“They could use their existing email addresses, but it would be a way to enforce organizational security,” he explains. Using one email system for day-to-day work and another one for sensitive material isn’t really a good plan. For one thing, you never really know when a conversation is going to suddenly require extra layers of security; for another, switching over can raise a red flag.

“Particularly in more repressive contexts, if you use ‘security’ when you need it, we know from a bunch of evidence that it makes you stand out, and it makes those particular messages stand out,” says Sparrow. “Our goal with everything we do is to figure out some way to trick and cajole and entice people into using a more secure system all the time.”

If you'd like to help CJR and win a chance at one of 10 free print subscriptions, take a brief survey for us here.

Lauren Kirchner is a freelance writer covering digital security for CJR. Find her on Twitter at @lkirchner