
Government Digital Service Design Principles - obilgic
http://www.gov.uk/designprinciples
======
Nursie
If anyone from gov.uk is reading this, do you fancy answering the question I
posed when the site was launched but never received an adequate answer to?

Why does gov.uk, a site all about allowing the British public to interact with
the British government, use google analytics?

You are shipping all the data about all my interactions with my government off
to a third party in another country. Another country that we know has not got
the same legal data protection requirements, and one which has now been
exposed as having massive internal spying problems.

And no, telling me "google aren't allowed to use the data" and then opening an
outsourced helpdesk ticket with another US based company does not cut it.

~~~
_mulder_
Unfortunately it's attitudes like this that usually end up making Government
projects so eye-wateringly expensive.

Assuming they listen to your suggestion and act on it as you suggest, it seems
the only option open to them is to design their own in-house (In UK for that
matter) version of Google Analytics to do their own analysis. Regardless of
the cost and time this would add to the project, it's unlikely that it would
be anywhere as good as Google's offering.

The other, more likely, option would be to decide it's too expensive to
implement a different, more complicated, solution; so they don't bother. They
don't get the feedback and analysis on how to improve their services and the
customer experience declines until you're back where you started with a poorly
designed product offering hard-to-find information and people are posting
angry comments on HackerNews about how bad gov.uk is and how they would never
run a start-up like that... I'm almost certain someone would say "Why don't
they use google analytics to improve things, like everyone else".

Instead, we need to be applauding a massive operation like Gov.uk for taking a
dose of reality and thinking, "we're not doing anything amazingly special
here, we're providing people with a quick way to check their council tax, or
bin collection dates, or maybe pay their car tax. let's just get the job done
as best we can."

~~~
Nursie
I'm sorry what? F*ck privacy, this way is more expedient? Is that what you're
saying in effect?

That's not what I want from my government.

\--edit-- I also didn't make any suggestions, I would have accepted a
reasonable explanation of the legal and technological measures that were in
place to protect my data from rampant proliferation through US corporate and
government systems.

Instead I got (and this is a direct quote) "We don't allow Google to use or
share our analytics data.", and a zendesk reference number. Fobbed off,
basically.

And with the zendesk link, now my actual communication with a UK government
team is being processed in the bay area.

This is unacceptable.

\--edit 2-- Somehow other large UK web-based institutions manage without GA as
well. The BBC for instance. Perhaps they could talk to each other.

~~~
mbesto
_This is unacceptable._

Before you start the lynch mob, ask yourself this: what on earth can one do
with non-person-identifiable data stored on a server?

"Next on BBC - Terrorist organisation finds out too many British people forget
to update their MOTs"

 _That 's not what I want from my government._

Be very very fortunate you can even get a somewhat usable site, much less a
very user friendly site. There are citizens of the other nations that would
kill for easier access to public information.

~~~
sp332
Of course it's personally identifiable. AOL
[https://en.wikipedia.org/wiki/AOL_search_data_leak](https://en.wikipedia.org/wiki/AOL_search_data_leak)
and more recently Netflix
[http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf](http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf)
tried to anonymize datasets and failed. With a website, you can geo-locate the
IP, cross-reference with timestamps, and probably ID more than half the users.
Someone tested how hard it is: [http://web.mit.edu/newsoffice/2013/de-
anonymize-cellphone-da...](http://web.mit.edu/newsoffice/2013/de-anonymize-
cellphone-data-0327.html) With 4 location datapoints + timestamps, you can
differentiate 95% of people.

~~~
mbesto
But if they identify that "Jim English" has visited the MOT description
website 10 times in the last month...so what?

Google analytics for a publicly facing government website is akin to someone
watching you walk physically into a public municipality.

~~~
Nursie
Someone in another country, not subject to the same laws about how that sort
of data is collected and used.

Actually it's not even equivalent then. It's more like them recording the
conversation you have with the public services folk. And you haven't actually
gone there, just called on the phone.

~~~
mbesto
_recording the conversation_

This is where I'm really failing to understand your logic. Your activity is
very different from what you converse. If I fill out a web form and that data
gets logged, fine, I can see how privacy may be an issue. Unless someone can
correct me, Google analytics does not have that capability, it only tracks how
you navigate.

If I walk around a public library and check out 6 books and someone follows me
around watching me look at 6 books, then again I ask "so what?"

~~~
Nursie
In the largely broken analogy, you might phone the DVLA, ask to speak to a
certain department (driver licenses, vehicle tax), then perform a specific
task (apply for a new license). This maps to your navigation around the pages.
Previously you would not really expect a third party in another country to be
informed you were doing this, and I don't think it's necessary now.

>> If I walk around a public library and check out 6 books and someone follows
me around watching me look at 6 books, then again I ask "so what?"

They compile a dossier on you, including everything you read, all of the shops
you go to, food you like. They sell this data to whoever wants it and leak it
out the back door to overseas government agencies.

But I guess you've nothing to hide from anyone eh? Good for you.

~~~
andyhmltn
>In the largely broken analogy, you might phone the DVLA, ask to speak to a
certain department (driver licenses, vehicle tax), then perform a specific
task (apply for a new license). This maps to your navigation around the pages.
Previously you would not really expect a third party in another country to be
informed you were doing this, and I don't think it's necessary now.

But that's the point I think he's trying to make: Why is this an issue? If I
open up a page on the site that say tells me what the VAT rate is and that
gets timestamped and sent to google, why should it matter?

The site is purely for information. They could - as you say - get wind of the
fact that I want to apply for a new passport. So what? That (at least in my
mind) isn't a privacy issue.

~~~
Nursie
>> The site is purely for information.

Well, not really, it directs you to portals for various services.

>> They could - as you say - get wind of the fact that I want to apply for a
new passport. So what? That (at least in my mind) isn't a privacy issue.

I think it is and I would be upset about (for instance) my library browsing
habits being supplied to people as well, particularly if they were based in
places with far less in the way of data protection law.

You may as well say "Why would anyone care about PRISM? Who cares who knows I
call my mom every week?", yet it's the biggest story around at the moment.

~~~
andyhmltn
I certainly understand where you are coming from, I just think that the issue
of having this data supplied to Google isn't really that important to warrant
spending a tremendous amount of the budget to do an in house system.

The fact is that the web is not anonymous in its nature. If I browse to a
random site I've never heard of, how do I know they aren't using a third party
image? If they are, then my IP/Location will be broadcast to that third party.

~~~
Nursie
>> I just think that the issue of having this data supplied to Google isn't
really that important to warrant spending a tremendous amount of the budget to
do an in house system.

Well I think they probably have a tremendous budget, and a variety of FOSS or
third party (but running in-house) solutions have been mentioned in comments
here, that could likely do the job.

>> The fact is that the web is not anonymous in its nature.

It's not really about anonymity though, it's about who the government is
(deliberately) sharing data with or leaking data too. I'm not asking for
anonymity in who I intend to interact with (UK government services), I'm
asking them to think about who they share that data with.

>> If I browse to a random site I've never heard of, how do I know they aren't
using a third party image? If they are, then my IP/Location will be broadcast
to that third party.

When it is a page run by one's own government, one can have different
expectations and even ask for things to be changed not to leak such data. Or
at least ask if they've thought about it.

However this is also why I tend to block things like social media buttons, I
have no desire for FB or Google to be informed every time I read ... well just
about anything online these days.

------
ed_blackburn
_Massive kudos_ to whoever it is in a position of authority, be a politician
or a senior civil servant for allowing a modern dev team to grow and cultivate
a culture that works. Too many people in authority are motivated by fear of
failure, blame apportioning and self-interest meaning their aversion to risk
is so high, nothing happens, so nothing goes wrong.

I really hope that because this is associated with the cabinet office other
teams elsewhere in govt. can draw encouragement from this team and use it as
an example.

Excellent to see the source open and hosted on github. Such code is rarely
made publicly despite it not being confidential.

Will the govt. sit up and notice that small focused team with a remit can
deliver. Or will the next system change mean a complicated procurment process
for a large consultancy who will hive the work off shore to the cheapest sub-
contractor and deliver nothing but spend millions of tax payers pounds.

~~~
lifeisstillgood
@liammax and @MTBracken (twitter) are "UK CTO" and director GDS, and currently
the leading lights in this one.

One thing to note is the Open Source software, in guidance handed to all
government departments, should be _preferred_ over proprietary software. (link
in here somewhere
[http://www.oss4gov.org/policy_activism](http://www.oss4gov.org/policy_activism))

In addition the "G-Cloud" \- a online catalog of pre-vetted service providers,
has 80% SMEs on it and a govt buyer can simply _sign up online for a Saas
service there and then with a govt credit card, legally_

I feel that Open Source in government will have serious network effects
globally, so getting this right now for the UK could lead to a very long tail
/ virtuous circle for UK devs in the future.

------
rmoriz
Awesome stuff which makes me sad: Here in Germany OpenData and Open Government
is really bad.

The government started an initiative, later backed out in nearly every aspect
of "openness" and hired some Fraunhofer FOKUS people (federal research
institute) do code something.

They used a huge JEE app-server as foundation for their work, have not a
single test and neither a documentation. When they launched a couple of months
ago, their production server went down for 2 days besides their research in
"cloud computing" which does Fraunhofer as well. (=>
[https://govdata.de](https://govdata.de) sources at
[https://github.com/fraunhoferfokus/opendata-
platform](https://github.com/fraunhoferfokus/opendata-platform))

So, congrats to UK. You're doing it right. Please continue this work and put
more stress on incompetent and lazy political actors and "research factories"
in other countries, e.g. Germany.

~~~
UK-AL
Java EE servers run some of biggest throughput web services in the world. But
your saying its a bad choice?

~~~
lifeisstillgood
J2EE ecosystem and the Open Source ecosystems have little overlap - if that is
your first choice, it is likely your sympathies for all other decisions,
technical, methodological and organisational, will not be in line with common
practise in the OSS world.

In other words, they hired the wrong guys.

Liam Maxwell and folks at GDS are hitting all the right notes so far.

------
weego
Having worked close to the department for education in the past it's
refreshing to see a strategy that was implemented by employing smart people
and giving them enough rope to actually do what was needed, rather than
outsourcing to one of big suppliers (the DfE has been far too close to Capita
over the last decade or so) and letting them bleed the pot dry with project
management and consultancy fees (at one Capita run front-line strategy project
that shut down not so many years ago the developers were allowed to quit as
full time employees and instantly start back as contractors earning roughly
three times as much).

I wonder if it's a coincidence that this project appears to be blossoming
while almost every large project I saw that was outsource either massively
underachieved or was just buried after huge loses (schoolsweb for example).

~~~
buro9
I've been part of a large consulting bid for work, and part of the team that
executed it. It was horrible.

We were bought in because we knew how to do something, but we won the bid
because we simply could do it cheaper than anyone else.

Where it went wrong though, was that even though we knew what to do, once
engaged the client insisted on how it would be done and meddled with every
part of it.

And the next big failure was our part... our project management team let the
client change the requirements frequently even though we told them in no
uncertain terms that we were moving from the stated goal and that what was now
being asked would not work.

The project management team expanded to deal with the stream of change
requests and meddling, and the devs got bogged down with change requests
rather than actually driving the project to the project goals.

Finally the project ran out of cash, and what was delivered fitted no-ones
needs. It was horrible.

I think the greatest thing that the gov.uk team have been able to achieve is
finding the ability to say no when it needed to be said, and to dictate how it
should be done right rather than permitting meddling.

It's no surprise that #1 is "Start with needs", and it's less of a surprise
that they've had to clarify this is the end user's needs and not the needs of
anyone in government.

~~~
Periodic
It's agonizing to me that some of these government bids (my experience is in
the US state of California) are required to take the lowest bid that meets the
requirements unless they can clearly justify using a more expensive one. Of
course, if they put out a general request they would end up with a terrible
product, so they tailor their request to the company they want to hire.

Even then, the companies aren't really rewarded for doing a good job. They're
rewarded for doing a minimal job that barely meets the requirements and using
as much money as they can.

~~~
dragonwriter
In my experience in the State of California -- mostly from the government side
-- the rule is that there are, for each contract put to bid, rating factors
and criteria established upfront and you must hire the contractor that scores
the highest on those rating factors. That's not usually equivalent to taking
the lowest bid.

That being said, this:

> Even then, the companies aren't really rewarded for doing a good job.
> They're rewarded for doing a minimal job that barely meets the requirements
> and using as much money as they can.

...is certainly an issue, especially, as is often the case, where
reimbursement is based on hours and the contract amount is a limit, so that
the incentive is to assure that as many hours are consumed as possible up to
the limit.

------
tehwalrus
_" while it’s right we should provide information about VAT it’s not necessary
for us to provide information about keeping bees
[http://webarchive.nationalarchives.gov.uk/20121015000000/www...](http://webarchive.nationalarchives.gov.uk/20121015000000/www.direct.gov.uk/en/Environmentandgreenerliving/Smallholders/DG_179478)
"_

LOL, I've heard some bad stuff about the OneGov team, but this is great.

------
nemesisj
These guys are doing an incredible job. Liam Maxwell is smart and has a
background in startups. I got the privilege of listening to him speak a couple
months ago. Wrote up the experience here:
[http://peebs.org/2013/03/29/evening-united-kingdom-
cto/](http://peebs.org/2013/03/29/evening-united-kingdom-cto/)

------
neilkimmett
Obligatory link to the moronic Daily Mail article about gov.uk:

 _" And the award goes to boring.com! Government website beats off 100 others
to be named world's best design"
[http://www.dailymail.co.uk/news/article-2310191/And-award-
go...](http://www.dailymail.co.uk/news/article-2310191/And-award-goes-boring-
com-Government-website-beats-100-named-worlds-best-design.html) _

------
shaydoc
This gov.uk work is good, real good. Consistent layout, and good search which
is most important.

Thoroughly good digital service, especially like the API for sharing content.

------
sevenproxies
Related link about some of the technologies used on gov.uk.

[http://digital.cabinetoffice.gov.uk/govuk-launch-
colophon/](http://digital.cabinetoffice.gov.uk/govuk-launch-colophon/)

------
estebank
Previous discussion:

[https://news.ycombinator.com/item?id=3811052](https://news.ycombinator.com/item?id=3811052)

------
widdershins
Been exploring the gov.uk site, and I'm very very impressed. Unlike the
Manchester.gov site[1], there's an excellent information density yet a very
lightweight feel. Maybe it's my preference for text-based designs over icon-
based ones, but I feel like I can find what I need incredibly quickly.

[1] [http://www.manchester.gov.uk](http://www.manchester.gov.uk)

~~~
robotmay
The Manchester site's still pretty decent though. Unlike
[http://cardiff.gov.uk](http://cardiff.gov.uk).

------
itneverends
This typifies the problem with the web.

This website purports to be about data. But is it? Seems like lots of rambling
about presentation of data.

A true open data initiative would start by providing an ftp link.

People can argue all day about how to present data. That's not about data.
That's about something else.

First, just give us the data. Raw. In an open format (e.g. plain text). From
there it can be massaged into a gazillion possibilities. Many people have many
different visions of those possibilities.

Open data starts with _providing the data_. Not a lecture about "principles".

First, give us the _data_. Raw. Open format.

~~~
johneth
Here's some raw data: [http://www.data.gov.uk/](http://www.data.gov.uk/)

They're working on releasing more, plus APIs, etc. It takes time.

------
mmed
Hi just read the first comment as I got to dash off. I would say - ditch
Google Anlaytics and use something open source like
[http://piwik.org](http://piwik.org)

------
piqufoh
Great idea, lets hope it catches on. Unfortunately it seems like parts have
been translated into 'trendy' \- for example

> Government should only do what only government can do.

uh, what?

~~~
anu_gupta
If you had continued to read the rest of that paragraph, you would have seen
this:

> If someone else is doing it — link to it. If we can provide resources (like
> APIs) that will help other people build things — do that. We should
> concentrate on the irreducible core.

~~~
piqufoh
I had continued reading it, and I maintain that single sentences must make (at
least logical) sense by themselves. This is marketing jargon trash, and should
not be encouraged in a web standards document!

------
bapbap
Can anyone with some knowledge of the GDS explain how they seem to be doing
such a good job? It just seems impossible that someone somewhere in Government
got something right for a change and brought this team in and let them get on
with it.

\- I know Government projects get a lot of flak, rightly or wrongly but they
always seemed to be awarded to companies like Capgemini who would spend £100's
of millions achieving much less. I could be wrong.

~~~
glomph
They have been allowed to just link to the old government websites for lots of
things so they didn't have to create a feature complete drop in for the old
site(s). I think this has made it much easier easy to make a nice looking
site.

------
edbloom
I'm not connected with anyone who works on gov.uk but I've been a huge fan of
what is going on over there for some time. In my view it is without a shadow
of a doubt the best digital government team in the world. They've assembled a
massively talented team who are knocking it out of the park week after week.
It's rare to see this anywhere never mind a bloody government agency!

well done folks - you're leading the world!

------
andyhmltn
It's nice to see a government organisation actually taking design seriously
for once. I imagine (having never worked in that kind of environment) that
stuff like design committees and massive processes to get small tweaks through
can't be that nice.

------
ngcazz
Gov.uk is an excellent example to follow in e-government. Here in Portugal the
last few years we've had great advances in it, but what we got is still
laughably bad in comparison to this.

------
jot
More like these here:
[http://principles.adactio.com/](http://principles.adactio.com/)

------
cheery
What.. Are these government sites? Those do not look like such as they are too
clean and positive. Are you sure they're just not a victim of very stylish
hacker?

~~~
jackfranklin
They are indeed Government sites! GOV.UK itself is looked after by the
Government Digital Service (GDS). A brief history is available on the GDS
blog:
[http://digital.cabinetoffice.gov.uk/about/](http://digital.cabinetoffice.gov.uk/about/).
It's also different in that it's coded in the open. Most of the code behind
GOV.UK is on public Github repositories:
[https://github.com/alphagov](https://github.com/alphagov).

~~~
jackfranklin
As another example, the app behind what powers the Design Principles, which is
what this post links to, is here: [https://github.com/alphagov/design-
principles](https://github.com/alphagov/design-principles).

