While the people doing the spying are already doing something ethically very questionable, the person deciding what data is collected on a webservice can still make the decision to contribute to the problem, or be vigilant about data protection.
It's not the DNS calls or phone companies that are more to worry about?
Best thing you can do is not to make use of GA in the first place, so that no such data of visitors of your websites exists in Google infrastructure.
First, it is exaggerated, which is not surprising in today's media and outrage climate. Second, things have changed since Snowden and the congressional oversight had been rolled out. Third, GA is not that valuable compared to other sources.
Your chief complaining would be better spent about how Google uses the data rather than intelligence agencies.
Also note that Google fights against overly broad intelligence / police requests and publishes data on how many they get and comply with.
