EDWARD SNOWDEN, the 29-year-old who has revealed himself as the source of last week's leaks about the National Security Agency's surveillance methods, is fascinating. He's a movie character come to life, and we'll be following along as his story develops.

But in the speculation over Snowden's personality and motivations, we shouldn't lose sight of the important policy questions his actions have prompted. Regardless of what we learn next about the instigator, the country will have to grapple with these:

Should the government be collecting the kind of data revealed in these leaks? We're talking about two big categories of data here. The first, phone records, has been called "metadata" because it doesn't include the content of phone calls, but it's really quite nuanced. A government employee can learn a lot from a record of whom you called, when, for how long and from where. The second category is Internet activity, which definitely includes content - emails, chats, photos, videos. Technically, the NSA is supposed to monitor foreigners (and by the way, how would Americans feel if we learned that, say, the Chinese government were reading our emails?), although U.S. citizens' data gets swept up in the process.

Obviously, this kind of information can be valuable in chasing and fighting bad guys. The issue is whether the government's current approach is overbroad, indiscriminate and intrusive. Which brings us to our next question . . .

Is surveillance subject to adequate oversight? The government should have a good reason to invade someone's privacy. One way to make sure it has a good reason is to require judicial approval for surveillance. The concern with the practices revealed in these leaks is that judicial oversight is often general, rather than case-by-case, which opens the door to abuses.

Congressional oversight is limited, too, because Congress can't consult experts or talk about their concerns.

Then there's the other kind of oversight - the oversight of the public over their democratically elected officials. Perhaps the profoundest concern here is the government's decision to keep these programs secret, apparently because officials thought terrorists might not realize the U.S. is surveilling electronic communications. They need to take more seriously their responsibility to tell the public how much they're watching us, so we can decide whether it's reasonable.

Are we comfortable with the amount of data private companies currently collect about us? Lost in all the commotion about the government accessing citizens' data is the basic point that these data exist because people give them to private companies. This brouhaha might be a good occasion to step back and think about the clarity of privacy statements and thresholds for consumer consent.

There are other questions - about privatization in the defense sector, for instance, and about how the federal government responds to leakers. We hope Congress and the president are serious about having a conversation around these issues with the public, because they may find they have no choice.