FWIW bad actors have been doing the same thing for ages with passwords, passcodes, key combinations, physical keys, etc.

They noted in the video that the system did say that the ticket had already been scanned.

It probably happens now and then that a ticket is accidentally scanned twice and so this message wouldn’t seem that out of place, and so they probably proceeded as normal without thinking that someone else really had already boarded with the same boarding pass.

I would think adding a simple timestamp to the message would be helpful instead of just a Boolean “has been scanned” type of flag. With the timestamp you could at least say something like “this ticket was previously scanned at <time>.” Then from that message you would know whether it was an accidental double scan (the time being within seconds of now) or whether some time had passed, which I would hope would raise an eyebrow.

Edit: I have no idea what the actual messaging looks like. It could indeed have a timestamp. I’m just hypothesizing.

Even that’s going to have many more false positives and be annoying which will cause the attendants to be tempted to hit the “it’s fine” button.

For example, I suspect a decent number are couples/families that print multiple copies of boarding passes and two accidentally try to use the same one.

And like most security measures, humans are the weak link. The scanning system did mark the barcode as already used/invalid, but the staff assumed it was a glitch and let them on.

It already doesnt. The problem is the operator

No the problem is that the software bugs regularly enough that conflicts are disregarded

These sorts of issues aren't always the software's fault. Sometimes it's human error.

I've been prevented from boarding because the airline sent all the party tickets as a single PDF and my confused family members all scanned the first barcode they saw.

Software fault. Even if they tried to do the right thing a barcode scanner has to be used while the screen and paper are not visible.

We should have baseline expectations for UX thinking which are higher than this standard.

I agree with you 100%

When things fail, we gain little by punishing the person who was operating the system. Instead, we must ask, "why did the system allow this failure?" Fix that root cause, because the operator is not the root cause here.

Why did the system securing the plane let the operator override the error and allow an unauthorized passenger on the plane?

Should be easy enough, UI shows the picture of the guy who scanned the first ticket and system tells operator you go and check his ticket. If you can't find him on the plane he's hiding in the bathroom, call security to get him out.

Because software is full of bugs, false assumptions, and ambiguities, people make mistakes, information doesn't transfer perfectly between airlines, and rare situations become common when you are dealing with enough people. If the gate agent can't override the system, the airline cannot operate.

I've lived in a number of countries in the past 10+ years and encountered more than my fair share of edge cases when flying. On the average, the gate agent has to override something 1-2 times per year when I fly internationally.

Storing photos of people is a bit of a can of worms, make it even easier and just ask for ID if this error occurs.

That's true, but you'd still need to find the unauthorized passenger already on board. Without a picture you'd have to flush the plane and reboard.

Given there are thousands of security cameras in an airport, I don't think anyone would mind if one was used to record who got on the plane.

Now you are asking the right question

> I hope they fire and prosecute him.

"He's a witch! Burn him!"

Firing him would remove him from where he can do harm. What would prosecuting him do?

Why do you hope that?

Why stop there? Execute him too while you’re at it! /s

Humans make mistakes. You don’t need to prosecute every single individual that makes a mistake you know

It also creates a bad safety culture to over-punish mistakes, because then people don't report them for fear of being fired and the system can't be improved to minimize future mistakes.