[TallGuyShort]

No what I'm saying is with enough people, even if you authenticate everyone, one of them will violate confidentiality anyway. I've been in meetings where there was no teleconferencing of any kind, but sure enough the decision was leaked before being official anyway. As you get more an more people (or as you get enough people that the above solutions are considered unscalable) that approaches inevitability.

[mmt]

Do you happen to know if there are any published studies on this? I'd find it particularly interesting how well this number (curve) correlates with Dunbar's Number.

[TallGuyShort]

I don't. Hadn't even heard of Dunbar's Number and had to Google it :) I would imagine, though this is pure speculation, that it's highly variable and hard to measure accurately since most leaks are hard to pinpoint. Probably depends on company culture, nature of the deal, etc. I just think that if you're at the scale that verbally confirming who has dialed in via insecure means is unscalable, you're likely enough to be past this limit that you should be taking other countermeasures anyway.

[mmt]

> hard to measure accurately since most leaks are hard to pinpoint.

Pinpointing the source isn't necessary, though, only knowing that the leak occurred and the approximate number of people "in on it". Even limiting this to leaks to the media for information shared at company meetings (so the number of people is equal to the number of employees) could provide interesting data, assuming a large enough sample size (and that leaks are numerous enough).