Obama decides U.S. should reveal, not exploit, most Internet security flaws

Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security it should – in most circumstances — reveal them to assure they get fixed, rather than stockpile them for use in espionage or cyberattacks, senior administration officials said Saturday.

But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to build a cyberarsenal that it can use both to crack encryption on the Internet or design cyberweapons. The White House has never publicly detailed Mr. Obama’s decision, which he made in January as he launched a three-month-long review of recommendations by a presidential advisory committee on actions warranted in response to recent disclosures about the National Security Agency.