In February 2026, NATO's Defence Innovation Accelerator for the North Atlantic (DIANA) identified Secure Information Sharing as one of its priority challenge tracks. The problem statement is deceptively simple: how do allied nations share enough information to act together, without compromising the security of their individual intelligence sources and methods?
It's a question that has plagued coalition operations for decades. But the rise of AI — and specifically privacy-preserving machine learning — offers new answers. And Canada, at the intersection of NORAD, Five Eyes, and NATO, is uniquely positioned to lead.
The Coalition Information Problem
Every allied nation collects intelligence. Satellite imagery, signals intelligence, human intelligence, open-source data — each nation builds its own picture of the threat environment. When operating together, these pictures need to merge into a common operational view.
The traditional approach is to classify information at the highest level of any contributor. If one nation's data is SECRET and another's is TOP SECRET//SCI, the shared picture becomes TOP SECRET//SCI — accessible to fewer people, slower to distribute, and often too late to act on.
This creates a paradox: the more sensitive the intelligence, the harder it is to share, and the less useful it becomes for coalition operations.
The AI Complication
AI makes this problem both harder and more important. Machine learning models are data-hungry — they perform better with more training data. But the best training data is often the most classified. A model trained on unclassified data alone will underperform compared to one that had access to classified patterns.
The result is a tension: nations want AI systems that are both highly trained and highly secure. These goals are traditionally in conflict.
Privacy-Preserving Machine Learning
A new class of techniques — collectively called privacy-preserving machine learning (PPML) — offers a path forward. These methods allow AI models to learn from sensitive data without the data itself ever leaving its security boundary.
Federated Learning
As we explored in Blog Post #8, federated learning enables model training across distributed datasets. Each participant trains a local model on their own data, and only model updates — not raw data — are shared. The aggregated model benefits from all participants' data without any participant exposing their raw intelligence.
For coalition operations, this means a Canadian model can learn from British SIGINT patterns without ever seeing the underlying intercepts. The knowledge transfers; the data doesn't.
Homomorphic Encryption
Homomorphic encryption takes this further. It allows computations to be performed directly on encrypted data. The result, when decrypted, is identical to what you'd get from computing on the raw data — but the data is never exposed in plaintext.
For defence applications, this means a coalition AI system could process intelligence from multiple classification levels simultaneously. Each nation's data remains encrypted throughout, but the AI can still extract patterns and make predictions across the combined dataset.
Secure Multi-Party Computation
Secure multi-party computation (SMPC) is a cryptographic protocol that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. In a coalition context, this enables collaborative analysis — threat assessment, pattern-of-life analysis, anomaly detection — without any nation revealing their source data.
The Architecture
A privacy-preserving coalition AI system can be understood in three layers:
Layer 1 — Local Intelligence: Each nation maintains its own data and trains its own local models. No raw data crosses national boundaries. Each nation retains full sovereignty over its intelligence.
Layer 2 — Privacy-Preserving Aggregation: Model updates, encrypted computations, or secure protocol outputs are shared through a coalition aggregation layer. This layer combines insights without exposing underlying data. Cryptographic guarantees ensure that no nation can reconstruct another's raw inputs.
Layer 3 — Coalition Insight: The aggregated model provides insights that no single nation could generate alone. Threat patterns that span multiple intelligence sources become visible. Anomalies that look normal in one dataset become suspicious when viewed in the context of the coalition picture.
Why This Matters for Canada
Canada's position in the coalition intelligence ecosystem makes this particularly relevant:
- Five Eyes: Canada is one of five nations sharing signals intelligence at the highest levels. Privacy-preserving techniques could enable deeper collaboration within the existing framework without requiring new security agreements.
- NORAD: The binational NORAD partnership requires real-time information sharing between Canada and the United States. AI systems that can process data from both nations' classification systems would significantly enhance continental defence.
- NATO DIANA: The Secure Information Sharing challenge track is explicitly seeking solutions in this space. Canadian companies have a home-field advantage in understanding the coalition dynamics that larger nations struggle with.
- IDEaS: The "Reliable AI Sensor Fusion" challenge call emphasizes compliance-by-design — a principle that extends naturally to information security compliance.
The Trust Problem
The biggest barrier to privacy-preserving coalition AI isn't technical — it's trust. Nations need to trust that the cryptographic protocols actually protect their data, that the aggregation layer doesn't leak information, and that the coalition model isn't biased toward any single nation's priorities.
This is where formal verification and auditability come in. The cryptographic protocols must be open to inspection. The aggregation process must be auditable by all participants. And the coalition model's behaviour must be explainable — as we discussed in Blog Post #6 — so that operators understand why the system makes the recommendations it does.
Connecting the Threads
This post builds on several themes from the blog series:
- Five Eyes SIGINT (Blog #10): The federated intelligence sharing framework is a direct precursor to the coalition-wide approach described here.
- Federated Learning (Blog #8): The core training methodology extends from edge devices to national intelligence boundaries.
- Sovereign AI (Blog #7): Data sovereignty isn't just a national concern — it's a coalition concern. Privacy-preserving AI enables collaboration without compromising sovereignty.
- MDC2 (Blog #13): Multi-domain command and control requires information sharing across domains. Privacy-preserving techniques enable this sharing across classification boundaries.
Conclusion
Secure information sharing is the linchpin of coalition operations. Without it, allied nations operate with blind spots that adversaries can exploit. With it, the coalition becomes greater than the sum of its parts.
Privacy-preserving machine learning — federated learning, homomorphic encryption, and secure multi-party computation — offers a technically sound path from the current paradigm of "classify up and slow down" to a new model of "share insights, protect sources."
Canada, with its unique position across NORAD, Five Eyes, and NATO, and its strong academic cryptography community, has both the need and the capability to lead in this space. The question isn't whether coalition AI will adopt these techniques — it's which nations will build them first.
About NovaFuse: NovaFuse is an Ontario-based AI company specializing in multi-modal sensor fusion, federated learning, and edge AI for defence applications. We are an IDEaS CFP-006 applicant and active participant in the Canadian defence innovation ecosystem.