Which raises the question often brought up in various forms:
Is a person responsible if someone has been using his or her router for file-sharing because they were able to crack its WEP-encryption, while the accused in question hardly knows what a router is?
Most non tech people are just using an ISP provided router, every ISP that I know of provides a router with WPA2 and went around replacing old WEP routers a few years ago. I can't remember the last time a WEP network showed up on my smartphone.
Of course there are other ways someone may have broken into your network.
Actually, many routers have easily predicable WPA2 passwords. Based on the MAC address or the access point name, it is often possible to deduce the default key (which many/most people don't change).
It's not like WPA2 would be terribly secure either. One minute of googling directs you to a step-by-step tutorial using aircrack. WiFi is nice to have but one has to be aware of the security issues that arise with it.
All of the WPA2 attacks I've seen assume predictable SSIDs and Passwords.
Again , ISPs seem to be ahead of this. Looking in my local area most of the APs have names like "BThub543897534895" and I assume that the passwords are randomly generated.
aircrack-ng assumes pre-shared keys. Cracking long passwords is quite time-consuming (read: takes a VERY long time). They actually explicitly state that in their wiki. I'm not exactly sure but I think I read something about using GPUs to accelerate bruce-force times with a speedup of 100x. That's quite substantial, however even with that brute-forcing is not an option here, which gets us back to the fact that an attacker will hope for a weak password, possibly in a dictionary.
You're right about ISPs being on the safe side with their SSIDs and passwords, but I think you're underestimating the users here. For the sake of it I've spent an hour and a half driving around town a year ago, logging locations of access points. I never did anything with the data except for looking at how access points are distributed across my town. Most of the AP names where common words or a combination of such. Concerning passwords, I've used wifi at friends and coworkers places quite a few times and most of them had weak passwords.
An attacker might just go and do some wardriving and randomly attack access points and I believe he'll find one weak enough without much of a hassle.
Bottom line it's the same as always: In the real world security isn't as depended on technology as it is on how much the user is concerned with it. How that works out in a lawsuit is a different question though.
Is a person responsible if someone has been using his or her router for file-sharing because they were able to crack its WEP-encryption, while the accused in question hardly knows what a router is?