THe answer is simpler than that.
Make sure you have a modem that supports dual SSIDs.
Your first SSID is hidden, accessible and seeable only by your devices.
The second is his/hers.
If their quota usage is getting too high for the month, change the password for the SSID, and they are insta-blocked.
Works very well, just make sure you change the router access password from default.
Why would you suggest something draconian and *****ic like this? There's plenty of hardware available that can do what he wants w/o outright blocking someone, in fact, I'm certain any wireless router that has multi-SSID capabilities also has at least more than basic QoS settings.
To ahmado:
There are many ways you can go about this. You can, as others have suggested, look for an affordable router that is on the dd-wrt supported page and flash it with dd-wrt to enabled advanced QoS settings. You could also just buy a new router with such capabilities already built in.
I'm partial to engenius just because they've always been rock solid and I have bought several of their routers/range extenders. If you want a router with both multi-SSID broadcast and QoS bandwidth limiting, try the ESR9850, which goes for around $50-65 USD. It has gigabit ports, B/G/N wifi, and can broadcast up to 4 SSIDs. WIth it, I can restrict people by both upload and download speed (after giving them a static IP address), or I could restrict by protocols/port #s, or by a priority queue.
I currently give my own machine full access to my 32mb/5mb connection, while all other devices in the house are restricted to 16mb/1mb speeds. It works well, and I also have 2 SSIDs set up, one for the devices in the house, and another for visitors who get quicker access with a shorter/weaker password. The secondary SSID is even restricted from communicating with devices on the rest of the network that connect via the first SSID or local ports.
For your needs it'd work great, but if you're on a budget and want something more affordable, you should definitely look into the first suggestion, acquiring a used/refurbished router that's on the dd-wrt compatibility list, and flashing it with said firmware. Either route will be sufficient for your needs, as you're only looking to restrict 1 person and not a whole/multiple networks. Get back to us whenever you've decided on what you want to do.