As for #2, they can tell what host you're contacting but not what pages you're accessing.
If I wanted to say, check my adsense revenue, I could hit »
www.google.com/adsense and this device could tell I hit a Google web server, but not much more beyond that. That _is_ the whole point of SSL (and why some ISPs like Rogers just degrade all encrypted connections because they can't tell if it's legitimate or someone trying to bypass their torrent throttling).