Since its creation in 2004, the Transportation Security Administration has spent $40 billion on aviation security. Yet an amateur terrorist succeeded in getting on board Northwest flight 253 with a well-known type of explosive concealed on his person.

Two egregious security failures allowed this to happen. First, despite an explicit warning from the terrorist’s father, his name did not get added to either of the TSA’s lists-the 4,000-name no-fly list or the 14,000-name selectee list. Had he been on the latter list, he would have been subjected to secondary screening at Amsterdam Schiphol airport, where a routine swabbing of his hands and/or carry-ons would likely have revealed traces of the PETN explosive.

But even if this trace-detection had not been carried out, the PETN which the terrorist concealed in his underwear would have been detected had he been required to pass through one of the 15 of millimeter-wave body-scanners now in use at Schiphol. But airport officials there maintain that they are not permitted to use these machines for U.S.-bound passengers (though TSA has disputed that).

Both failures reflect the flawed philosophy that underlies U.S. aviation security policy. For the most part, it continues to be fixated on keeping bad things-as opposed to bad people-off of airplanes. It also implicitly assumes every passenger is equally likely to be a terrorist, so every passenger must get equal treatment, except in extreme cases. That’s why it’s so hard to shift potential bad guys from the Department of Homeland Security’s much larger databases to TSA’s selectee and no-fly lists. As a libertarian, I agree that we should be very leery of forbidding people to fly without good reason. But requiring potentially high-risk travelers to undergo secondary screening (especially since we do some of this randomly, in any case) is hardly the end of the world.

In fact, shifting to a risk-based approach to aviation security would likely mean increased security and lower costs, both for the TSA and especially lower wasted-time costs for most travelers. Under a risk-based approach, air travelers would be divided into three groups: lower-risk, ordinary, and higher-risk. The three groups would be treated differently, for very good reason.

Lower-risk people would be those with active government-issued security clearances and anyone who joined a risk-based “trusted traveler” program by passing an FBI background check and getting a biometric ID card. These people would get streamlined processing at airports, similar to what existed pre-9/11. (Note that TSA’s sister agency within DHS, Customs & Border Protection, operates a number of similar programs for U.S. citizens returning to this country, such as the recently expanded Global Entry program.)

Higher-risk people would be those placed on an expanded selectee list and would be subjected to mandated secondary screening, including a body scan, backed up (if necessary) by a full body search. Now that terrorists have started hiding explosives in their underwear and body cavities, we have no alternative to these intrusive measures.

This risk-based approach would be significantly more effective than current practice in dealing with the increasingly serious threat of airborne suicide bombers. It should be supplemented by beefed-up control of access to planes and their cargo holds on the tarmac at airports, to thwart those who would place bombs on board without getting on board as passengers.

Fortunately, the Flight 253 bomber failed, due largely to his own incompetence. But unless we shift to a risk-based security policy, the next such attempt could well succeed.

Robert Poole is director of transportation at Reason Foundation. He advised the White House and members of Congress on airport security issues following the September 11, 2001 attacks. An archive of his aviation security work is here.