That's not what I want from my government.
--edit-- I also didn't make any suggestions, I would have accepted a reasonable explanation of the legal and technological measures that were in place to protect my data from rampant proliferation through US corporate and government systems.
Instead I got (and this is a direct quote) "We don't allow Google to use or share our analytics data.", and a zendesk reference number. Fobbed off, basically.
And with the zendesk link, now my actual communication with a UK government team is being processed in the bay area.
This is unacceptable.
--edit 2-- Somehow other large UK web-based institutions manage without GA as well. The BBC for instance. Perhaps they could talk to each other.
Before you start the lynch mob, ask yourself this: what on earth can one do with non-person-identifiable data stored on a server?
"Next on BBC - Terrorist organisation finds out too many British people forget to update their MOTs"
That's not what I want from my government.
Be very very fortunate you can even get a somewhat usable site, much less a very user friendly site. There are citizens of the other nations that would kill for easier access to public information.
How do we know it's non-person-identifiable? It's certainly clear that the analytics data comes from a set IP address, and when correlated with all the other data that big G collect from all over the web, who knows what can come out of it.
>> Be very very fortunate you can even get a somewhat usable site, much less a very user friendly site.
1. It's not just an information site. 2. Why should Google (and by extension the US government) be informed that I'm looking up (for instance) legal advice, business law or anything else?
Again, this is my interactions with my government being published to another nation.
--edit-- removed accusations of laziness, I'm sure the gov.uk folks aren't that.
I think that before Snowden most people, myself included, would have thought not using google analytics for the above reasons was paranoia.
Now, I think that all digital data should be treated as public and until we change the law to have a public / private demarcation, we need to accept it and deal.
(I see this as a pollution issue, until we get a clean air act, everyone will walk around with cloths across their mouths)
edit: little less troll like:
We have no framework for digital privacy, and until we see an emergent consensus there will not be one. Here, on this site, we have informed, reasonable people disagree on fundamental definitions of online privacy. So the first step here is to ask, "privacy in the US is based on two things, actions in ones own home are protected by default, and written communications between yourself and others are protected, and publishing is an explicit act"
What do those things now mean in a world of mobile phones, internet and metadata?
We have no framework for digital privacy, and until we see an emergent consensus there will not be one.
Here, on this site, we have informed, reasonable people disagree on fundamental definitions of online privacy.
I am unsure where to begin.
Pretending it's a non-issue and not addressing concerns AND then using an overseas helpdesk service, such that now not only are analytics being sent to the US, but actual communication between a UK citizen and the UK government.
But particularly the latter half.
>> I think that before Snowden most people, myself included, would have thought not using google analytics for the above reasons was paranoia.
Most people haven't been paying much attention then.
>>Now, I think that all digital data should be treated as public and until we change the law to have a public / private demarcation, we need to accept it and deal.
Cool, if that's your attitude to this. Some of us would prefer to prevent our government being complicit wherever possible. They may already be in breech of various regulations and I do intend to be in contact with the ICO soon.
We already have data protection frameworks in the UK and at the EU level. I would like to see them adhered to in spirit, and I would also like to know that someone involved in the gov.uk has at least given this a moment's thought.
Personally, as someone who left the UK in the 90's for silicon valley, I'm blown away that the UK government has even heard of the internet, let alone built a decent digital service.
Google analytics for a publicly facing government website is akin to someone watching you walk physically into a public municipality.
I'm glad you're happy to publish all the details of your interactions with government services to an advertising company in another country with far less in the way of data protection law.
I'm not.
Actually it's not even equivalent then. It's more like them recording the conversation you have with the public services folk. And you haven't actually gone there, just called on the phone.
As a proportion of the whole development cost, using either an EU based analytics service or in-house server shouldn't really be significant.
But even before that I'd like to have some indication that someone has actually thought about what they're doing, rather than just stuffed in GA because that's what you do in the private sector.
Or are you saying instead that you should impose your own personal choice on everyone else?
Just because I know how to block analytics doesn't mean everyone else has a clue they even exist, nor that we should allow our government to export data about us in this way.
My view is that the spirit of the law needs to be codified for a new world, and it is healthier to have that clear (and so open for debate) than to say someone is violating my idea of what the law should be.,
My starter for 10:
* Privacy is merely a politeness, and does not actually "exist". The expectations of privacy are the expectation for data to not be exploited without our consent.
* All digital communications and associated metadata are made in a public domain, and should have very limited expectations of privacy.
* If digital communication is encrypted, or marked as anonymous, then it should be legally viewed as having an expectatin of privacy and similar penalties applied for interfering with that as with post.
* Any monitoring of digital activity that can be linked to an individual human must be publically acknowledged by the monitoring organisation and the data released / published unless the individual has given consent for identifying data to be stored and processed to that organisation.
Its a thought in progress.
This is where we depart. Just because it is a public network does not mean that people somehow naturally consent to monitoring by anyone and everyone, nor that they should have to consent to this stuff. The telephone network is a good example of public and private infrastructure in which one still has the expectation of privacy.
>> If digital communication is encrypted, or marked as anonymous
And what if someone, mostly without notifying us, loads a script into our browser that tracks everything we do and reports back to mother?
This is not a case of people marking data private, nor is it 'digital communication' this is intrusion.
Why should we accept that the government will report everything about it's own citizens to anyone they feel like?
Because it makes it easier for a few web developers? Is that really a good enough reason?
This is where I'm really failing to understand your logic. Your activity is very different from what you converse. If I fill out a web form and that data gets logged, fine, I can see how privacy may be an issue. Unless someone can correct me, Google analytics does not have that capability, it only tracks how you navigate.
If I walk around a public library and check out 6 books and someone follows me around watching me look at 6 books, then again I ask "so what?"
Amazon
Google (and any service under it)
eBay
?
None of them, however, is the UK government unnecessarily leaking details of my interactions across borders.
>> If I walk around a public library and check out 6 books and someone follows me around watching me look at 6 books, then again I ask "so what?"
They compile a dossier on you, including everything you read, all of the shops you go to, food you like. They sell this data to whoever wants it and leak it out the back door to overseas government agencies.
But I guess you've nothing to hide from anyone eh? Good for you.
But that's the point I think he's trying to make: Why is this an issue? If I open up a page on the site that say tells me what the VAT rate is and that gets timestamped and sent to google, why should it matter?
The site is purely for information. They could - as you say - get wind of the fact that I want to apply for a new passport. So what? That (at least in my mind) isn't a privacy issue.
Well, not really, it directs you to portals for various services.
>> They could - as you say - get wind of the fact that I want to apply for a new passport. So what? That (at least in my mind) isn't a privacy issue.
I think it is and I would be upset about (for instance) my library browsing habits being supplied to people as well, particularly if they were based in places with far less in the way of data protection law.
You may as well say "Why would anyone care about PRISM? Who cares who knows I call my mom every week?", yet it's the biggest story around at the moment.
The fact is that the web is not anonymous in its nature. If I browse to a random site I've never heard of, how do I know they aren't using a third party image? If they are, then my IP/Location will be broadcast to that third party.
Well I think they probably have a tremendous budget, and a variety of FOSS or third party (but running in-house) solutions have been mentioned in comments here, that could likely do the job.
>> The fact is that the web is not anonymous in its nature.
It's not really about anonymity though, it's about who the government is (deliberately) sharing data with or leaking data too. I'm not asking for anonymity in who I intend to interact with (UK government services), I'm asking them to think about who they share that data with.
>> If I browse to a random site I've never heard of, how do I know they aren't using a third party image? If they are, then my IP/Location will be broadcast to that third party.
When it is a page run by one's own government, one can have different expectations and even ask for things to be changed not to leak such data. Or at least ask if they've thought about it.
However this is also why I tend to block things like social media buttons, I have no desire for FB or Google to be informed every time I read ... well just about anything online these days.