what about private sites etc? Also, surely reading packets is illegal?
As I understand it, they use a modified bit torrent (or other P2P tech) client to either join existing swarms or plant false ones. Probably the former as its legality is less dubious. This modified client simply logs the IP, content and any other info it can gather, such as usernames, time etc.
This method doesn't fall foul of wiretapping or hacking laws afaik, because they're not gaining access to your computer, and they're just capturing the data generated and used by a regular P2P client in it's normal operation. The data they gather is available to everyone in the swarm.
Example : you access a web server via a browser and browse around in the normal manner. You find and save something in an obscure section of the website that the owner later removes. You haven't done any thing illegal, you just looked harder than other people.
The list of IPs will be split up according to ISP. They will approach the ISP prior to actually seeking a court order to test the waters and see if the ISP intends to fight the issue - which they can, to a degree.
If the ISP rolls over, which let's face it they most likely will, they apply for and get the court order with no opposition, get names and addresses, and it's mailshot intimidation time.
I am not a lawyer. This is just based on what I've read about this whole thing and layman's knowledge of what hacking and wiretapping are.