Track this. Photo from Bloomberg BusinessWeek by Karen Ducey/Getty Images

by George Taniwaki

In a Bloomberg Businessweek editorial (Apr 2020), Cathy O’Neil (mathbabe) explains why a Covid-19 tracking app won’t work. It’s all about self-selection bias.

* * * *

Update: For a good non-technical description of how the Apple and Google contact tracing API works, including the encryption method, see Economist, Apr 2020. The article also suggests that even though using an app for contact tracing is imperfect, its low-cost and passive nature makes it worthwhile.


Can a partially effective vaccine flatten the curve?

by George Taniwaki

During this Covid-19 pandemic, we want to know when we can stop sheltering at home and go back into public spaces again. Further, we want to know which actions can speed up the time before that can happen.

One thing we do know is that when dealing with a novel disease (one that no human appears to have immunity for), the entire population cannot go back to pre-epidemic behavior at the same time before it is safe. Doing so will cause a spike in infections and deaths. This will terrorize the population leading to another round of isolation. If the public loses faith that the government knows when it is safe to change behavior, then when it finally is safe, people will still be afraid and time will be lost during the recovery, causing additional economic hardship.

So when can we go back to normal? I think that can happen only after herd immunity is achieved. This can take a very long time as a trickle of individuals become infected and recover with resistance or die, a process called flattening the curve. Or it can happen pretty quickly after the wide-spread inoculation of individuals with a safe and effective vaccine.

An effective vaccine may take 18 to 24 months to develop. Many people, including President Donald Trump, think staying home this long is unrealistic. Is it possible to shorten that time by releasing a partially effective vaccine sooner? Doing so may help flatten the curve without requiring social distancing.

Partially effective vaccines

An intriguing paper by Eduard Talamàs & Rakesh Vohra, entitled “Free and perfectly safe but only partially effective vaccines can harm everyone” pretty much contains the answer in its title.

The idea is that a partially effective vaccine will cause people to change their behavior too much, too soon, causing the spike we want to avoid. The conclusion is similar to the analysis popularized by Sam Peltzman of the Univ. Chicago (a microeconomics professor while I was a student there) who suggested that stricter automobile safety regulations could lead to increased deaths (of pedestrians) as drivers felt safer and became more reckless (J Polit Econ, Aug 1975).

The most important conclusion in Talamàs et al., is that with overlapping social networks, even those who do not increase the size of their networks after the introduction of the vaccine can be harmed by those who do. This conclusion is slightly different than those of most epidemiological models that assume random contact between individuals rather than strategic networks. A good description of the paper is given by one of the authors, Vohra, at The Leisure of the Theory Class (Apr 2020).

by George Taniwaki

Did you watch the debate on Monday night? I did. But I am also very interested in the post-debate media coverage and analysis. This morning, two articles that combine big data and the debate caught my eye. Both are novel and much more interesting than the tired stories that simply show changes in polls after a debate.

First, the New York Time reports that during the presidential debate (between 9:00 and 10:30 PM EDT) there is high correlation between the Betfair prediction market for who will win the presidential election and afterhours S&P 500 futures prices (see chart 1).


Chart 1. Betfair prediction market for Mrs. Clinton compared to S&P 500 futures. Courtesy of New York Times

Correlation between markets is not a new phenomena. For several decades financial analysts have measured the covariance between commodity prices, especially crude oil, and equity indices. But this is the first time I have seen an article illustrating the covariance between a “fun” market for guessing who will become president against a “real” market. Check out the two graphs above, the similarity in shape is striking, including the fact that both continue to rise for about an hour after the debate ended.

In real-time, while the debate was being broadcast, players on Betfair believed the chance Mrs. Clinton will win the election rose by 5 percent. Meanwhile, the price of S&P 500 futures rose by 0.6%, meaning investors (who may be the same speculators who play on Betfair) believed the stock market prices in November were likely to be higher than before the debates started. There was no other surprise economic news that evening, so the debate is the most likely explanation for the surge. Pretty cool.

If the two markets are perfectly correlated (they aren’t) and markets are perfectly efficient (they aren’t), then one can estimate the difference in equity futures market value between the two candidates. If a 5% decrease in likelihood of a Trump win translates to a 0.6% increase in equity futures values, then the difference between Mr. Trump or Mrs. Clinton being elected (a 100% change in probability) results in about a 12% or $1.2 trillion (the total market cap of the S&P 500 is about $10 trillion) change in market value. (Note that I assume perfect correlation between the S&P 500 futures market and the actual market for the stocks used to calculate the index.)

Further, nearly all capital assets (stocks, bonds, commodities, real estate) in the US are now highly correlated. So the total difference is about $24 trillion (assuming total assets in the US are $200 trillion). Ironically, this probably means Donald Trump would be financially better off if he were to lose the election.


The other article that caught my eye involves Google Trend data. According to the Washington Post, the phrase “registrarse para votar” was the third highest trending search term the day after the debate was broadcast. The number of searches is about four times higher than in the days prior to the debates (see chart 2). Notice the spike in searches matches a spike in Sep 2012 after the first Obama-Romney debate.

The article says that it is not clear if it was the debate itself that caused the increase or the fact that Google recently introduced Spanish-language voting guides to its automated Knowledge Box, which presumably led to more searches for “registrarse para votar”. (This is the problem with confounding events.)

After a bit of research, I discovered an even more interesting fact. The spike in searches did not stop on Sep 27. Today, on Sep 30, four days after the debates, the volume of searches is 10 times higher than on Sep 27, or a total of 40x higher than before the debate (see chart 3). The two charts are scaled to make the data comparable.


Chart 2. Searches for “registrarse para votar” past 5 years to Sep 27. Courtesy of Washington Post and Google Trends


Chart 3. Searches for “registrarse para votar” past 5 years to Sep 30. Courtesy of Google Trends

I wanted to see if the spike was due to the debate or due to the addition of Spanish voter information to the Knowledge Box. To do this, I compared “registrarse para votar” to “register to vote”. The red line in chart 4 shows Google Trend data for “register to vote” scaled so that the bump in Sept 2012 is the same height as in the charts above. I’d say the debate really had an unprecedented effect on interest in voting and the effect was probably bigger for Spanish speaking web users.


Chart 4. Searches for “register to vote” past 5 years to Sep 30. Courtesy of Google Trends

Finally, I wanted to see how the search requests were distributed geographically. The key here is that most Hispanic communities vote Democratic and many states with a large Hispanic population are already blue (such as California, Washington, New Mexico, New Jersey, and New York). The exception is Florida with a large population of Cuban immigrants who tend to vote Republican.


Chart 5. Searches for “registrarse para votar” past 5 years to Sep 30 by county. Courtesy of Google Trends

If you are a supporter of Democrats like Mrs. Clinton, the good news is that a large number of queries are coming from Arizona, and Texas, two states where changes in demographics are slowly turning voting preferences from red to blue.

In Florida, it is not clear which candidate gains from increased number of Spanish-speaking voters. However, since the increase is a result of the debate (during which it was revealed that Mr. Trump had insulted and berated a beauty pageant winner from Venezuela, calling her “miss housekeeping”), I will speculate many newly registered voters are going to be Clinton supporters.

If the Google search trend continues, it may be driven by new reports that Mr. Trump may have violated the US sanctions forbidding business transactions in Cuba. Cuban-Americans searching for information on voter registration after hearing this story are more likely to favor Mrs. Clinton.

Here’s a riddle.

Question: I donated a kidney anonymously on Wednesday, September 29, 2010. This is a rare act. Perhaps 300 people worldwide did it last year. I also write extensively about kidney donation. I was reading Renal & Urology News May 2011 and I saw a story written by a person explaining why he/she donated a kidney to a stranger on Wednesday, September 29, 2010. But it wasn’t written by me. It was a weird experience reading the story about someone who is very similar to me. (I encourage you to read the article.) What are the odds that two people who enjoy writing also donate a kidney anonymously on the same day?

Short answer: Ex post, p=1.

Long answer: Before the two surgeries occur (called ex ante), the joint probability that my surgery (let’s call it event A) occurs on the same day as the other donor (let’s call it event B) is written as P(AB). We want to break this probability into two parts. First is the probability of my surgery happening on a particular day given that the other person donates the same day. This is written as P(A|B). Similarly, the probability of the other donor’s surgery date given mine is P(B|A) and the joint probability is obtained by multiplying the two together, P(AB) = P(A|B)*P(B|A).

In this case, I am certain (P>.99) that the date of my surgery was not influenced by the other donor. I was unaware of the existence of the other donor until I saw the story in Renal & Urology News. Thus, we can write P(A|B) = P(A).

Further, I will assume that the other donor’s surgery date was unaffected by my date and so P(B|A) = P(B). Thus, I ignore the possibility that the other donor or his/her surgeons read this blog and selected the donation date to match mine. I will also ignore the possibility of spooky effects like quantum entanglement, ESP, and God’s will forcing the two surgery dates to be identical.

Now we have P(AB) = P(A|B)*P(B|A) = P(A)*P(B).

Now, I will assume that the surgery dates for both me and the other donor are random and independent. If this is true, then P(B) = P(A). Substituting gives us P(A)*P(B) = P(A)^2.

Actually, this is not quite true. Elective surgeries are not randomly scheduled. For instance, surgeons like everyone else, want their weekends free and dislike scheduling elective surgeries on Saturday or Sunday. Similarly, surgeons like to visit their patients for two days after surgeries, but want to avoid coming in on weekends. Thus, they don’t schedule elective surgeries on Thursdays or Fridays. Finally, emergency care patients who enter the hospital on weekends are often taken into surgery on Monday. Thus, elective surgeries are nearly always scheduled on Tuesdays and Wednesdays. Eliminating the weeks of New Years, Christmas, and Thanksgiving, the Tuesdays after 3-day weekends, and allowing time off for vacations leaves about 90 possible surgery dates each year.

Now, there are about 300 other nondirected donors, so on average over 3 (300/90) nondirected donors will have surgery on the same day. Note however, that it is unlikely that the doctors at my hospital are on vacation the same dates as the doctors at the other donor’s hospital, or have the same holiday schedule, so this estimate isn’t quite right. Further, not all 300 donors like to write. And not all the writers will be English speakers. Now we have a complicated mess.

Yuck. Let’s start over. Instead, let’s look at the probability that an event will occur after we know the outcome, called ex post. It is always either 100% (it happened) or 0% (it didn’t happen). In this case, we know it happened so P=1.

[Update: I clarified the logic. I also changed the wording to indicate that I don’t know the gender of the other donor. On initial reading of the story, I thought it was written by a man. Now I think it is a woman. But since the writer is anonymous, I can’t be sure. About 60% of anonymous donors are female. (But that doesn’t mean there is a 60% chance that I am female.)]

by George Taniwaki

About 120 live donor kidney transplants occur every week in the U.S. Including my own, I know of three donors having surgeries within a nine-day span. That’s sort of a coincidence, but not by much. Similarly, about 250 nondirected donor transplants (cases where the donor does not have an intended recipient in mind and does not know the recipient prior to surgery) occur in the U.S. every year. Including myself, I know the names of about ten people who have or will donate anonymously in 2010. That’s a pretty high proportion of the total and definitely not a coincidence. I learned about most of these people because of research I conduct for this blog. And through the magic of the Internet, I have communicated with a few of them via email.


I’m not a big Facebook user. I do check it several times a week, but post comments less than once a week. I don’t add friends on a regular basis and only have 42 total. But today I realized that including myself, my circle of Facebook friends includes 4 kidney donors. That’s not really a coincidence, since I’ve been seeking out advice and support from other kidney donors as part of my effort to assist kidney patients find live donors. And Facebook is a convenient way for us to stay in touch. But it’s still an oddly high ratio. I’m sure there are lots of Facebook users who have similarly small circles of friends that are connected by very interesting and rare associations.

by George Taniwaki

The hematologist is concerned about my low white blood count (WBC) and has scheduled a bone marrow biopsy. A bone marrow biopsy will be invasive and painful, but certainly not as invasive or as painful as kidney donor surgery, which I’m already committed to. There is a possibility of complications, but again, the probabilities are much lower than for the surgery. (Yes, I know that the probabilities are cumulative not comparative.) Plus, I’m a bit intrigued by the opportunity to observe this procedure, though watching it on YouTube may be enough. Also, since the sample is taken from the posterior of the pelvic bone, I won’t actually be able to see my own sample taken.

What is it?

Bone marrow biopsy

Why is it needed?

Check for abnormalities (esp. cancer) in the core blood or bone marrow

How is it done?

A needle is inserted into the pelvic bone to extract a sample of bone marrow and liquid

Preparation None
Test time One hour

Rarely, can cause bleeding, infection, allergic reaction to medications


You have to pull down your pants. You will be given local anesthetics and oral pain meds, so cannot drive or travel alone after the sample is drawn. Even with meds, the test is rather painful



Bone marrow biopsy (not for the squeamish). Video from csmcd

The transplant coordinator at UWMC puts me in contact with a recent nondirected kidney donor who also had to undergo a bone marrow biopsy. She sent me an email with some excellent advice and ideas of what to expect, which is reproduced below.

“At first I was going to tough it out, just local and it shouldn’t be too bad. I mean, my son was 52 hours of labor with no meds – I managed that, right? But then I was thinking, ‘is there any reason to be in pain when there’s a relatively safe and easy way to not be?’ So I went for Local Plus, a combination of local surface and deep anesthesia plus fentanyl lollipops (really more like a giant Pez on a stick, but that’s what they call them).

“The person who did mine was Dr. Kelly Smith at SCCA. She did a really nice job, listened when I said I could feel what she was doing, gave me more anesthesia, as needed. I probably didn’t need all of the second lollipop, half would have been good, [but] one was not enough. Or maybe half to start, wait and the second half would have worked. I think I had to concentrate on breathing deeply for 2 or 3 minutes during the bone extraction, that’s about it. As it was, I pleasantly felt very little pain and I took a short nap when they were finished before getting up and going home. I did throw up on the way home, I think that was the second half of the second lollipop.

“The only lasting effect was hives from the dressing. My skin is really sensitive and I get hives at the drop of a hat, so I don’t know if you’ll get them too. [I took] lots of Benadryl for a few nights and they went away eventually. My hip was a little achy, but no activity limitations.

“It was nothing like Will Smith in 7 Pounds. Clearly he had no pain relief since he was punishing himself and it was a full on donation, not just a biopsy which is a much smaller extraction. I did find someone who posted [advice] on YouTube, which is how I decided to step up to the Local Plus pain relief.”


My bone marrow biopsy is scheduled for the morning. This will be my tenth appointment at UWMC. Actually, it will be at the Seattle Cancer Care Alliance, which is on the fifth floor of UWMC.

Based on the email message I received from the other donor, I’ve decided try to avoid nausea by not eating any solid food for dinner (just soup) the previous night and to not eat any breakfast (just juice) this morning. I will be sedated, so I’ll need to stay home for the rest of the day afterwards, meaning I’ll miss a day of work. (I’m a contractor, so I don’t get paid sick time.) Also because of the sedation, I can’t drive to my appointment. My wife is out-of-town, so a coworker has kindly volunteered to chauffeur me.


Welcome to SCCA. Photo by George Taniwaki

The procedure goes smoothly. It starts with the doctor giving me the standard medical history interview. She takes my blood pressure which reads 125/85. That’s really high; it’s normally 110/70. Perhaps I’m a bit anxious.

A nurse then has me suck on a 200µg fentanyl lollipop. Once it is about one-third gone, he asks me to lay on my stomach with pants down. After covering me with a sheet and applying iodine disinfectant, the doctor injects lidocaine in the skin on my upper hip. After a couple of minutes she pushes the skin against my pelvic bone and injects lidocaine on the surface of the bone.

After a few more minutes, she inserts the biopsy needle. She asks me if I feel a dull pain or a sharp pain. My reply is, “Actually, I can’t feel anything.” She starts pushing hard and bores through the bone. I can hear the bone grinding away, but don’t feel anything. She removes the center of the needle, drives the needle deeper and takes a core sample and aspirate (liquid marrow). I feel a bit of a tingling pain, but not much else (and with the fentanyl, I don’t care). And then it is over. I still have some of the fentanyl lollipop left and spit it out. Overall, it wasn’t much worse than a trip to the dentist (except for the pants down thing).


Core sample and aspirate. Photo by George Taniwaki

After a rest of about 30 minutes, they let me go. I could probably go to work, but decide it would be better to stay home. I don’t feel any pain for the rest of the day. However, as I lie down in bed for the night, when the needle spot on my hip touches the mattress, I feel intense pain, as if I had just fallen on my hip on an icy sidewalk. I immediately sit up. I have to sleep on my left side. I expect my hip will be sore for the next few days.

It will take a few days to get the test results. Obviously, I hope that I don’t have cancer. But after all this testing, what I really hope is that I can complete my donation scheduled for next Wednesday.

For more information on becoming a kidney donor, see my Kidney donor guide.

[Update1: Today (June 25), I receive a phone call from Elizabeth Kendrick, the transplant nephrologist. The biopsy results are not available yet. There isn’t enough time for a review, so my donor surgery has been postponed. See Jul 7 blog post for more details.]

[Update2: Added summary table.]

This is a continuation of yesterday’s blog post on BP’s culture of risk.

The cause of the recent accident on the Deepwater Horizon and resulting Macondo oil spill are still under investigation, but it appears there was no single failure. Instead there was a chain of decisions and events like the one described in the previous blog post for the Ixtoc I oil spill. Some details have been revealed by congressional investigators. The Wall St. J. has reproduced the letter addressed to BP’s chairman from the House Committee on Energy and Commerce. Yesterday’s New York Times has an excellent long article on design weaknesses of blowout preventers.

I won’t speculate about the exact decisions that led to the accident on the Deepwater Horizon rig. I presume that a lot of work went into the design and specification of the equipment, materials, and processes. However, the main contributor to the accident may have been a culture at BP that encouraged engineers to engage in risk creep, to ignore the impact of low probability, high cost events, and reward overconfidence. I will discuss these in detail in the next sections.

BP has a reputation of taking on expensive, high-risk engineering projects. It was a participant in the construction of the Trans-Alaska Pipeline, it invests in Russia and Kyrgyzstan, and it was the lead developer of the Thunder Horse PDQ platform, the world’s largest and most expensive offshore platform, which nearly sank after its commissioning in 2005. BP has an explicit strategy of seeking the biggest oil fields in the Gulf of Mexico, even if it means drilling in deep waters far from shore.


Thunder Horse platform. Photo from Wikipedia

Nothing attracts top engineering talent like big challenges and an opportunity to work on high-profile, big budget projects. BP provided plenty of that with its Gulf Coast projects. The ability to handle the low temperatures and high pressures at the bottom of the gulf combined with ability to accurately guide the drill bit at extreme depths are amazing technical achievements. But it can also lead to cost overruns and schedule slips. When combined with the pressure to meet budgets and deadlines, it can lead to accidents.

Allowing risk creep

Good engineering practice requires that designs outside the known limits (called the design envelope) be done as experiments, preferably in a laboratory setting, preferably by PhDs who have extensive knowledge of the phenomena being studied, and that lots of data be collected so that the design can be standardized and repeated with confidence. That is, you want to get to the point that the design is easy to replicate and if you don’t make any avoidable mistakes, it works. However, this doesn’t appear to be what happened in the evolution of deepwater oil drilling. Instead, engineers built deeper, more complex wells without testing their designs adequately prior to implementation.

There are four factors that lead to risk creep. First, long periods of “safe” operation reinforces the belief that the current practices and designs are sufficient. Guess how many wells were drilled offshore in the Gulf of Mexico since the Ixtoc I accident in 1979? How about 50, or 200, or even 1,000? Not even close, try over 20,000. There have been 22 blowouts. But not all wells are the same; the newer wells are deeper, with colder temperatures and higher pressures. Overcoming the belief that long stretches with few accidents mean everything is well understood and under control is really hard, especially as firms compete with each other to meet production targets and minimize costs.

Second, very little time is spent on reflection of past failures. Failures don’t just mean accidents. For every well blowout, there are thousands of near-miss incidents where dangerous unexpected kicks or casing damage occurred. Most engineers consider it a burden to conduct safety reviews, file incident reports, and attend project post-mortems. Time spent doing this is less time spent on new projects. But reviews allow engineers to see trends. They also can help encourage more of the behaviors that led to good results and eliminate those that caused problems.

Third, engineers may believe that extrapolating current designs to new conditions don’t require peer review. Nobody likes to have their work reviewed by outsiders. And managers don’t want to spend the time and money to do it. Unless lots of effort is made, it becomes hard to get into the practice. Similarly, when time sensitive decisions must be made, it is easier to forge ahead with the current plan (or a quickly improvised new plan) than to stop and consider alternatives.

Finally, the risk may be growing so slowly that nobody who works in the field day-to-day notices that the process is actually out of control.

Ignoring rare events

In his book, The Black Swan: The Impact of the Improbable, Nassim Nicholas Taleb points out that humans are prone to two deceptions. First, we think that chaotic events have a pattern to them. That is, we believe that the best way to predict the future is to look at the recent past. Second, we underestimate the importance of rare events. In fact, we believe that rare events are not worth planning for since they are too infrequent to care about. Tony Hayward, the CEO of BP called the Macondo oil spill a one-in-a-million event. (It wasn’t, it is closer to 1 in 1,000.) But even if it were, the enormous consequences means that there is no excuse for not including it in planning at the top levels of the company.

BlackSwan     Image from Amazon

Rewarding overconfidence

As I mentioned earlier, engineers (and many other professionals) are rewarded for being confident in their projections. Managers select projects based on how confident they are about the chance of success. And they are influenced by the confidence of the engineer proposing the project. So everyone learns to speak with more confidence than is safe.

However, overconfidence doesn’t require an external reward. For example, I believe that I am a better than the average driver. I believe I can navigate icy roads safely, and can handle any emergency situation. Everyone believes this. When I first get on an icy road, I drive slowly until several drivers pass me. Then I speed up to match the speed of the other drivers and start passing other cars myself. I know I shouldn’t do this, but I do it anyway. I haven’t been in an accident, so that reinforces my behavior. Similarly, every time I get into my car I don’t explicitly consider the chance that I might kill someone. But I should. And I should be reminded of my fallibilities and the dangers every few minutes, lest my attention wander. I should drive every second as if someone will, not just could, die every time I make a mistake.

Proposals for reducing risk

The solution to oil spills is not to stop drilling offshore because the technology is inherently unreliable and unsafe as some writers recommend. Rather, it is to assume that equipment can fail, that hurricanes will strike, that unexpected rock formations exist, that mistakes in selecting the right mud will be made, and pressure to meet schedules and budgets exist, and then design the mitigation for each.

First, engineers need to admit that they are running experiments whenever they are designing and building something that is even slightly beyond the scope of an existing project. Once engineers admit that what they are doing is an experiment, not just following a recipe in a cookbook, they will be more cognizant of the need to consider the risk, examine alternative methods, take care when collecting data, and to spend more time analyzing the data after the end of the project. Managers also need to consider each project an experiment and remember that experiments can fail. They must be willing to nurture calculated risk taking. They must also be willing accept the cost of mitigation (or the cost of the consequences). It appears that BPs managers failed at this.

Second, engineers need to be more open about their work. In other fields like physical science and medicine, researchers are encouraged to disclose the results of their work and solicit peer review. Engineers rarely publish their findings, for two reasons. First, they are not paid to. Second, nearly all of their work is considered proprietary by management. Even work that would benefit the industry as a whole, like new safety ideas or techniques to protect the environment are often hidden from competitors. The government needs to encourage or enforce sharing of safety data, require public reporting of near-miss incidents, and set standards for best practices. Currently, the government relies too heavily on industry expertise. To adequately police industry, the government needs to start hiring engineers as regulators, recruiting at top universities, paying competitive salaries, and conducting its own research.

Unfortunately, I don’t have high hopes that government regulators, investors, and managers learn the correct lessons from the Macondo oil spill. Rather than looking at the systemic causes of accidents, we will ban offshore drilling for a few months to assuage the public. Then regulators will write new rules like requiring acoustic transducers that shows they are getting tough and reforming the industry. But they won’t do anything that actually encourages critical thinking or processes that channel engineers to do the right thing. Then once the public outcry dies down, new technology, risk creep, and overconfidence will return. But it will be invisible until the next accident happens and we are all left wondering again how something awful like that could happen in America.

[Update1: On June 22, a federal judge issued an injunction that struck down the Obama administration’s six-month offshore drilling ban. The Justice Department is preparing an appeal.]

[Update2: I just noticed a really eerie coincidence. In the sixth paragraph, there is a hyperlink to a report that provides the counts of total offshore oil wells and blowouts. The report is dated April 20, 2010, the same day of the Deepwater Horizon accident.]

[Update3: There is a recent AP story that points to some of the same human errors as this blog post.]