The Aerospace Suicide Levers
There's a clip from inside a touring helicopter where a lady casually grabs a big yellow lever sticking out of the fuselage into the cockpit. The pilot immediately scolds her and says "That will kill us!" That's the brake for the rotors and, while it's not powerful enough to stop the engine, it'll probably overheat and cause a fire pretty quickly.
This isn't about that one.
Everywhere, on commercial flights, there's passengers near emergency exits that, by law and common sense, need to be easy to operate. These can't be opened for most of the flight because they're plug doors and they have to move inwards, against cabin pressure, before they can be moved out of the way to break the seal.
We're getting closer.
The Space Shuttle has a hatch that is, likewise, simple to operate. Lift a safety cover, turn it counter-clockwise to unlatch. Unlike the passenger plane doors this hatch opens outward. NASA became somewhat allergic to inward-opening doors after Apollo 1 and all their hatches are designed for quick egress in case of emergency. The problem is that, in space, there's an atmosphere of pressure on one side of the door and hard vacuum on the other.
Taylor Wang was a payload specialist and the first Chinese person to ever fly into space. He also threatened not to come back to Earth if he wasn't allowed to try and fix his experiment. Another astronaut reported that he kept asking about the hatch, incredulous that it was so simple to just vent the entire habitable volume and kill everyone. Wang was allowed to fix his experiment and after the next rest cycle there was duct tape on the door.
So the commander got squirrely about a crewmate killing everyone. Payload specialists weren't trained alongside the crew, they were a bit "other'd" so it's a bit understandable. Doubly so because, on the next mission, they were flying two payload specialists, and one was a Saudi prince. How did NASA resolve this?
They added a lock to the door and made it the commander's decision to employ the padlock or not. The commander literally told them "Yeah, and the NASA members get the combination, but you don't. That's the way this works." and let them assume it was the other guy they were worried about.
What the actual fuck?
Taylor Wang flew in 1985. In 1979 NASA psychologists recognized principles such as Crew Resource Management and still decided to add a lock for the commander to use if they felt uncomfortable with their crew. You have to be brilliant to be an astronaut, surely there's a dozen ways to abuse the orbiter's systems to kill yourself and/or everyone on board without opening the hatch.
The Soviets were worried about some form of Space Madness™️ so Yuri Gagarin's controls were locked with a simple combination lock and he was given the code. If he truly lost his mind, I suppose they reasoned, he wouldn't have the mental faculties to retrieve the envelope and enter it. Spaceflight is high stress and people can react in unexpected ways, adding the lock is an understandable idea and perhaps even a good one. What is not is making it so that the commander would install it if they got an ick about someone who they needed to trust with their life.
Yeah, make it a padlock with a key, so if the commander is incapacitated they're not stuck inside on the runway while NASA goes at the shuttle with a sawzall. But put it in the procedures, once the OMS shut off and the shuttle is in a safe orbit, the lock goes on the door. The commander puts it in their pocket and says "I have the key as an emergency precaution against anyone acting irrationally. I, myself, am not immune to this so physically restrain me if you see me attempting to unlock the door if it's not the last step prior to strapping in for descent."
The commander recounting the story thought it was standard, but he still said it was because he didn't trust the payload specialist. He figured they must have thought "Well this is a fine how-do-you-do. We train for two years together, and they don't trust us." If you had maintained that this was standard, a precaution against anyone suddenly acting irrationally, that wouldn't have possibly crossed their minds!
Challenger never got around to using the lock, being the orbiter where all this originally went down and only making it to orbit twice more. In 1989 NASA began overhauling the hatch with the Inflight Crew Escape System so that, if the crew could bring the orbiter to level flight but not make a runway, they could bail out and avoid hitting the wing.
The problem with the lock was not the solution but how haphazardly they employed the solution. They took the problem of judging if crew could be trusted to act rationally and sanely and, instead of making systematic changes to decrease that risk, they instead made it a judgment call from the commander for how much they trust their crewmates. The problem was the othering, the solution was to make them feel even more alienated and untrusted.
Afterall, it did come to pass that there was a control that, if actuated at the wrong time, it would kill an astronaut. The only thing stopping the co-pilot on SpaceShipTwo from destroying the craft was a single lever with no interlocks. He pulled it too early and the craft distintegrated from aerodynamic forces. He wasn't even suicidal and he pulled the lever. The lock was a basic safety interlock.
This is broadly written from my memory of what I've previously read. I went back and Google'd some things to try and provide approximate evidence.
Original Story
Commander's Comments
Gagarin's Lock
ICES (Inflight Crew Escape System)
SpaceShipTwo crash