A new congressional report recommending a FedRAMP-style framework for commercial data brokers has reignited a long-running debate in Washington: whether federal agencies should be able to buy sensitive personal data on the open market without the same legal scrutiny required for traditional surveillance.

Supporters of reform argue that the rapid growth of the data brokerage ecosystem (typical in the private sector across enterprise retail and social media) has outpaced oversight. National security officials, however, claim that commercially available data has become an essential tool for mission execution. The report’s recommendations suggest policymakers are increasingly interested in closing that gap.