An easy way out?
The easy way out of this is to treat the problem as two problems.
From the point of view of the person trying to connect to the network, simply posit that if the wifi network is unencrypted and thus unsecured, it is legally open to use by whosoever wants to use it. Should the operator put ANY encryption on it at all, then it is legally not open for public use and hacking the encryption is an offence under the usual law. That should be the legal stance; the common sense stance is that illegality won't stop script kiddies and WEP should not be used for encryption unless no other option is present.
On the ISP side, the negotiation between whoever is paying the bill for the connection and that person's ISP is entirely their business and the law should not go poking its nose into this contract. If the ISP objects to a person running a free wifi point off their network, then contract law is the way to handle this.