[srollyson]

That's all well and good, but I have still not given authorization for the use of my network to the malicious user. An open network invites legal dispute as to whether the lack of encryption constitutes implicit permission to use the network [1]. By having encryption, even if easily cracked, I have let the malicious user that they are not welcome on my network and have absolved myself of any responsibility for their actions.

Following your reasoning, my background means that I should know that I shouldn't have a wireless network at all. There are vulnerabilities for just about any method I would use to secure a wireless network.

My important stuff is firewalled within the network. I use WEP because it's the easiest way to give network access to folks I've authorized to use my network while still letting unauthorized users know they're not welcome.

[1]: http://en.wikipedia.org/wiki/Legality_of_piggybacking

[pyre]

> Following your reasoning, my background means that I should know that I shouldn't have a wireless network at all.

It would be argued that you should have taken 'reasonable' measures to prevent unauthorized access. It could then be argued that using WEP is not reasonable, especially it you know it is easily crackable.

[jdbernard]

Should we lock our doors with bank-vault locks, since we know how easily most common door locks are picked? The fact that an attacker would have to actively bypass the security should be enough for legal purposes. It is not like an attacker could accidentally crack a WEP-protected network and not know they were doing it.

[valleyer]

No, nor should we uninstall the default deadbolt that comes with the house and replace it with a simple gate-style lock (you know, the kind you can reach over and unhook).

We should use the default standard method of locking our doors. And our Wi-Fi access points.

[rmserror]

Except he's enabled WEP because it's "more convenient" for him. It's still a strong signal that he doesn't want outsiders on the network.

A better door analogy is replacing the deadbolt with a slightly crappier one that unlocks whenever you're in bluetooth range (for "convenience"). Just because the system is "easily broken into" doesn't mean that you're not "breaking and entering" when you break the security and enter the house.

[srollyson]

Incidentally, most deadbolts are ridiculously easy to pick. I can get into my front door deadbolt in about a minute with a multitool and a safety pin bent into the shape of a pick with said multitool [1]. Unless you've upgraded your typical run-of-the-mill deadbolt to one with mushroom, spool, or serrated pins [2] it will take roughly the same effort. Those higher-security locks typically run over a hundred bucks and as such aren't what most house builders would put in a front door.

[1]: http://www.crypto.com/papers/notes/picking/

[2]: http://www.lockwiki.com/index.php/Security_pin