The MAC address is encoded in plaintext in the network packet (for obvious reasons - at a low level it is telling the network where to send the packet, so you can't encrypt it). You just need to listen to broadcast packets from your laptop, inspect them and determine the MAC address your wireless card is using. MAC-address 'spoofing' (i.e. broadcasting a different MAC address than the real one for the card) is a 'feature' built into most wired and wireless cards, so I just give my laptop card the same MAC address, your router can't tell the difference so it lets me in.

I can't comment on the lawfullness, other than to note that the law usually lags reality by many years if technology is involved (or just about anything else, for that matter). However, it's obviously something you shouldn't be doing.

While MAC-address ACLs are easy to bypass, it'll only be done by someone with a specific interest in your data, whereas accessing an open WAP could be useful just to go online to check your email. Most home users won't have anyone who cares enough to hack it, so the ACL is fine, but when WEP is no more effort then i'd use that instead. If it's being a pain then I wouldn't lose too much sleep over it.


edit to add: disabling SSID-broadcast is another semi-secure technique like MAC-address ACLs. However, the SSID is broadcast in plaintext in many 802.11b frames, so it's also easy to discover.