The leak rekindled a debate between security officials, civil libertarians and the cybersecurity industry over when spy agencies should disclose to technology companies that they have found flaws in their systems. The spy agencies can use those flaws to gather valuable intelligence about terrorists and foreign governments, but there is also a risk that criminals or rival spies find the same flaws and use them to target Americans.