On the one-year anniversary of Edward Snowden's first NSA document leaks, Bahaa Nasr spent the day in Beirut, teaching a roomful of Middle East activists how to thwart the kind of government-backed spying that Snowden so shockingly exposed.

As a project manager for the Institute for War & Peace Reporting's Cyberarabs project, Nasr's job is to keep journalists and activists safe from snoops. Since 2010, he has taught more than 400 activists the ins and outs of digital security, how to use a virtual private network and the TOR anonymous browser, how to avoid getting hacked, how to recover files, how to properly delete files, and how to encrypt them so that they can be shared outside of the prying eyes of governments.

>You can't easily encrypt documents using the net's biggest file sharing services, including those from Google, Microsoft, and Dropbox.

There are so many security tools he and his students can use to guard themselves against NSA and other government snoops, who have ways of accessing so many parts of the internet. But Nasr says there's a big hole in this toolkit. You can't easily encrypt documents using the net's biggest file sharing services, including those from Google, Microsoft, and Dropbox. And, for Nasr, this shouldn't be the case. After all, encryption is offered by so many underground file-sharing sites, including Mega, the service from swashbuckling internet entrepreneur Kim Dotcom.

Last week, Google announced that it's working on a browser plug-in that can encrypt the messages you send via Gmail and other email services so that, even if the NSA gained access to the machines running these services, it couldn't read your correspondence. Even Google itself wouldn't be able to read them. But file sharing is another matter. You still can't encrypt files using the company's documents-editing-and-sharing service Google Drive. And the same goes for many similar services. "This is something that should be done. Google should not be able to read my files. Dropbox should not be able to reach my files," Nasr says. "I don't know why they don't provide better security for the files."

Google, Dropbox and Microsoft do encrypt communications as they're moving from your computer to Google's servers. And following the NSA revelations, Google and Microsoft have also taken new steps to protect information when it's moving from between their own data centers. But for the truly paranoid, the best solutions is to use open-source software to encrypt the file on your computer before it's uploaded to Google or Microsoft's networks. That way, if someone – the NSA perhaps – compromises Google's network, it still can't read your stuff.

But doing that kind of encryption has become a little trickier of late. The folks who develop one of Nasr's go-to encryption programs, TrueCrypt, abruptly pulled the plug on their open source project a few weeks ago. Now they're warning that it's insecure. For now, he's still teaching his activists about TrueCrypt, but he's hoping for something better. That's where Google or Microsoft or Dropbox could step in with new encryption software for end users, something similar to the End-to-End code Google just released for Gmail and other web mail services.

A chart that Nasr offers his students. Services without file encryption are marked red. Image: Nasr A chart that Nasr offers his students. Services without file encryption are marked red. Image: Bahaa Nasr

Given the concerns that consumers and businesses have about the cloud, it's surprising that this hasn't already happened, particularly when you see encryption on a site like Mega. Nasr doesn't recommend Mega because of Dotcom's past troubles with the law. Dotcom launched Mega last year after the feds shuttered his previous file-sharing service, Megaupload, and charged him and his business partners with criminal copyright infringement and other crimes. But other small name sites, such as Wuala and SpiderOak, offer reliable encryption that he's comfortable with.

SpiderOak occasionally gets calls from law enforcement, requesting access to user files, but there's simply nothing that the company can do, says Ethan Oberman, the company's CEO. "Even if we wanted to betray the trust of our users, we couldn't," he says. "We don't have the encryption keys."

>'Even if we wanted to betray the trust of our users, we couldn't. We don't have the encryption keys.'

Google, Microsoft and Dropbox declined to comment for this story, but there are a few business reasons why the big vendors might want to avoid developing their own file encryption software. It's tricky to do encryption right – security experts we spoke with say that they're not convinced anyone does cloud encryption in a completely secure way. Most users don't demand it. And encryption software is notoriously hard to use.

That last point is probably the deal-breaker for most cloud providers right now. Imagine Google Drive with no search capabilities, or Dropbox with no preview. None of those features would work with encrypted files, because they'd be unreadable by Google and Dropbox's server software. And if Google doesn't have the encryption keys it can't help you out if you lose a password. If you lose your SpiderOak password, for example, you lose your documents permanently, Oberman says.

And there's a last point. Encrypted files are more expensive to store because companies like dropbox can't identify the encrypted version of a popular movie or song and store one copy of it that's shared between users. "[T]hat’s the economy of scale storage providers depend on," says Nate Lawson, a cryptography expert and the founder of SourceDNA. "They only want to store one copy of the Frozen DVD, not thousands."