The steady “drip, drip, drip” of the Hillary Clinton email flap — combined with aggressive spin launched this week by the Clinton campaign — creates confusion about the underlying facts. Is the email controversy a real risk for the Democratic Party front-runner? Or as her campaign suggests, is it part of another well-orchestrated attack by her Republican enemies? Here’s a rundown of 10 key issues.

1) Hillary Clinton insisted she did not send or receive classified messages. Has that changed?


At her initial press conference on the email flap in March, Clinton denied that any classified information passed through a private server she used for both her personal and official email while she served as secretary of state.

“I did not email any classified material to anyone on my email. There is no classified material,” she said. “So, I’m certainly well-aware of the classification requirements and did not send classified material.”

While Clinton’s comments focused on information she sent, her office sent reporters a question-and-answer release that went further. “Was classified information sent or received by Secretary Clinton on this email address? No,” the statement said.

But State Department officials have said that they informed Clinton’s team in May that some messages from her account had been deemed classified. That was just before State publicly released about 300 Clinton emails related to Benghazi and Libya and declared one of them classified at the “SECRET” level at the FBI’s request.

Batches of emails released in June and July in accordance with a judge’s order also had portions deleted. About 60 messages and some copies were classified “CONFIDENTIAL” in order to protect diplomatic secrets.

The situation intensified on July 24. A spokesperson for Intelligence Community Inspector General I. Charles McCullough said a sample of 40 Clinton emails examined by his office turned up four that contained information that is considered classified and was classified at the time they were sent, although they were not marked as classified.

Around that time, Clinton made a subtle but significant wording change. She told reporters at a July 25 campaign stop in Iowa: “I did not send nor receive anything that was classified at the time.”

She refined her statement even more Tuesday at a press conference in Las Vegas. Clinton emphasized that she was not put on notice that information she was sent was classified. “I did not send classified material and I did not send any material that was marked or designated classified,” she said.

At the moment, about 60 emails have been officially classified, although a dispute remains between the State Department and other agencies about four or more other messages. The State Department said in a court filing Monday that after working through about 20 percent of the messages, 305 other emails have been referred to intelligence agencies for reviews that could result in classification. The numbers are likely to grow as State and intelligence agencies keep plowing through records to carry out a monthly email release ordered by a court.

And the Clinton campaign, in a push back launched Wednesday, insisted that the real problem is the dysfunctional system the government uses for document classification. It contends that many documents in question never needed to carry a classified designation.

2) How sensitive were the classified emails found on Clinton’s server?

The intelligence community says at least two emails contained information that was and is classified “TOP SECRET/SI/TK/NOFORN,” a designation for electronic surveillance-based intelligence obtained from aircraft or satellites. The “NOFORN” restriction prohibits distribution to foreign governments.

The State Department has disputed the classifications, and they are being reviewed by the Director of National Intelligence. Most of the roughly 60 emails classified thus far have been marked “CONFIDENTIAL,” the lowest tier of classified information and one usually reserved for diplomatic communications.

3) Clinton has said concerns about the emails she sent and received on her private server escaping scrutiny were overblown, since the emails of State Department employees are routinely preserved. Is that true?

Not really. According to State Department spokespeople, employee email accounts were not automatically archived during Clinton’s tenure.

However, employees were expected to print and file emails of significance. Some moved emails from their accounts into shared drives on State Department networks, officials said.

State may have left the impression that emails for some Clinton’s aides were destroyed or overwritten because it responded “no records” to some requests made under the Freedom of Information Act. But in recent court filings, the agency has indicated that it now has at least partial archives of official email accounts used by some top Clinton officials.

4) How many people have copies of Hillary’s emails?

Right now, the only full sets of the emails Clinton and her lawyers deemed work related are in the State Department’s possession. The agency has paper copies of roughly 30,000 emails, and the FBI has obtained three thumb drives containing electronic copies from Clinton’s personal attorney David Kendall. Clinton has said she destroyed any emails she and Kendall considered personal in nature.

5) Hillary said her emails are being made public because she asked for full disclosure. Is that so? And why didn’t she just release all the emails and get this over with?

No, that’s not so. While Clinton has claimed the emails are being made public “only” because she asked that they be released, there are nearly 40 Freedom of Information Act lawsuits pending that could require searches of her emails and at least one — filed by Vice News — that sought all of her emails. Clinton’s wishes are beside the point, especially since a judge issued an order in May requiring monthly releases of the email trove.

Some Clinton allies have called on her to “lance the boil” by getting all of her emails out, and the Clinton campaign has said she’s eager to make them public as soon as possible. But having Clinton release the emails herself would have been a politically and perhaps legally dangerous maneuver. The State Department directed her in March not to release the emails without its permission and said that the agency needed to review the records for information that should not be disclosed “for privilege, privacy or other reasons.”

The intelligence community is now accusing the State Department of releasing at least some classified information in the emails during the Freedom of Information Act process. If Clinton had released the messages on her own, her troubles would only be worse.

6) Clinton said she violated no State Department policies and that use of personal email for work purposes was permitted at that time. Is that true?

It is true there was no flat-out ban on employees using personal or private email accounts for work. However, numerous State Department inspector general reports during Clinton’s tenure faulted State employees worldwide for using personal email for work. In addition, a cable sent to department staffers following revelations of hacking into Gmail accounts in 2011 said: “Avoid conducting Department business from your personal email accounts.”

POLITICO also reported in March that a State Department policy in effect since 2005 said: “It is the Department’s general policy that normal day-to-day operations be conducted on an authorized [Automated Information System], which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information.”

Despite the “general policy” language, State officials said those limits applied only to information designated as “sensitive but unclassified.” However, more than 60 such messages have been found in Clinton’s emails. Clinton spokespeople have pointed to the “SBU” marking as evidence that Clinton and her aides didn’t consider the messages classified, but even “SBU” messages were not supposed to be routinely kept on private accounts.

“With respect to the law, the secretary has made clear that this was permitted. With respect to practices at the State Department in terms of what was deemed allowable for previous secretaries of state, this was permitted,” Fallon said when asked by POLITICO on Wednesday about the SBU messages. “I think, in general, you have heard her express her sentiment that if she had to do it over again she would do it differently … other than that, we don’t concede to the premise that this email [marked SBU] suggests that there was some kind of policy violated.”

7) Was Clinton ever subpoenaed for her emails?

Yes, she was — but not until after she’d had her personal emails wiped.

Since a CNN prime-time interview in July, Clinton has claimed she was never subpoenaed for documents. The campaign and the House Select Committee on Benghazi have ping-ponged back and forth over what exactly she meant and whether she lied.

In the interview, Clinton was being questioned specifically on why she would wipe her server if she was subpoenaed by Congress. She defensively and quickly answered: “I’ve never had a subpoena.”

Republicans pounced because the Benghazi committee did, in fact, issue a subpoena for her communications on March 4. But her server had already been wiped by that time. Her lawyers say that happened shortly after she turned over her emails to State on Dec. 5, 2014.

So what she should have said was she wasn’t subpoenaed at the time.

In the same interview, Clinton also claimed she “didn’t have to turn over anything” and “chose to turn over 55,000 pages, because I wanted to go above and beyond what was expected of me.”

That’s misleading. The only reason State asked Clinton for the emails in the first place was because Republicans had been pressing since the previous summer for her communications as part of the Benghazi probe. And she was, in fact, required to hand over official records once it became clear she had them.

8) Can the emails or some other data from her server be retrieved?

Probably.

Clinton said she wiped her server clean after handing over the 30,000 emails she deemed official State Department records, and Clinton’s camp has maintained that none of her emails from that period — including another 32,000 or so she had erased — are on the server.

But deleted emails are rarely completely gone. The best computer forensics can uncover wiped and deleted information—if the price is right. The process is expensive, as the IRS inspector general learned when it hired an outside computer forensic expert to find lost Lois Lerner emails on backup tapes thought to be overwritten.

The FBI itself has suggested this might be possible. Two sources with “direct knowledge” of the FBI investigation of Clinton’s email set-up told NBC News on Tuesday they thought they could recover some deleted emails.

9) Did anyone approve Clinton’s use of a private email account and server?

That’s a huge question — and one lawmakers on Capitol Hill have asked the State Department inspector general to sniff out.

For months, reporters have asked State Department spokespeople who on the department’s IT or security staff had knowledge of the issue and who gave the green light for Clinton to use an email server, housed at least for a time at her Chappaqua, N.Y. home.

But State has not answered.

At a press conference Tuesday, spokesman John Kirby reiterated that a number of people on Clinton’s staff knew she used a private email — especially those who emailed her at that address. But, he said, “I don’t have any more details with respect to the IT people and what they did or didn’t know at the time and what they did or didn’t do at the time.”

10) Could Hillary Clinton or anyone else have broken the law?

Republicans say a variety of criminal statutes may have been violated. Former Attorney General Michael Mukasey recently wrote a Wall Street Journal op-ed arguing that Clinton may have violated a federal misdemeanor statute involving mishandling of classified information or a couple of other laws regarding removing federal records or negligent destruction of “national defense” information.

However, Mukasey acknowledged that the laws require “knowing conduct,” so Clinton would have had to have known or had good reason to believe that the information in her account was classified. This may be at least part of why she and her aides are so insistent she had no inkling it was.

Of course, if some of the information was classified but not marked, an official who knew it was classified but sent to Clinton on the unmarked system could be in some jeopardy. Still, there have been few if any criminal cases that appear to have stemmed from mistake or even mere negligence. Removing classification markings from a document or email would be a sign of bad faith, but State officials say they don’t believe that happened.

“We’ve seen no indication – and I’ve said this before – that any classification markings were stripped. So, we see no indications that upon entry into the system people would have readily seen and known that they were classified in nature,” State spokesman John Kirby said Tuesday.

The live question at the moment seems to be less whether anyone will be prosecuted, but whether the FBI will upgrade the security review into a full-fledged criminal investigation where the motivations of the various players would be more minutely scrutinized.

“In the absence of markings that officially designate something classified, reasonable people each taking their responsibilities seriously can nonetheless disagree on the character of the information they’re dealing with and both can be completely justified in that perspective.. That is why we are so confident that this review will remain a security-related review,” Fallon said Wednesday. “Once qualified authorities within the government have rendered their judgment about the information being unclassified, it is a little a little hard to declare things classified after the fact and attempt to hold people accountable that were operating on that original premise.”