Introduction
The COVID-19 pandemic has reshaped the nexus of health and security, making their relationship more integral and their interplay more operationally acute. While this has spurred vigorous debate on high-level perspectives such as threats to “national existence” and the semantics of securitization, it has also precipitated both practical collaboration and a convergence of functions traditionally considered part of the security domain. The role of information within this nexus, in particular, has emerged as a critical dimension, with implications that extend beyond the mere inter-sectoral sharing of resources.
This collaboration, however, confronts a fundamental challenge: the “confidentiality–utility dilemma.” This concerns how the health and security sectors—each requiring high levels of confidentiality within distinct operational contexts—can achieve practical information sharing while preserving their respective independence. If left unaddressed, this dilemma risks rendering collaboration purely symbolic, violating the ethical principles of the health sector and the stringent confidentiality requirements of the security domain, and forcing governments into untenable choices: either forgoing security-sector capabilities that could materially improve early warning, attribution, and response, or deploying those capabilities in ways that erode public trust, compromise humanitarian neutrality, and fuel perceptions of “militarized health.” Ad hoc arrangements struck in the heat of crisis further risk locking in opaque practices lacking accountability. Here, confidentiality refers to the secrecy of information in both the health and security sectors. Utility, while not strictly defined, refers to the realization of public health or security gains superior to those achievable in isolation.
These concerns can be situated within a wider governance context. The COVID-19 pandemic unfolded at a moment when the limits of governance for infectious disease—both internationally and domestically—were already becoming starkly apparent. Securing effective implementation and enforcement of collective commitments in this domain has proven difficult. At the same time, the rapid emergence of large-scale, often cross-border data and artificial intelligence (AI)-supported tools for integrating them has created a new, still unsettled landscape for how relevant information can be assembled and used. Against this backdrop, the evolving relationship between health and security should not be understood merely as an opportunity to draw on additional resources or tools. Rather, it increasingly offers one of the few practical avenues through which states and international organizations can attempt to overcome the structural obstacles to enforcing policies and sustaining vigilance in the face of cross-border threats. This strategic shift, however, means that forms of dependence on security and intelligence actors may deepen in ways that are not fully anticipated. In this paper, we therefore treat the confidentiality–utility dilemma as a governance problem at the heart of this emerging interface.
The objective of this paper is not to present a fully comprehensive landscape of health and security collaboration. Rather, it foregrounds the confidentiality–utility dilemma as a critical issue for future scholarship and policy and argues that conscious institutional interventions are both necessary and effective in addressing it. The dilemma thus speaks directly to core concerns about how to manage the practical challenges of strengthening infectious disease responses amidst new scientific advancements and political imperatives. It exemplifies an ongoing, iterative process of experimentation required to navigate both the technical hurdles and the profound governance questions inherent in this evolving landscape. This analysis represents a critical step toward deepening our understanding of this complex interface.
Building on recent work on health security intelligence, this paper makes three contributions. Conceptually, it reframes the dilemma as a governance challenge driven by structural limits in global health. Empirically, it synthesizes examples from global health governance, privacy debates, and security-sector practice. Normatively and practically, it develops three managerial levers—organizational and structural interventions, tiered classification and de-identification, and joint investigations and co-analysis.
The remainder of the paper is structured into three main sections. Section 2 situates the confidentiality–utility dilemma in the changing governance landscape, illustrating how the limitations of global rule-making are driving reliance on security-sector capabilities. Section 3 analyzes the three managerial levers, synthesizing past examples and identifying how these levers can mitigate the dilemma through conscious design. Section 4 offers a combined discussion and conclusion, drawing out the broader implications for policy, practice, and research, and returning to the critical policy and theoretical implications for Politics and the Life Sciences.
To facilitate this analysis, we first clarify key terminology. The World Health Organization describes epidemic intelligence as “the systematic collection, analysis and communication of any information to detect, verify, assess and investigate events and health risks with an early warning objective” (World Health Organization, 2014). Following Warner’s classic formulation, “intelligence is secret, state activity to understand or influence foreign entities” (Warner, Reference Warner2002). In this paper, we use national security intelligence in this sense to denote state-run secret activities focused on threats to a state’s vital interests (Lowenthal, Reference Lowenthal2017; Macpherson & Hastedt, Reference Macpherson and Hastedt2023). Building on Walsh and colleagues, who write that “health security intelligence refers to the collection of health security information to understand and assess national/domestic security threats that emanate from public health threat vectors” (Walsh et al., Reference Walsh, Ramsay and Bernot2023), we use the term Health Security Intelligence to refer to the intersection of these domains: the theoretical and practical challenges that arise when national security actors engage in epidemic intelligence activities using their unique capabilities, information, and methods.
Health–security information sharing in a changing governance landscape
This section situates the confidentiality–utility dilemma within a changing governance landscape. It does so by tracing historic discourse and how COVID-19 reshaped the relationship between health and security. Furthermore, it examines how states aim to respond to the limitations of traditional global health governance, including how militaries and intelligence capabilities can be engaged effectively.
The pandemic precipitated two significant shifts in this landscape. The first is the transformation of disease-relevant issues, once typically framed as “low politics,” into matters of “high politics” deeply intertwined with security, as they became linked to crises of national existence. As Albert et al. (Reference Albert, Baez and Rutland2021) have shown, infectious disease is clearly a threat across the spectrum of security paradigms, and events like COVID-19 came to be perceived as not merely medical crises but security challenges on par with warfare. These discussions have deepened further, as exemplified by the intensive focus of Politics and the Life Sciences in its special issue on “Infectious Disease and National Security,” which began to address the question of whether the pandemic has altered the study and practice of international security (Albert, Reference Albert2024). He observes that the pandemic blurred lines between domestic and international security and between health policy and national defense. Underpinning these lines of inquiry, McDermott (Reference McDermott2024) argues that disease can “challenge and change all aspects of security.” This is complemented by the empirical approach of Walker and Cramer (Reference Walker and Cramer2024) demonstrating the significant impact of disease on human psychology and stability, and the analyses by Topping et al. (Reference Topping, Hosny, Hunter and Yang2024) and Stevens et al. (Reference Stevens, Banducci and Horvath2024), which have examined the effects of disease on political systems across regime types and on individual security threat perceptions, respectively, underscoring the multi-level intersection of disease and security.
Concurrently with this shift toward “high politics,” the second major shift involved a practical crossover in operations. A distinct area of research emerged focusing on the practical crossover during the COVID-19 crisis, examining civil-military actions and their implications beyond the traditional semantic scope of securitization (Buzan et al., Reference Buzan, Wæver and De Wilde1998; Davies, Reference Davies2008; Elbe, Reference Elbe2006). This intensified collaboration was identified by Gibson-Fall (Reference Gibson-Fall2021) as a pivotal moment in global health military practice, with interventions ranging from minimal technical support to fully military-led responses. This view was echoed by Kalkman (Reference Kalkman2021), who noted a clear strengthening of the military’s role in crisis response. A literature review by Davis et al. (Reference Davis, Hertelendy, Hart and Ciottone2023) confirmed this trend, concluding that militaries worldwide were utilized to fill critical gaps in care and that the pandemic prompted an unprecedented international military response to a disease disaster.
However, this intensification of collaboration has raised new questions about its management. McInnes (Reference McInnes2024), for instance, explores how militaries can be engaged effectively in future health emergencies without inducing the militarization of health or damaging broader civil-military relations. He concludes that such risks can be mitigated by focusing on three mutually reinforcing trends: emphasizing multisectoral responses, developing clear guidelines, and shifting focus from crisis response to preparedness. Consequently, mitigating the risks inherent in these practical civil-military collaborations has become a central challenge for the field.
Grounded in these deeply interrelated contexts—the “high-politicization of disease” and the challenges of “practical civil-military collaboration”—the focus has increasingly turned toward the role of information and intelligence. The relationship between security and “epidemic intelligence”—or, more comprehensively, health security intelligence—has become a particularly active and significant area of research (Albert, Reference Albert2023; Walsh & Bernot, Reference Walsh, Bernot and Walsh2024). For instance, Dahl (Reference Dahl2023) offers a comprehensive account of intelligence’s potential role, importance, and limitations in the health sector, particularly in the United States. Furthermore, the book published by Walsh (Reference Walsh2025) stands as a comprehensive recent volume on the subject. For example, West et al. (Reference West, Juneau and Amarasingam2021) discussed the role of intelligence agencies in the response to COVID-19, while also discussing how the Canadian security sector could contribute to pandemic response. Based on numerous case studies, Lentzos et al. (Reference Lentzos, Goodman and Wilson2020) argue that health surveillance and national intelligence services are interconnected and can contribute to cases such as Ebola and West Nile virus. Davies (Reference Davies2021) addressed the role of intelligence agencies and their ethical challenges in responding to the novel coronavirus in “Surveillance, intelligence and ethics in a COVID-19 world.” Baker et al. (Reference Baker, Canyon, Kevany and Baker2023) discussed how military intelligence resources have been used in the past and their potential to enhance pandemic response.
The intersection of health and security intelligence has thus evolved from a peripheral topic to a salient concern in pandemic governance. While intelligence capabilities are increasingly recognized for their potential to provide critical informational advantages—enabling earlier detection and a more comprehensive threat assessment—their integration simultaneously raises substantive concerns regarding surveillance overreach, militarization, and the compatibility with humanitarian principles. It is within this inherent tension that the confidentiality–utility dilemma acquires its practical urgency.
Focusing on information sharing at this interface is analytically critical for two reasons. First, information sharing in policy implementation has significance beyond the unilateral use of resources. Cooperation in intelligence gathering, which can shape judgments in the policymaking process, tends to require a deeper level of engagement in both the policymaking and policy implementation processes. While it often remains a partial cooperation in the form of simple resource provision, it is a field that, compared to other collaborative actions, is highly likely to involve cooperation at a level that touches the very core of the decision-making process. Consequently, the difficulty of coordinated action and the risks inherent in collaboration also emerge. Second, recent trends—specifically, the limitations of global health governance and advances in analytical technology using large-scale data—have spurred the need for health and security collaboration in information sharing. In particular, the inability of existing frameworks to resolve disputes or compel compliance has heightened demand for capabilities that can detect or infer hidden or deliberately obscured information. Walsh et al. (Reference Walsh, Ramsay and Bernot2023) touch upon the role of intelligence in origin investigations and early warning, premised on the limitations of global health governance, and Canyon et al. (Reference Canyon, Kevany, Baker, Baker and Daniel2020) discuss the Biodefense Shield Alliance as a potential model for health security intelligence (see also, Baker et al., Reference Baker, Canyon, Kevany and Baker2023). This paper aims to delve deeper into these developments from the perspective of governance incentives.
Conceptually, it is also critical to distinguish two partially overlapping strands within this broader theme, rather than two rigid pillars for the paper as a whole: (a) the contribution of security-sector information to epidemic intelligence, and (b) the collaboration between traditional national security intelligence and the health sector (including epidemic intelligence). Regarding (a), the collection of medical information was once strictly demarcated from other fields as a health information-gathering activity. However, with the emergence of the epidemic intelligence concept, this has shifted toward “comprehensive, all-source” information gathering. As will be discussed later, this trend was further reinforced around the time of the COVID-19 pandemic by a recognition of the issue’s importance as “high politics,” alongside the rise of technologies enabling the analysis of large-scale data and AI. Regarding (b), the other strand centers on establishing a cooperative framework with traditional security intelligence, particularly in relation to information that is sensitive, contested, or deliberately concealed. This has historically been observed in the context of biosecurity, particularly as “investigative measures.” However, in response to COVID-19 and its impact on “national security” as a whole, the construction of a broader collaborative framework is now being discussed. This distinction between an expanded, all-source epidemic intelligence and intelligence-led efforts to uncover hidden information will resurface below when we turn to the structural limits of global health governance and their implications for health–security information sharing.
The growing expectation for these intelligence-driven approaches is directly linked to the inherent challenges in global infectious disease governance. The discussion now turns to the current state of governance reform and its difficulties, situating the criticality of this intersection within the structural limitations of global governance. Following the outbreak of COVID-19, various institutional reforms were undertaken, one of which was the revision of the International Health Regulations (IHR). The IHR confronted renewed scrutiny of its inherent limitations during the COVID-19 pandemic. While the IHR mandates World Health Organization (WHO) member states to provide expeditious international notification following incident occurrence, these international regulations, by nature, do not possess explicit enforcement mechanisms. Moreover, the framework does not have investigative protocols comparable to those established by organizations such as the Organisation for the Prohibition of Chemical Weapons. Multiple international panels proposed initiatives to address these limitations by introducing new interventions, such as new treaty formulation (Pandemic Accord) and/or IHR amendments (Global Preparedness Monitoring Board, 2020; Independent Panel for Pandemic Preparedness & Response, 2021).
Despite these efforts, progress has been incremental. While constituting a procedural milestone, the IHR amendments agreed upon in June 2024 reflect a prioritization of expedited implementation rather than a fundamental change in their legal mandates. The IHR amendments incorporated several revisions, including the establishment of an implementation committee to improve compliance and problem-solving among member states, the introduction of a “Pandemic Emergency” category, and the addition of solidarity and equity as core principles to ensure fair access to resources during health emergencies (World Health Organization, 2024a). These revisions are considered to enhance the operational practices that were examined and questioned during the COVID-19 pandemic. For instance, the “pandemic emergency” concept may contribute to balancing institutional clarity with flexibility, addressing concerns about Public Health Emergency of International Concern’s binary framework during COVID-19 (Patel & George, Reference Patel and George2021). However, the changes did not directly address modifications to early reporting requirements or inspection mechanisms to the extent as previously examined (Gostin et al., Reference Gostin, Friedman and Dueck2021). Furthermore, on 18 July 2025, the United States formally rejected the 2024 IHR amendments (U.S. Department of State & U.S. Department of Health and Human Services, 2025).
Similarly, negotiations on the WHO Pandemic Agreement have been beset by postponements, largely due to ongoing contention surrounding the Pathogen Access and Benefit-Sharing (PABS) system (World Health Organization, 2024b). Although the Agreement was adopted in May 2025 (World Health Organization, 2025b), it will open for signature only after adoption of the PABS annex; entry into force will then depend on the ratification process set out in the Agreement. Negotiations on this critical component are continuing through an Intergovernmental Working Group, with the finalized PABS annex expected to be submitted to the World Health Assembly for consideration.Footnote 1
This protracted process suggests that establishing comprehensive global legal frameworks is an increasingly arduous undertaking. The prevailing political dynamics indicate that traditional multilateral agreements face significant obstacles, reinforcing the imperative to explore alternative or complementary approaches for international pandemic preparedness and response. In practice, these limitations of global normative frameworks have compelled states to pursue strategic diversification: leaning more heavily on regional arrangements, minilateral coalitions, and intelligence capabilities as compensatory mechanisms to address the enforcement gaps and institutional rigidities that binding global rules have struggled to overcome.
In response to these circumstances, several distinct trends have emerged concurrently, characterized by efforts to gather global information through various methodologies independent of international obligations. This includes (1) enhancing regional and inter-alliance cooperation, (2) diversifying sources, and (3) strengthening alternative capabilities to address hidden information. Crucially, each of these developments presents potential opportunities for more direct security sector engagement.
As for (1), the trend toward regionalization is evident in numerous initiatives. Notable regional developments or institutionalized initiatives include the African Medicines Agency Treaty (entered into force on 5 November 2021), Pan American Health Organization’s Regional Platform to Advance the Manufacturing of COVID-19 Vaccines and Other Health Technologies in the Americas (launched in August 2021), the ASEAN Centre for Public Health Emergencies and Emerging Diseases (with prevention hosted by Viet Nam, detection by Indonesia, and response plus the secretariat by Thailand), the ARO Alliance for ASEAN and East Asia (ARISE) supporting international clinical research, and—within the European Union (EU)—the European Health Union package, including Regulation (EU) 2022/2371 on serious cross-border threats to health and the operationalization of Health Emergency Preparedness and Response Authority (HERA) (African Union, 2021; ARISE, n.d.; European Commission, 2024; European Parliament & Council of the European Union, 2022; Japan-ASEAN Integration Fund, n.d.; Ministry of Foreign Affairs of Thailand, 2025; Pan American Health Organization (PAHO), 2021, 2023; Sonoda et al., Reference Sonoda, Urbiztondo, Siburian, Kerdsakundee, Muchanga and Iiyama2022). While some initiatives focus mainly on medical countermeasures, these are inherently interconnected to epidemic intelligence through information gathering (Ministry of Foreign Affairs of Japan, 2020). Notably, security-oriented frameworks among allied states have also emerged as a salient feature. The Quadrilateral Security Dialogue (QUAD) initially focused on vaccine sharing (Indo-Pacific Centre for Health Security, n.d.) and continues to develop other initiatives, including simulation exercises (e.g., the 2025 Indo-Pacific Logistics Network simulation exercise) and information-sharing frameworks. The Five Eyes alliance has been involved in coordinating the economic response to COVID-19, collaborating on assessing the origin of the virus, and receiving recommendations for capacity building (Walsh et al., Reference Walsh, Ramsay and Bernot2023). Several studies suggest potential expanded roles for these frameworks (Baker et al., Reference Baker, Canyon, Kevany and Baker2023; Walsh et al., Reference Walsh, Ramsay and Bernot2023).
Trends (2) (diversifying sources) and (3) (strengthening capabilities) more explicitly indicate potential security sector involvement. These trends demonstrate a shift toward collecting and analyzing information from diverse data sources beyond state-level reporting, an approach also reflected in the design of the WHO Hub for Pandemic and Epidemic Intelligence (World Health Organization, n.d.). The team emphasizes the need to move from traditional surveillance to “modern approaches” to pathogen surveillance (Morgan et al., Reference Morgan, Abdelmalik, Perez-Gutierrez, Fall, Kato, Hamblion and Ihekweazu2022). The modern surveillance elements include data from nontraditional public health areas (e.g., police reports), such as geospatial, remote sensing, and mobility data, as well as open-source data from the population (Morgan et al., Reference Morgan, Abdelmalik, Perez-Gutierrez, Fall, Kato, Hamblion and Ihekweazu2022). While implementing these approaches presents challenges, the evolution of epidemic intelligence can be toward deeper integration of security and nonsecurity sources in an “all-source” model.
This shift further necessitates a critical reassessment of the role of security and intelligence capabilities. While systems that analyze outside-in information increasingly use open-source data, obtaining precise and preventive information still requires specialized skills comparable to those of traditional intelligence operations (Baker et al., Reference Baker, Canyon, Kevany and Baker2023; Cameron, Reference Cameron2020). Indeed, classified U.S. intelligence reporting in January and February 2020 warned of the danger posed by the emerging coronavirus, underscoring the potential early-warning and threat-assessment value of intelligence channels (Harris et al., Reference Harris, Miller, Dawsey and Nakashima2020; see also Dahl, Reference Dahl2023; Gradon & Moy, Reference Gradon and Moy2021). Despite the increasing importance of open-source analytics in reducing reliance on government reporting and extending detection beyond conventional public health mechanisms, it is worth noting that the detection of disease clusters through open-source intelligence typically postdates the very initial pandemic phase, highlighting the limitations of publicly accessible surveillance mechanisms. Furthermore, the detection of deliberately obscured information necessitates specialized intelligence techniques. As infectious diseases increasingly constitute international security threats to human life, technical reliance on intelligence agencies could therefore extend to more comprehensive, or sometimes public-health-relevant, interventions beyond traditional biological weapons surveillance.
Recent reports released by several intelligence agencies have provided deeper insights into COVID-19, illustrating the potential roles that intelligence agencies could play in public health. For example, German media reports (as relayed by Reuters) indicate Germany’s foreign intelligence service estimated in 2020 that there was an 80–90% probability that the coronavirus was accidentally released from China’s Wuhan Institute of Virology (Reuters, Reference Reuters2025). The Office of the Director of National Intelligence in the United States published its declassified evaluation on COVID-19 origins, addressing a potential laboratory origin, with the assessment albeit with varying confidence levels across agencies (Office of the Director of National Intelligence, National Intelligence Council, 2023; CBS News, 2025).
In conclusion, when examining information sharing between the health and security sectors, two major, though overlapping, directions can be identified. The first, originating from (a) epidemic intelligence, involves the all-source collection of disease information, which consequently does not exclude information from the security sector. The second is characterized by (b) coordinated action between the health sector and national security intelligence, entailing a form of peer-level collaboration between entities with entirely different expertise. Within the current context of international governance, it has become evident that there are compelling expectations placed upon both of these approaches. That is, as the difficulties of securing institutional guarantees in international governance and the challenges of timely state-level reporting are recognized, the collection of information from multiple and diverse sources within epidemic intelligence is becoming a central expectation. Furthermore, as argued by Walsh et al. (Reference Walsh, Ramsay and Bernot2023), there is a strong expectation for the expertise of national security intelligence in domains such as origin investigations and in cases involving deliberately concealed information. These expectations, however, collide with concerns about secrecy, politicization, and civil–military boundaries—precisely the concerns that the confidentiality–utility dilemma forces us to confront.
Managerial imperatives for health–security information sharing
As expectations for information-sharing frameworks in health security intelligence have grown, a series of challenges has also emerged. Central among these is the imperative for health organizations to maintain neutrality and confidentiality in their interactions with security agencies, which has been highlighted. In interviews with Global Public Health Intelligence Network (GPHIN) experts, it was noted that the WHO, due to its equidistant stance from all member states, clearly avoids ties with intelligence communities. When the US Armed Forces Medical Intelligence Committee sought to join GPHIN, the WHO refused to grant it “partner” status, instead delineating a boundary by treating it as a “client” to maintain distance (Weir & Mykhalovskiy, Reference Weir, Mykhalovskiy and Bashford2006, p. 256). On this issue, Enemark (Reference Enemark2010) has pointed out that while the Biological Weapons Convention raises expectations and enhances the functional assessment of the WHO, it also entails the risk of undermining the organization’s original mission and independence. Additionally, numerous studies have highlighted the dangers of militarization and the need for countermeasures (McInnes, Reference McInnes2024). From the perspective of information sharing, this very issue—the tension between collaboration and independence—becomes salient.
To understand how to navigate this tension—the dilemma posed by the tension between information confidentiality and its practical application—it is instructive to examine a related field where this issue has been vigorously debated: information sharing between police and health agencies, particularly concerning privacy during a pandemic. The lessons learned from efforts to prevent the “function creep” whereby public health data are repurposed for law enforcement objectives offer a foundational framework. Specifically, a three-tiered bulwark has been proposed, consisting primarily of (1) legal and ethical firewalls, (2) technical segregation, and (3) institutional controls.
First, legal and ethical firewalls form an initial boundary for health–security information sharing: they specify what can never be shared, under which conditions exceptional sharing may be permitted, and who must authorize such departures. Specifically, the principles of purpose limitation, data minimization, and proportionality, as defined by the EU’s General Data Protection Regulation (GDPR), provide the legal foundation for prohibiting, as a rule, the use of collected health data for purposes other than the original public health objective (especially for police and investigative purposes) (Regulation (EU) 2016/679, Art. 5; European Data Protection Board, 2020). Adherence to this principle is indispensable for fostering the public trust necessary for citizens to cooperate with public health programs without fear that their data might be passed to the police; this itself is a public health imperative (Molldrem et al., Reference Molldrem, Hussain and McClelland2021).
Second, technical segregation provides a second wall: it allows managers to route health-relevant intelligence through separate systems and interfaces, rather than collapsing health and security data into a single pool. The decentralized design debated for COVID-19 contact-tracing apps is a prime example, as it eliminates a single point of access by not aggregating data on a central server (Troncoso et al., Reference Troncoso, Payer, Hubaux, Salathé, Larus, Bugnion, Lueks, Stadler, Pyrgelis, Antonioli, Barman, Chatel, Paterson, Čapkun, Basin, Beutel, Jackson, Roeschlin, Leu, Preneel, Smart, Abidin, Gürses, Veale, Cremers, Backes, Tippenhauer, Binns, Cattuto, Barrat, Fiore, Barbosa, Oliveira and Pereira2020). Taking this further, Molldrem et al. (Reference Molldrem, Hussain and McClelland2021) have proposed concrete alternatives such as “segmented interoperability,” which provides only nonpersonally identifiable statistical information through a technically separated pathway, rather than sharing direct data with the police. This is a specific solution designed to protect the confidentiality of health data while partially satisfying law enforcement objectives.
Third, institutional controls offer a third wall by embedding oversight, documentation, and ex post review into any health–security collaboration. It is widely argued that public health authorities should be designated as data controllers, and any disclosure of data to law enforcement should be prohibited as a default rule and be subject to rigorous pre- and post-independent oversight by a third-party body. A practical example of this principle being codified is New York State’s Public Health Law, which bars law-enforcement and immigration authorities from participating in contact tracing and generally prohibits the disclosure of contact-tracing information to such authorities or its use in legal proceedings, subject to limited statutory exceptions (N.Y. Public Health Law §§ 2180–2181). Such legal controls function as a critical safeguard against the arbitrary exercise of power.
While this three-tiered bulwark provides a critical framework, its application to the national security domain requires careful adaptation. The debate surrounding the relationship between policing functions and privacy has a high degree of affinity with the security domain; indeed, as the boundary between the national security and domestic policing domains is often ambiguous, the aforementioned approaches are, in principle, also applicable to the security sector. However, it is crucial to recognize the distinct contexts of national security intelligence. Considering that the post-COVID-19 discussion on the confidentiality-utility dilemma has primarily evolved from the perspective of the tension between domestic police power and health agencies, especially regarding individual privacy, it is important to note the distinct contexts of national security intelligence, which involve cross-border issues, source protection, and foreign disclosure. For example, police are supported by public legitimacy circuits such as criminal procedures and judicial review, and deviations are more easily corrected through post-hoc visible control. In contrast, intelligence is primarily governed by nonpublic executive and legislative oversight, where a deviation or error is prone to becoming a fait accompli before it can be externally verified. Furthermore, unlike the police, whose targets are often limited to domestic citizens, intelligence must also consider cross-border sharing among allies and partners. For instance, while the remedies of (1) and (3) are certainly applicable to the security sector, unique considerations are necessary due to the inability to use public legitimacy circuits, the inherent risks in disclosing information even for review purposes, and the fact that an initial, highly integrated approach may be expected, making the minimization principle not always appropriate. While policing and national security functions cannot be discussed in complete separation, there is scope for a deeper discussion within a context more directly associated with “national security intelligence.”
Moving beyond the specific challenges of privacy protection, we must also consider the broader operational challenges of collaboration in information sharing between health and law enforcement or the Intelligence Community. These discussions focus less on firewalls and more on the practicalities of interagency cooperation. One of the most direct reports addressing this issue is by Eyerman and Strom (Reference Eyerman and Strom2005). They emphasize the importance of cross-disciplinary leadership and trust-building, and list joint training and secure electronic sharing environments with access controls as examples of possible coordinating actions. Albert et al. (Reference Albert, Baez, Hunter, Heslen and Rutland2023) empirically demonstrated the effectiveness of an integrated mechanism through the case of the Dominican Republic’s “Epidemiological Intelligence Fusion Center,” where public health, defense, international organizations, and the private sector continuously reconciled data and analysis within a single operational framework to directly inform policy decisions. Furthermore, Walsh et al. (Reference Walsh, Ramsay and Bernot2023) identify a “lack of clarity around the mission and mandate of ICs [intelligence communities],” the absence of a “health security strategy,” and “inefficiencies of early warning mechanisms” as representative challenges in collaboration. They propose developing a health security strategy, institutionalizing early warning mechanisms, and avoiding the excessive politicization of the Intelligence Community as future measures. While not an exhaustive list, key coordinating actions previously identified include: (1) mutual understanding of ethics and cultures, (2) clarification of mandates, (3) formation of shared data clouds, (4) development of an integrated strategy, and (5) establishment of integrated organizations (Albert et al., Reference Albert, Baez, Hunter, Heslen and Rutland2023; Bowsher, Reference Bowsher2021, Reference Bowsher and Walsh2024; Eyerman & Strom, Reference Eyerman and Strom2005; Walsh et al., Reference Walsh, Ramsay and Bernot2023).
Synthesizing the insights from these two streams of discussion—the privacy challenges identified in the (domestic) police-health context, and the operational collaborative challenges between security and health organizations—suggests that the problem-set of the “confidentiality-utility dilemma” can be managed at several different levels. When applying these insights to the national security context, several factors are particularly salient: the difficulty of relying on independent post-hoc oversight mechanisms, the security sector’s characteristic need for some degree of integrated information fusion at an early stage, and the importance of perceived neutrality—“the degree to which an entity appears neutral from an external viewpoint.” Given these factors, an analysis focused on addressing confidentiality and utility highlights the particular importance of three managerial levers: (1) organizational and structural interventions, (2) tiered classification and de-identification, and (3) joint investigations and co-analysis. The remainder of this section examines each in turn, highlighting how specific managerial choices can either sharpen or mitigate the confidentiality–utility dilemma.
Organizational and structural interventions
First, organizational and structural interventions are crucial when considering this issue. They address the need for integrated collaboration while acknowledging the limitations of traditional oversight mechanisms in the intelligence context. Particularly when envisioning collaboration with intelligence functions that may include foreign partners, post-hoc oversight of the kind seen with purely domestic agencies is less effective. At the same time, a more integrated, cross-disciplinary collaboration is required in practice. Therefore, an approach that integrates within an organization while separating it from external entities may become increasingly important. Following 9/11 and further spurred by COVID-19, many initiatives have advanced the expansion, organization, and institutionalization of an integrated epidemic intelligence function. Traditionally, the National Biosurveillance Integration Center (NBIC) has addressed this issue, and reflecting the COVID-19 response, the activities of the UK Health Security Agency (UKHSA) and Public Health Agency of Canada (PHAC) with its Canadian Centre for Integrated Risk Assessment are also of interest (Bowsher, Reference Bowsher and Walsh2024; Public Health Agency of Canada, 2023; UK Health Security Agency, n.d.).
Despite the theoretical benefits, the effectiveness of such organizational structures (integrated communication systems and “fusion”-type analytical frameworks) has been met with persistent skepticism. In a US Government Accountability Office (GAO) evaluation of NBIC, as of 2015, only 5 of the 19 participating agencies reported sharing raw structured data with NBIC. Barriers cited included distrust of sharing, regulatory and legal constraints, and the significant effort required for appropriate protection (GAO, 2015). An updated review further specified that NBIC still faces restrictions in accessing some federal agency data, forcing it at times to rely on open sources like the Centers for Disease Control and Prevention (CDC)’s public website. It also highlighted that Data Use Agreements with state, local, tribal, and territorial governments and federal laws (the Privacy Act, the Freedom of Information Act) make it difficult for the CDC to share the raw data it collects with other agencies (GAO, 2023). Furthermore, “fusion”-type integration has faced limitations and criticism in other areas of national security (especially policing), demonstrating the lesson that there is no quick fix for analyzing matters of mutual concern involving numerous actors, organizations, and interests. This necessitates an incremental approach of improving governance design and operation (Bowsher, Reference Bowsher and Walsh2024; Walsh, Reference Walsh2015). However, despite these challenges, when envisioning further improvements in this field, we argue that organization and institutionalization (if supplemented by appropriate legal and institutional frameworks) still have a significant role to play from a confidentiality perspective.
Models from other domains offer potential templates for managing confidential sharing. In the financial-crime field, two complementary designs stand out. Under Section 314(a) of the USA PATRIOT Act, FinCEN acts as an intermediary: law-enforcement agencies submit requests which FinCEN transmits to designated financial institutions, and institutions report positive matches back to FinCEN through the secure portal; the institution may not disclose that agency or the fact of the request more broadly except to the extent necessary to comply with the request (31 C.F.R. § 1010.520; FinCEN, 2026). The United Kingdom’s Joint Money Laundering Intelligence Taskforce (JMLIT) takes a different approach, bringing vetted private sector representatives and law enforcement agencies together via the National Crime Agency in a restricted operational forum to support the wider economic crime strategy. JMLIT is designed to operate alongside, rather than replace, the statutory suspicious activity reporting regime (HM Government, 2015; Home Office, 2018; FATF, 2018).
Beyond clear institutionalization, a hybrid model that combines organization with the placement of liaison officers (LOs) is also a meaningful institutional intervention from the perspective of maintaining a degree of confidentiality while integrating information. Bowsher (Reference Bowsher2021, Reference Bowsher and Walsh2024) proposes the formal establishment, institutional strengthening, and collaboration among “health security LOs,” and this system may have significance beyond simply enabling countries to cooperate and share information. Similarly, the strengthening of fusion centers, as argued by Albert et al. (Reference Albert, Baez, Hunter, Heslen and Rutland2023), may have value in addition to enhancing collaborative action.
The maritime domain offers an illustrative example of how such a hybrid model can function. The Indo-Pacific Partnership for Maritime Domain Awareness (IPMDA), a new initiative for maritime surveillance cooperation launched in 2022 under the “Quad” framework of Japan, the United States, Australia, and India, is based on unclassified information sharing (Naval Information Warfare Center Pacific, 2025; The White House, 2022a, 2022b; U.S. Embassy & Consulates in India, 2024). However, the regional fusion centers at the core of this ecosystem—especially Singapore’s Information Fusion Centre and India’s Information Fusion Centre–Indian Ocean Region—host international liaison officers (ILOs) from multiple countries, drawn from navies, coast guards, and other maritime agencies, who bring tacit knowledge of their home countries’ operational environments and information-sharing ecosystems to the shared unclassified maritime picture (Chong, Reference Chong2025; Information Fusion Centre, 2024; Ministry of Defence Singapore, 2019; Press Information Bureau, Government of India, 2023; Republic of Singapore Navy, 2023; The White House, 2022a). In this way, ILOs act as human-mediated conduits between the common operating picture and national operational centers (Chong, Reference Chong2025; Republic of Singapore Navy, 2023), enabling differentiated dissemination: participating states can contextualize the shared information against their own operational requirements when routing it through national channels. This institutional design—in which personnel from national services are co-located in regional fusion centers (Information Fusion Centre, 2024; Republic of Singapore Navy, 2023)—enables a form of tiered confidentiality management through the exercise of informed professional judgment, rather than through direct sharing of sensitive data via the shared platform itself. At the platform level, IPMDA achieves highly synchronous collaboration on unclassified information via SeaVision (Cooper & Poling, Reference Cooper and Poling2022; Naval Information Warfare Center Pacific, 2025; United States Navy, 2024; Volpe National Transportation Systems Center, n.d.).
This de facto, two-tiered operational structure demonstrates a potential for both integrated operations and human-mediated access to information. It should be noted that IPMDA is principally for unclassified information sharing, and this example serves to show the potential role LOs can play in collaboration. Moreover, the maritime domain historically has a closer relationship between military and nonmilitary sectors, and the confidentiality of nonsecurity data is relatively low, meaning this model cannot be simplistically applied to the health domain, where even nonsecurity data are often highly sensitive. With that premise, this example highlights the potential significance of appropriate organization and LOs placement from another angle (Chong, Reference Chong2025; OECD, 2022; U.S. Department of Health & Human Services, 2025).
In summary, while there is constant skepticism regarding the formal institutionalization that promotes information integration between the health and security sectors, institutionalization alone will not solve the issue. It should be noted that the nature of information and institutions in other domains differs significantly, making simple comparisons difficult. However, considering the nature of the security sector, the significance of organization and institutionalization—which (when combined with appropriate legal and ethical constraints) can enable a level of confidentiality management difficult with other measures—should be re-emphasized. Organizational design, in short, is not a panacea, but it is one of the few levers through which policymakers can simultaneously expand the scope of information sharing and preserve conditions for neutrality and trust. From a confidentiality–utility perspective, liaison structures are “bridges with guardrails”: they enable selective, need-to-know sharing without collapsing institutional firewalls or turning health institutions into security appendages.
Tiered classification and de-identification
The next viable option is to address the dilemma through de-identification and tiered classification. This approach focuses on how data itself is handled, recognizing that health and security-related data each possess a high degree of sensitivity in their own unique ways. In effect, share-by-design architectures move classification from a “protect by hiding” logic toward a “protect by sharing” logic, analogous to tiered de-identification in clinical research. As expectations for an integrated approach grow, how the data itself is handled becomes a major point of discussion. This section will focus on the expectation for further enhancement of data management within the security sector.
The discussion on data de-identification has been led by the health sector. This is driven by the need to utilize highly sensitive health information for data management, and the field has been pushed by the practical need to safely advance research reuse and interagency cooperation, leading to progress in de-identification and stratification (tiered access management). Internationally, an Organisation for Economic Co-operation and Develop [OECD] recommendation urges countries to create “frameworks that enable personal health data to be both protected and used towards public policy goals” (OECD, 2022), and the EU’s GDPR, while providing for handling data for research purposes, explicitly states that anonymized information is not subject to the regulation (European Union, 2016). In the United States, HIPAA’s de-identification guidance positions it as a mechanism for creating data suitable for use and disclosure (U.S. Department of Health & Human Services [HHS], 2012, 2025). Amendments have also advanced to facilitate collaboration, such as allowing the provision of data (limited to de-identified) to public health authorities while maintaining strict protection for substance use disorder patient records, and allowing a single consent for all future uses and disclosures for treatment, payment, and health care operations (HHS, 2024).
Operationally, these principles are being implemented through frameworks designed for practical application. The UK’s “Five Safes” framework has become widespread as a stratification principle to “provide safe research access to data” (U.K. Data Service, n.d.), and the de-identified open provision of the Medical Information Mart for Intensive Care (MIMIC-III) database as a leading example of open science is supporting reproducible research (Johnson et al., Reference Johnson, Pollard, Shen, Lehman, Feng, Ghassemi and Mark2016). This accumulation of “protection for the sake of use” has supported the dual goals of research and collaboration in practice (HHS, 2025; OECD, 2022). While this does not immediately facilitate or justify provision to the security sector, the issue of “sensitive information and sharing” has long been a key topic in this field, and technical support and discussion have advanced accordingly.
Among the issues discussed concerning domestic police and health agency collaboration, data management is the most directly applicable to the security sector. Yet, the adoption of these practices within the security domain has been uneven. Even within the policing domain, the proactive, tiered classification of information has not been a consistent practice. The case of Israel’s Shin Bet (internal security service) serves as an instructive example. It exemplifies a convergence toward a stratified solution—one that narrows interventions to navigate the inherent tension between the speed required for public health intelligence and the preservation of privacy under democratic control.
In March 2020, the government repurposed Shin Bet’s mobile location data tool for contact tracing, introducing an emergency measure where the Ministry of Health would notify individuals identified as infected or close contacts based on personalized identification (Cahane, Reference Cahane2020; Holmes, Reference Holmes2020). The Supreme Court, in April of that year, allowed the short-term emergency use but ruled that its continuation required time-limited legislation by the Knesset (Israeli Supreme Court, 2020; Lubell, Reference Lubell2020). It also required special provisions (such as consent and other remedy frameworks) for its application to journalists to protect freedom of the press and source confidentiality (Israeli Supreme Court, 2020). In response to this judicial mandate, the time-limited law of July 2020 codified the stratification of operations and procedures, including: (1) a declaration for activation every 21 days (with individual exceptions in low-prevalence periods and supplementary use in high-prevalence periods), (2) minimization of data items (subscriber info + location/call metadata only/content excluded), (3) institutional separation (data isolated from existing Shin Bet data and used only for Ministry of Health notifications), (4) a set acquisition period (14 days of location/call metadata prior to diagnosis), and (5) multilayered oversight (regular reports by the Attorney General, parliamentary subcommittees, and relevant ministers) (Cahane, Reference Cahane2020, Reference Cahane2021).
However, the application of this tool remained contentious. In its final judgment in March 2021, the Supreme Court deemed the indiscriminate, universal applicationan excessive infringement of rights and ordered it to be limited to individual cases where individuals would not or could not cooperate with epidemiological investigations(Lubell, Reference Lubell2021; Times of Israel Staff, 2021a). As of December, data from Israel’s Intelligence Ministry indicated that only a small fraction of cases were detected through surveillance alone (Lubell, Reference Lubell2021). During the Omicron response at the end of that year, a minimal reactivation was attempted—a seven-day lookback period for a 5-day period—but it ended without extension due to a lack of parliamentary support (Cahane, Reference Cahane2021; Times of Israel Staff, 2021b). Overall, this case deepened the policy and operational stratification of security data by layering guardrails, such as activation conditions, scope, data minimization, retention, institutional separation, and oversight (Cahane, Reference Cahane2020; Israeli Supreme Court, 2020; Lubell, Reference Lubell2021). While this case suggests the possibility of achieving a degree of balanced information sharing through data stratification, it also implies that corresponding measures were not in place on the police side before the incident.
Meanwhile, in the broader security–intelligence context, this discussion is even more complex, as handling matters with a classified approach has traditionally been seen as natural. National-level security intelligence has historically developed around a concept of protection through classification and compartmentalization that does not necessarily presuppose proactive sharing, rather than “making it widely usable through anonymization.” Particularly in foreign disclosure, it has been pointed out that the tiered application of foreign disclosure systems and markings like NOFORN (not releasable to foreign nationals) creates operational constraints that impose hurdles exceeding the original policy intent (Radin, Reference Radin2022). The US National Defense Strategy 2022 also explicitly calls for reducing institutional barriers that hinder allied Research and Development, planning, interoperability, and intelligence and information sharing, as well as refreshing information release procedures, expanding authorities, and redefining dissemination controls, effectively demanding what might be termed a share-by-design approach (U.S. Department of Defense, 2022). In short, the recognition that further institutionalization of classification and compartmentalization designed for sharing (share-by-design) is needed is supported by both policy documents and practical observations.
The distortions of this “classification-not-designed-for-sharing” manifest as operational delays during a crisis. In a more general context, during the early stages of COVID-19, US Senator Grassley stated that excessive classification was impeding access by health authorities and that the intelligence community’s efforts would be ineffective unless they reached public health officials, calling for greater integration and information sharing from the IC to HHS, particularly its Office of National Security (Grassley, Reference Grassley2020a, Reference Grassley2020b). This message from the legislative branch did not merely emphasize “leak prevention measures” but directly addressed the institutional design problem that the operation of classification and external disclosure itself was not fit for the purpose of sharing.
Similar difficulties have been observed historically. During the severe acute respiratory syndrome outbreak (2003), a report from Guangdong province was reportedly left unopened for several days due to a lack of authorized personnel to handle its “Top Secret” classification, delaying its transmission to the WHO and other agencies (Huang, Reference Huang and Knobler2004). This case illustrates that what is needed in a crisis is not “locally strict secrecy” but “classification that can be shared in a purpose-driven manner,” and that the system at the time was not optimized for this (Lencucha & Bandara, Reference Lencucha and Bandara2021).
In addition, similar issues have been pointed out in the defense infrastructure. Although the Department of Defense’s biosurveillance assets are extensive, several testimonials show that they are siloed. The lesson that existing systems are often not designed for sharing and cannot immediately present an integrated, real-time picture in the early days of COVID-19 demonstrates this vulnerability (Cullison & Morrison, Reference Cullison and Morrison2024). Furthermore, failures at the warning-policy interface regarding COVID-19 have been reported, with the conclusion that unclear roles and governance inconsistencies hindered the connection of information (Gradon & Moy, Reference Gradon and Moy2021). In sum, the shift from “broad classification for protection” to “classification for circulation while protecting”—that is, the design of classification and compartmentalization based on sharing, and a more detailed discussion of de-identification—is emerging as a substantive challenge at the health–security nexus. If epidemic intelligence increasingly relies on all-source analysis, then security-sector data cannot remain locked in systems that are structurally hostile to sharing; yet any move toward greater circulation must be carefully designed to avoid new risks to sources, methods, and civil liberties.
An incipient but important example of progress toward this shift can be seen in the recent trends at the US NBIC. Once criticized for a lack of interagency coordination (GAO, 2015), NBIC has, in recent years, taken measures to address challenges in accessing necessary data and is strengthening its collection and sharing systems. For example, in addition to automatically collected articles, it is expanding access to security-related data that were previously difficult to obtain, such as flight and cargo data from Customs and Border Protection (GAO, 2023). Most emblematic is its approach to data. NBIC is clearly steering toward increasing the degree of information integration without compromising confidentiality by expanding access to “de-identified and aggregated” data, such as de-identified and aggregated medical data from the Department of Veterans Affairs and aggregated wildlife event data from the Department of the Interior (GAO, 2023).
However, it is crucial to recognize the limitations of this progress. It is reported that much of this progress depends on open sources. Many of the data sources NBIC is integrating are open sources, like news media or de-identified aggregate data. While undoubtedly useful for detecting public health threats, this in reality does not go beyond the realm of advanced Open Source Intelligence and is fundamentally different from the core information that national security intelligence should handle, such as a state’s concealed intentions and capabilities. In other words, while NBIC’s case is an important step toward “sharing,” it remains limited to the sharing of relatively accessible information. The truly difficult challenge—the breakthrough needed to “share while protecting” highly classified intelligence itself—has not yet been achieved.
Joint investigations and co-analysis
Finally, joint investigations can be presented as a third managerial lever. If organizational structures and data management are approaches to preparing a collaborative foundation for peacetime, then joint investigation is the most direct and deep form of collaboration for responding to a specific, major incident. While a joint investigation may at first glance appear to be an ad hoc collaboration for limited cases, it is a noteworthy example of very direct collaboration between the health sector and national security intelligence.
The joint investigation between the FBI and CDC is often cited as a success story of “interpersonal exchange” and “cultural collaboration,” but the reality is more multilayered. During the 2001 anthrax attacks (Amerithrax), the two agencies conducted a joint investigation lasting approximately seven years, establishing a system that involved a total of 29 government, university, and commercial laboratories to collate the physical, chemical, genetic, and forensic profiles of the seized materials (U.S. Department of Justice, 2010; Walsh & Bernot, Reference Walsh, Bernot and Walsh2024). Retrospectives describe with concrete examples the friction that arose from the differing mindsets of the health and scientific communities, which prioritize knowledge sharing, and the law enforcement side, which prioritizes evidence preservation and secrecy—for instance, geneticist Paul Keim recounted the struggles of converting an academic lab to forensic lab and complying with strict evidence-handling rules, with each step requiring witnesses (Bhattacharjee, Reference Bhattacharjee2009). Walsh and Bernot argue that these cultural differences, coupled with policy and institutional obstacles post-9/11, have made integration across health and security difficult. They also note that even Amerithrax, the best-known public example of such collaboration, exposed significant coordination difficulties, indicating the ongoing need to refine institutional arrangements and professional cultures (Walsh & Bernot, Reference Walsh, Bernot and Walsh2024).
On the other hand, beyond overcoming cultural friction, a joint investigation also suggests the possibility that the agreement itself can have a clearinghouse-like function. That is, similar to the discussion in organizational interventions, while comprehensive information is shared within the joint investigation, the fact that it is not shared with outsiders allows information to be contained internally, making it possible for the security and health sides to each maintain a degree of independence while taking an integrated approach.
A specific example of this clearinghouse function in practice is the United Nations Secretary-General’s Mechanism for Investigation of Alleged Use of Chemical and Biological Weapons (UN-SGM). The UN-SGM, established in 1987, provides a framework enabling the UN to investigate reports of chemical, biological, or toxin weapon use. It authorizes the Secretary-General to deploy expert teams for technical assessment and reporting of potential weapons-related incidents relevant to global disarmament and security initiatives. The mechanism has been activated in various contexts, notably in Syria, for chemical weapon use verification and international response facilitation. The 2013 mission, implemented under an enhanced framework, represented the first activation since 1992 (Appelt et al., Reference Appelt, Rohleder, Invernizzi, Mikulak, Brinkmann, Nitsche and Grunow2021; United Nations Secretary-General, 2013; United Nations Office for Disarmament Affairs, 2015).
The UN-SGM’s structural design addresses these concerns through several mechanisms, including confidentiality provisions. Information handling during UN-SGM missions is governed by the UN-SGM guidelines and procedures (United Nations General Assembly, 1989; United Nations Office for Disarmament Affairs, 2015, p. 6). In 2007, these procedural rules were augmented with a specific appendix addressing confidentiality issues. Appendix B, “Measures to protect the confidentiality of investigations of alleged use of CBT weapons,” establishes two key principles: (1) expert consultants, experts, and diagnostic and analytical laboratories involved in investigations must maintain confidentiality regarding any information related to alleged chemical and biological weapons use investigations, and (2) the Member State receiving the investigation team may control access to sensitive information and areas and may designate specific information provided to the investigative team as confidential (United Nations Office for Disarmament Affairs, 2007).
These provisions created a strict separation between the investigation and the participants’ parent organizations. These applied to expert personnel serving under the mechanism, including WHO personnel participating in the mission, and sharply constrained routine information sharing with parent institutions. Operational implementation maintained this stringency: personnel seconded by WHO functioned as members of the UN-SGM mission rather than in WHO’s ordinary institutional role (Winfield, Reference Winfield2014). During UN-SGM participation, WHO personnel operated under mission-specific confidentiality arrangements that reinforced separation from WHO’s ordinary humanitarian role (United Nations Office for Disarmament Affairs, 2007; Winfield, Reference Winfield2014).
Mission participants have emphasized that while the stringent confidentiality measures primarily maintain the credibility of the investigated states and the mission itself, they consequently facilitated an operational and characteristic separation between the “core” WHO—functioning as a humanitarian health organization conducting routine assistance—and the UN-SGM. This separation effectively distinguished WHO’s dual roles: as a humanitarian agency and as a provider of technical expertise to investigative bodies. Consequently, WHO field offices, UNICEF, and other UN organizations continued their standard humanitarian operations, remaining institutionally distinct from the Syria-focused UN-SGM activities. This clear delineation helped reduce the risk of criticism or operational complications regarding their humanitarian mandate (Winfield, Reference Winfield2014, p. 10).
In particular, the framework contains provisions for the appropriate integration of specialized technical information. The UN-SGM framework does not categorically prohibit participating organizations from sharing independently acquired information with UN-SGM experts. The framework therefore allowed WHO to provide the mission with technical expertise and, where appropriate, information already in WHO’s possession, subject to the institutional arrangements governing WHO support to the mechanism and applicable confidentiality rules. This mechanism achieved a balanced approach between providing high-level technical expertise and maintaining neutrality in humanitarian decision-making.
In conclusion, the UN-SGM case study illustrates how international organizations can navigate complex confidentiality requirements within a joint investigative framework. By implementing strict internal confidentiality rules, maintaining operational separation, and facilitating a controlled exchange of information under agreed institutional arrangements (mostly under the direction of the original organizations), the UN-SGM successfully balances the need for secrecy in sensitive investigations with the benefits of interorganizational cooperation. This approach not only preserves the neutrality and integrity of the participating organizations but also enhances the overall effectiveness of the investigative mechanism, which could have extended implications for health–security collaboration in general. Seen from the perspective of the confidentiality–utility dilemma, joint investigations, such as the UN-SGM, can serve as institutionalized clearinghouses: they facilitate substantial information integration within a bounded team, while maintaining an operational distinction that helps preserve the perceived neutrality and core mandates of participating health organizations.
Discussion and conclusion: Why the design of health–security intelligence matters
This paper has used the confidentiality–utility dilemma to examine how the growing entanglement between health and security can be managed in practice. It synthesizes this analysis into three managerial “levers” at the health–security interface and presents these levers as a way of engaging the confidentiality–utility dilemma, drawing out their implications and suggesting several concrete ways in which they might be configured in practice. It has done so against the backdrop of enduring structural difficulties in governing large-scale, high-impact infectious diseases. As COVID-19 highlighted, securing effective, legitimate mechanisms for early detection and collective response remains challenging. As the potential contribution of security and intelligence actors to health capacities grows, such arrangements can partially compensate for the limitations of existing institutions and legal frameworks. Yet if they are allowed to expand without explicit design, they equally risk eroding confidentiality and privacy, undermining trust, or prompting restrictions that prevent meaningful information-sharing altogether. The deepening health–security interface is thus a site where the promise and the perils of contemporary information collection are concentrated, and one in which governance choices will have disproportionate consequences for future outbreak response.
Approached in this way, the confidentiality–utility dilemma becomes a governance problem that is likely to grow more, not less, salient as these structural trends deepen. This analysis, therefore, suggests broad implications for policy and practice, emphasizing the need for deliberate design, which we illustrate through three examples.
First, purpose-built organizational and structural interventions can do more than simply facilitate information flow; they can actively manage confidentiality. From an organizational design perspective, treating the confidentiality–utility dilemma itself as a central design constraint brings it into focus as something to be deliberately engineered rather than managed through ad hoc workarounds. Governments and international organizations establishing fusion units or liaison structures can embed this dilemma into legal mandates, governance arrangements, and standard operating procedures from the outset, explicitly positioning these arrangements at the health–security interface. Formalized structures, such as fusion centers or liaison models, need not function solely as repositories of information; they can be complemented by bounded, human-mediated channels of exchange—for example, through designated LOs or small, trusted working groups—that enable selective, case-level sharing without widening the circle of disclosure or collapsing institutional firewalls. In this way, they present a potential for reconciling the need for early information fusion with the imperative of preserving the perceived neutrality of health institutions.
Second, data-handling practices themselves require sustained attention, particularly on the security side. Conceptualizing classification tiers and de-identification rules as instruments for shaping the confidentiality–utility trade-off, rather than as neutral technical back-office matters, foregrounds them as core design levers. National security and intelligence communities can use peacetime to institutionalize share-by-design classification schemes and de-identification procedures, including explicit ex ante agreement on the scope of each tier—what can be shared, with whom, in what form, and on what timelines. This entails not only legal and policy frameworks but also investment in methodological tools for de-identifying sensitive security-relevant data, such as techniques for anonymizing mobility or transportation information in ways that preserve epidemiological value while protecting sources, methods, and operational patterns. Addressing the dilemma calls for a shift from a logic of “protect by hiding” (broad, precautionary classification) toward a logic of “protect by sharing” (classification and de-identification designed with circulation in mind). The cases discussed imply that systems not designed for sharing become sources of risk in their own right. By moving beyond crude “secret” versus “public” distinctions, share-by-design architectures create space for calibrated forms of sharing—including partially de-identified or aggregated data—that retain operational value for health authorities while managing confidentiality.
Third, joint investigative mechanisms can offer one model for managing the deepest forms of collaboration while preserving confidentiality. Conceiving mechanisms, such as UN-SGM-style missions, not only as fact-finding tools but also as potential clearinghouses that temporarily concentrate and integrate sensitive information across sectors makes their dual role in information integration and neutrality protection explicit. Acknowledging this dual role provides a basis for institutional design: joint arrangements can be configured as structural clearinghouses, with carefully crafted guarantees of independence from parent organizations, clear rules on secondment and return, and strict internal confidentiality provisions that prevent information acquired in the investigative role from being routinely reintegrated into ordinary operational chains. In a future where origin investigations and attribution debates are likely to recur, the design of such joint mechanisms—which contain sensitive exchanges within a constrained and rule-bound setting—will warrant continued scrutiny from this perspective.
Taken together, these considerations suggest that the confidentiality–utility dilemma is not a marginal technical issue of data protection, but a lens for examining how international and domestic infectious-disease governance is being reconfigured under pressure. Recognizing organizational structures, classification practices, and joint investigations as design levers in this sense helps to make visible the political choices embedded in the health–security interface, rather than treating them as purely technical or ad hoc. As states and international organizations seek to make their commitments more than words on paper, they increasingly reach for, or at least consider, capacities that reside in security and intelligence institutions. The question for Politics and the Life Sciences is therefore less whether this trajectory will materialize everywhere than how it can be governed where it does advance, so that reliance on security actors helps to compensate for existing governance limits without entrenching new forms of opacity, dependency, or rights violations. This calls for comparative empirical work on how different jurisdictions configure these managerial levers, including how they structure informal two-tier arrangements, refine classification and de-identification schemes, and mandate expert clearinghouse bodies; for research on how professionals and affected communities perceive these configurations; and for normative analysis of which confidentiality–utility trade-offs are acceptable under different political conditions. Confronting this dilemma explicitly, rather than treating it as a secondary technical concern, is essential for engaging with the structural weaknesses of an increasingly complex global health-governance landscape, rather than simply reproducing them.
Acknowledgments
The author wishes to thank the anonymous reviewers and the editor for their constructive comments and suggestions. Eiki Negishi and Yu Tamura provided valuable research assistance. The author is also grateful to colleagues and practitioners who generously shared their insights and expertise during the course of this research. Generative AI tools—OpenAI GPT-5.4, Google Gemini 3.1 Pro, and Anthropic Claude Opus 4.6—were used for English language support and basic search assistance. The author remains solely responsible for all arguments, interpretations, and any remaining errors.
Financial support
This work was supported by Japan Science and Technology Agency, PRESTO (Grant Number JPMJPR21R6, Japan); Japan Society for the Promotion of Science Grant (Grant Number JP13J09478); Health and Labour Sciences Research Grant (Grant Numbers 23BA1001) from the Ministry of Health, Labour and Welfare, Japan; and the Diplomatic and Security Research Grant (FY2021, General Program) from the Ministry of Foreign Affairs of Japan.