Writing in the Washington Post, George Washington University law professor Jeffrey Rosen carefully concludes, “there’s a strong argument that the TSA’s measures violate the Fourth Amendment, which prohibits unreasonable searches and seizures.” The strip/grope policy doesn’t carefully escalate through levels of intrusion the way a better designed program using more privacy protective technology could.

It’s a good constutional technician’s analysis. But Professor Rosen doesn’t broach one of the most important likely determinants of Fourth Amendment reasonableness: the risk to air travel these searches are meant to reduce.

Writing in Politico last week, I pointed out that there have been 99 million domestic flights in the last decade, transporting seven billion passengers. Not one of these passengers snuck a bomb onto a plane and detonated it. Given that this period coincides with the zenith of Al Qaeda terrorism, this suggests a very low risk.

Proponents of the TSA’s regime point out that threats are very high, according to information they have. But that trump card—secret threat information—is beginning to fail with the public. It would take longer, but would eventually fail with courts, too.

But rather than relying on courts to untie these knots, Congress should subject TSA and the Department of Homeland Security to measures that will ultimately answer the open risk questions: Require any lasting security measures to be justified on the public record with documented risk management and cost-benefit analysis. Subject such analyses to a standard of review such as the Adminstrative Procedure Act’s “arbitrary and capricious” standard. Indeed, Congress might make TSA security measures APA notice-and-comment rules, with appropriate accomodation for (truly) temporary measures required by security exigency.

Claims to secrecy are claims to power. Congress should withdraw the power of secrecy from the TSA and DHS, subjecting these agencies to the rule of law.

Washington Times reporter Shaun Waterman has a characteristically excellent article out today about U.S. cybersecurity authorities failing to secure their own systems.

According to a new report by government auditors, systems at the U.S. Computer Emergency Readiness Team (US-CERT), part of the Department of Homeland Security, were not maintained with updates and security patches in a timely fashion and as a result were riddled with vulnerabilities that hackers could exploit.

Time and again, people look to government intervention based on what they imagine government might do under ideal conditions. Real conditions produce far weaker results.

We’re better off distributing the problem of data, network, and computer security among all the self-interested actors in the country—fallible as they are. We should not abandon the problem to a central authority whose failure fails us all.

The Associated Press is reporting that persons filing requests under the Freedom of Information Act (FOIA) with the Department of Homeland Security during the last year faced scrutiny beyond what the law requires.

Career employees were ordered to provide Secretary Janet Napolitano’s political staff with information about the people who asked for records — such as where they lived, whether they were private citizens or reporters — and about the organizations where they worked.

If a member of Congress sought such documents, employees were told to specify Democrat or Republican.

This, despite President Barack Obama’s statement that federal workers should “act promptly and in a spirit of cooperation” under FOIA, and Attorney General Eric Holder’s assertion: “Unnecessary bureaucratic hurdles have no place in the new era of open government.”

The White House separately reviewed FOIA requests to see documents about spending under the $862 billion stimulus law. Read the whole thing.