Democratic presidential candidate Hillary Clinton agreed on Tuesday to turn over her private email server and a thumb drive containing work-related emails to the FBI, her campaign said, shortly after an inspector general for the U.S. intelligence community determined at least five emails on the server were in fact classified.

Clinton’s aide said the former Secretary of State understands authorities are chiefly concerned with the security of the classified emails, which, during Clinton’s tenure, had not been marked as classified. Clinton has said repeatedly that she did not knowingly send or receive any classified information from the private email.

Here’s everything to know about the controversy.

So what happened?

The New York Times reported in March that Clinton had exclusively used a private email account for her government business during her tenure as Secretary of State, rather than a government email account. And a subsequent Associated Press report said Clinton used her own email servers, rather than a third-party provider like Gmail or Yahoo Mail. That’s raised questions about whether Clinton was making a deliberate attempt to prevent her messages from being disclosed by open records requests or subpoenas.

Clinton’s campaign has said she followed both “letter and spirit of the rules,” but the snafu has played into Republican criticisms of her as secretive and politically calculating. Clinton tried to contain the damage in a tweet immediately after the news broke.

Wait. What’s the big deal?

A top U.S. diplomat working only on a personal email account raises an obvious question: Did Clinton stay off government email to hide something? Federal regulations are meant to prevent a situation in which officials, by keeping emails “off the record,” could thwart information requests made by the public or the government. When Clinton took office in 2009, federal rules required that government employees using a non-government email account “must ensure that Federal records sent or received on such systems are preserved in the appropriate agency recordkeeping system.” (It was only last year, one year after Clinton’s tenure had ended, that President Obama signed a explicitly limiting U.S. officials’ use of private email accounts for business matters.) But Clinton aides are the only ones who have determined what amounts to official correspondence and what doesn’t, and others might come to different conclusions.

Did Clinton break the law by using a private email account?

Probably not, but we’re still in a legal grey area. The Federal Records Act—passed in November, after Clinton left the State Department—requires government officials’ emails that are sent from personal account to be forwarded to an official account within 20 days. But during Clinton’s tenure, it was never explicitly required that top-level officials like Clinton use government-issued accounts. “What she did was not technically illegal,” Patrice McDermott, a former National Archives staffer and the head of the transparency group Open The Government coalition, told The Hill newspaper. But, she said, “it was highly inappropriate and it was inappropriate for the State Department to let this happen.”

Because her official emails were sequestered on her private email address, much of her correspondence was not openly available via the Freedom of Information Act (FOIA), which gives the public right to access information from the federal government.

What about the classified emails? Did that break the law?

Possibly. As TIME’s Massimo Calabresi writes, “If Clinton knowingly used her private server to handle classified information she could have a problem. But if she didn’t know the material was classified when she sent or received it she’s safe.”

Will we ever see all these emails? Or have they simply disappeared?

Clinton’s team turned over more than 50,000 pages of emails from her personal email account to the State Department late last year, when the Federal Records Act was passed, at the department’s request.

Since then, the State Department has begun to release batches of those emails to the public, in compliance with a judge’s order. The subjects of the emails range from the 2012 attack on the U.S. consulate in Benghazi to casual correspondences with her staff.

How do we know that she turned over all required emails?

We don’t. For several years, media outlets have filed requests for Clinton’s official correspondences during her tenure under FOIA. These requests have remained unreturned or unfulfilled, though the State Department has acknowledged their receipt. Theoretically, all of Clinton’s emails concerning government matters during her tenure fall under FOIA’s domain—but they are inaccessible if they were sent between Clinton’s private account and a third-party agency, such as a nonprofit foundation or a private consultancy. Clinton would need to provide these emails herself.

Have other U.S. officials used private email accounts?

Yes. Several officials in the Bush Administration, such as Karl Rove, were heavily criticized for using personal e-mail accounts to send emails from the White House. While Clinton herself has not commented on the situation, Nick Merrill, a Clinton spokesman, noted that former Secretaries of State in both parties had also used their own email accounts when engaging with U.S. officials.

Were they punished?

We don’t know. There haven’t been reports outlining specific repercussions against those officials who used private accounts for business emails. The White House has repeatedly made its e-mail policy clear each time the issue arises. “Very specific guidance has been given to agencies all across the government, which is specifically that employees in the Obama administration should use their official e-mail accounts when they’re conducting official government business,” White House Press Secretary Josh Earnest said Wednesday.

How much do high-ranking officials like Clinton really use email?

It varies. Janet Napolitano, the former Secretary of Homeland Security, was known for never using email at all. It’s unclear exactly how often Clinton emailed, but certainly enough for her team to turn over 50,000 pages worth of emails. During her time as Secretary of State she was often spotted looking down at her BlackBerry—the image of her doing so in sunglasses inspired a Texts from Hillary meme.

So what Internet service did she use?

Clinton used a private email server registered back to her family’s home in Chappaqua, N.Y., the AP reports. That means she or someone working for her physically ran her own email, giving her wide-ranging control over her message archives. It also could have made her emails more vulnerable to hackers or physical disasters like fires or floods. The Secret Service would have been able to protect an email server in Clinton’s home from physical theft, however.

Clinton reconfigured her email account in November 2012 to use Google servers as a backup . Five months after she resigned as Secretary of State, her email server was reconfigured again, switching her backup provider to a Denver-based email provider called MX Logic.

Who’s this Eric Hoteham figure?



Eric Hoteham is the mysterious name associated with Clinton’s private server account. But no public records of “Eric Hoteham” appear to exist, and the name wasn’t found in campaign contribution records or elsewhere, the AP reports. Politico reported on Wednesday that Hoteham is a Washington stockbroker and former aide to the Clintons.

What email address did she use?

One of her private email addresses was hrd22@clintonemail.com. HRD appears to stand for her premarital initials (Hillary Diane Rodham, as opposed to now Hillary Rodham Clinton). But it’s unclear what the 22 is for. She was sworn in on Feb. 2—or 2/2.

Read next: 5 Things You Didn’t Know About Using Personal Email at Work

Get The Brief. Sign up to receive the top stories you need to know right now. Please enter a valid email address. Sign Up Now Check the box if you do not wish to receive promotional offers via email from TIME. You can unsubscribe at any time. By signing up you are agreeing to our Terms of Use and Privacy Policy . This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Thank you! For your security, we've sent a confirmation email to the address you entered. Click the link to confirm your subscription and begin receiving our newsletters. If you don't get the confirmation within 10 minutes, please check your spam folder.

Listen to the most important stories of the day.

Contact us at letters@time.com.