although how they'd do this with SSL protected pages without resorting to some sort of man-in-the-middle style attack remains a bit of a mystery
I guess they could basically do exactly that, at least for handsets they supply or configure, quite easily; make the standard network config use their proxy server, and trust a root cert on that proxy, and Bob's yer uncle.
I still think network level ad blocking is a terrible idea though, and I'm still kind of expecting some legal or regulatory move to put the kibosh on the whole idea. It doesn't solve the fundamental problem of ensuring sensible behaviour by advertisers, it just takes the ad-blocking arms race to the next level, and I fear where that will end up. Let people choose to ad-block, based on how much ads annoy them; that's pretty democratic, self-balancing system.