[TallGuyShort]

To use calculus as an analogy, as the number of people in your meeting approaches infinity, the confidentiality of that meeting approaches 0 anyway. You may still verify everyone's identity, but someone is going to be leaking enough information that it's close enough to just having a lurker who shouldn't be there.

[bigiain]

A more cynical person might suggest the limit is approached as the number of participants approaches two...

"Three may keep a secret if two of them are dead." -- Benjamin Franklin

[mLuby]

Could add breaks where key information is given that's slightly different for each participant.

Mole-Hunter-As-A-Service™

[redler]

How about a security feature designed by old computer game aficionados? Every fifteen minutes there's an enforced break. Hold music begins playing. After a moment the music fades and a synthesized voice says "Turn to page...23...of your employee manual. In the...third...paragraph, note the...first...word. Enter the first three letters of that word using the keys on your touchtone phone, and you will rejoin the meeting."

[felipelemos]

Unless you can ensure that everyone on the meeting is an authenticated user or was a approved to join by one.

[TallGuyShort]

No what I'm saying is with enough people, even if you authenticate everyone, one of them will violate confidentiality anyway. I've been in meetings where there was no teleconferencing of any kind, but sure enough the decision was leaked before being official anyway. As you get more an more people (or as you get enough people that the above solutions are considered unscalable) that approaches inevitability.

[mmt]

Do you happen to know if there are any published studies on this? I'd find it particularly interesting how well this number (curve) correlates with Dunbar's Number.

[TallGuyShort]

I don't. Hadn't even heard of Dunbar's Number and had to Google it :) I would imagine, though this is pure speculation, that it's highly variable and hard to measure accurately since most leaks are hard to pinpoint. Probably depends on company culture, nature of the deal, etc. I just think that if you're at the scale that verbally confirming who has dialed in via insecure means is unscalable, you're likely enough to be past this limit that you should be taking other countermeasures anyway.

[mmt]

> hard to measure accurately since most leaks are hard to pinpoint.

Pinpointing the source isn't necessary, though, only knowing that the leak occurred and the approximate number of people "in on it". Even limiting this to leaks to the media for information shared at company meetings (so the number of people is equal to the number of employees) could provide interesting data, assuming a large enough sample size (and that leaks are numerous enough).