the questions of can they spy, and will they spy are different questions. at some US ISPs (at least the one i am at) the modems usually are only monitoring performance, ie number of packets, errored and discarded packets for troubleshooting. as far as the modem which i will assume is just a layer 2 bridge to your provider, usually not a whole lot going on there due to costs of the hardware. where the privacy violations are going to occur in the access equipment or core. this is what your modem connects to, then your traffic crosses on the way to the “greater internet” if your not using a vpn to outside of your provider, there is no way around it, they can and probably do tap into what your doing. a lot of them it may not be overly nefarious, i know my company does not sell customer data, and we generally only access it for troubleshooting and bandwidth analysis for upgrades, or as ordered by a court for law enforcement.

if you use a router from your isp almost every manufacturer is trying to sell all these different analytics and dpi that basically tells us what websites customers are visiting and how much/type of traffic to those sites, but directly from the router. same, or greater level of privacy violation as that can see local traffic on your lan, as well as watching wifi connection strength and scanning to see air quality and neighbors for “troubleshooting” or to sell access points.