“They could use their existing email addresses, but it would be a way to enforce organizational security,” he explains. Using one email system for day-to-day work and another one for sensitive material isn’t really a good plan. For one thing, you never really know when a conversation is going to suddenly require extra layers of security; for another, switching over can raise a red flag.

“Particularly in more repressive contexts, if you use ‘security’ when you need it, we know from a bunch of evidence that it makes you stand out, and it makes those particular messages stand out,” says Sparrow. “Our goal with everything we do is to figure out some way to trick and cajole and entice people into using a more secure system all the time.”

If you'd like to get email from CJR writers and editors, add your email address to our newsletter roll and we'll be in touch.

Lauren Kirchner is a freelance writer covering digital security for CJR. Find her on Twitter at @lkirchner