Secure Information Sharing for Coalition Operations — Privacy-Preserving AI Across Classification Boundaries

· NovaFuse Blog · All Posts

In February 2026, NATO's Defence Innovation Accelerator for the North Atlantic (DIANA) identified Secure Information Sharing as one of its priority challenge tracks. The problem statement is deceptively simple: how do allied nations share enough information to act together, without compromising the security of their individual intelligence sources and methods?

It's a question that has plagued coalition operations for decades. But the rise of AI — and specifically privacy-preserving machine learning — offers new answers. And Canada, at the intersection of NORAD, Five Eyes, and NATO, is uniquely positioned to lead.

Secure Information Sharing for Coalition Operations — Privacy-Preserving AI

The Coalition Information Problem

Every allied nation collects intelligence. Satellite imagery, signals intelligence, human intelligence, open-source data — each nation builds its own picture of the threat environment. When operating together, these pictures need to merge into a common operational view.

The traditional approach is to classify information at the highest level of any contributor. If one nation's data is SECRET and another's is TOP SECRET//SCI, the shared picture becomes TOP SECRET//SCI — accessible to fewer people, slower to distribute, and often too late to act on.

This creates a paradox: the more sensitive the intelligence, the harder it is to share, and the less useful it becomes for coalition operations.

The AI Complication

AI makes this problem both harder and more important. Machine learning models are data-hungry — they perform better with more training data. But the best training data is often the most classified. A model trained on unclassified data alone will underperform compared to one that had access to classified patterns.

The result is a tension: nations want AI systems that are both highly trained and highly secure. These goals are traditionally in conflict.

Privacy-Preserving Machine Learning

A new class of techniques — collectively called privacy-preserving machine learning (PPML) — offers a path forward. These methods allow AI models to learn from sensitive data without the data itself ever leaving its security boundary.

Federated Learning

As we explored in Blog Post #8, federated learning enables model training across distributed datasets. Each participant trains a local model on their own data, and only model updates — not raw data — are shared. The aggregated model benefits from all participants' data without any participant exposing their raw intelligence.

For coalition operations, this means a Canadian model can learn from British SIGINT patterns without ever seeing the underlying intercepts. The knowledge transfers; the data doesn't.

Homomorphic Encryption

Homomorphic encryption takes this further. It allows computations to be performed directly on encrypted data. The result, when decrypted, is identical to what you'd get from computing on the raw data — but the data is never exposed in plaintext.

For defence applications, this means a coalition AI system could process intelligence from multiple classification levels simultaneously. Each nation's data remains encrypted throughout, but the AI can still extract patterns and make predictions across the combined dataset.

Secure Multi-Party Computation

Secure multi-party computation (SMPC) is a cryptographic protocol that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. In a coalition context, this enables collaborative analysis — threat assessment, pattern-of-life analysis, anomaly detection — without any nation revealing their source data.

Privacy-Preserving Coalition AI Secure Information Sharing Across Classification Boundaries Layer 1 — Local Intelligence (Data Never Leaves) Canada SECRET / FIVE EYES United States TOP SECRET // SCI United Kingdom SECRET // STRAP Australia SECRET // AUS NZ SECRET Layer 2 — Privacy-Preserving Aggregation Federated Learning Model updates only Homomorphic Encryption Compute on encrypted data Secure Multi-Party Computation Joint analysis, private inputs Layer 3 — Coalition Insight (Shared Understanding, Protected Sources) Cross-Border Threat Patterns Visible to all nations Anomaly Detection Across Sources Correlated intelligence Coalition Decision Support Explainable recommendations NovaFuse — Secure Information Sharing for Coalition Operations

The Architecture

A privacy-preserving coalition AI system can be understood in three layers:

Layer 1 — Local Intelligence: Each nation maintains its own data and trains its own local models. No raw data crosses national boundaries. Each nation retains full sovereignty over its intelligence.

Layer 2 — Privacy-Preserving Aggregation: Model updates, encrypted computations, or secure protocol outputs are shared through a coalition aggregation layer. This layer combines insights without exposing underlying data. Cryptographic guarantees ensure that no nation can reconstruct another's raw inputs.

Layer 3 — Coalition Insight: The aggregated model provides insights that no single nation could generate alone. Threat patterns that span multiple intelligence sources become visible. Anomalies that look normal in one dataset become suspicious when viewed in the context of the coalition picture.

Why This Matters for Canada

Canada's position in the coalition intelligence ecosystem makes this particularly relevant:

The Trust Problem

The biggest barrier to privacy-preserving coalition AI isn't technical — it's trust. Nations need to trust that the cryptographic protocols actually protect their data, that the aggregation layer doesn't leak information, and that the coalition model isn't biased toward any single nation's priorities.

This is where formal verification and auditability come in. The cryptographic protocols must be open to inspection. The aggregation process must be auditable by all participants. And the coalition model's behaviour must be explainable — as we discussed in Blog Post #6 — so that operators understand why the system makes the recommendations it does.

Connecting the Threads

This post builds on several themes from the blog series:

Conclusion

Secure information sharing is the linchpin of coalition operations. Without it, allied nations operate with blind spots that adversaries can exploit. With it, the coalition becomes greater than the sum of its parts.

Privacy-preserving machine learning — federated learning, homomorphic encryption, and secure multi-party computation — offers a technically sound path from the current paradigm of "classify up and slow down" to a new model of "share insights, protect sources."

Canada, with its unique position across NORAD, Five Eyes, and NATO, and its strong academic cryptography community, has both the need and the capability to lead in this space. The question isn't whether coalition AI will adopt these techniques — it's which nations will build them first.

About NovaFuse: NovaFuse is an Ontario-based AI company specializing in multi-modal sensor fusion, federated learning, and edge AI for defence applications. We are an IDEaS CFP-006 applicant and active participant in the Canadian defence innovation ecosystem.