THE BURNED OVER DISTRICT

And in the world of software there exists a subset of people who examine every line of code written for whatever flaws may exist. Some have good intentions, some have bad intentions and some are just wiseass punks looking for trouble. And then there is the NSA which has the taxpayer funded size and means to find and exploit all those flaws first. And now our President has decided how the NSA will use that ability.

Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.

But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.

The White House has never publicly detailed Mr. Obama’s decision, which he made in January as he began a three-month review of recommendations by a presidential advisory committee on what to do in response to recent disclosures about the National Security Agency.

But elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a “bias” in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers.

Caitlin Hayden, the spokeswoman for the National Security Council, said the review of the recommendations was now complete, and it had resulted in a “reinvigorated” process to weigh the value of disclosure when a security flaw is discovered, against the value of keeping the discovery secret for later use by the intelligence community.

“This process is biased toward responsibly disclosing such vulnerabilities,” she said.

The national security exception to disclosure is understandable. It is the law enforcement exception that is scary. Every LEO worth his or her paycheck will tell you their "need" reaches that level of necessity. What will be missing is any attempt to gain a court order or warrant to exploit that flaw, a prima facie violation of the 4th Amendment. Or it would be a violation if the 4th Amendment still existed. As the President and the NSA have made clear, that amendment to the Constitution is now moot.