory serves me right). No access = no cops getting passwords for encrypted email.
2. Maintain a generally secure OS installation to prevent simple, remotely-installed keystroke loggers from infecting your machine. As others said, a decent firewall would see the outbound data stream from the logger, block it, and warn you something odd was going on.
3. Run a good VPN service until your internet traffic leaves Amerika for a more secure jurisdiction. OpenVPN is an excellent, open-source tool for this. There are several commercial companies that run OpenVPN-based services that make the whole process very easy to do. With a good VPN tunnel established, your local ISP (and backbone provider, and so forth) see nothing but encrypted traffic from your connection - no readable data, no internet address. Let 'em keep copies of those encrypted packets forever if they want to!

Tor is great, but does nothing to secure your traffic from your local ISP's prying eyes.
I always laugh that many folks think "computers are insecure" but will gladly use idiotic codewords on unencrypted phonecalls over a national phone system built from the ground up to be piss easy to eavesdrop on. Drug cops must thank the stars every day that their targets aren't wise enough to throw out their phones and use secure data communications. Without chatty drug dealers and their cherished cellphones, the drug cops would have to reinvent their approach to building cases.
Note, for example, that there are exactly
two cases in which the DEA or FBI are known to have used keystroke loggers to gather evidence. Ever. Two. How many cases have been won by easy-to-get wiretap orders? Tens of thousands. . . . which do you think is, on balance, more secure?
Peace,
Fausty