Hillary Clinton's email controversy was thrust back into the spotlight Wednesday with the release of a State Department Inspector General report that revealed new details about the server she kept in her home.
While the former secretary of state's campaign team was quick to downplay the results of the year-long audit, its publication could force Clinton to confront a number of inconsistencies in her past statements that were laid bare by the 83-page report.
Her private email use remains under investigation by the FBI.
1. She had permission and everybody knew
Since last spring, Clinton has responded to concerns about her emails by assuring voters that "everything [she] did was permitted."
"Her usage was widely known to the over 100 State Department and U.S. government colleagues she emailed, consistent with the practice of prior Secretaries of State and permitted at the time," says a statement on her campaign website.
But the inspector general report indicated Clinton had never sought permission for her unusual email arrangement.
"Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with [State Department] offices, who in turn would have attempted to provide her with approved and secured means that met her business needs," the report said, noting that agency officials "did not — and would not — approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions ... and the security risks in doing so."
A State Department spokesman said Wednesday that "while people were aware of her use of personal email ... no one had a full and complete understanding of the extent" to which Clinton used a private account.
2. She would cooperate with any investigation
Clinton said earlier this month she is "more than ready to talk to anybody, anytime" about her personal email use.
In April, she told MSNBC's Chuck Todd she was willing to address any lingering uncertainties regarding her record-keeping.
"Back in August, we made clear that I'm happy to answer any questions that anybody might have, and I stand by that," she said at the time.
However, the inspector general noted in its report that Clinton and her top aides refused to meet with the State Department watchdog to answer questions.
Of 26 questionnaires sent to Clinton's staff, only five were ever returned.
3. Colin Powell did the same thing
Clinton's team has long defended the former secretary's decision to forego use of a State Department email address by arguing others in her position had done the same — particularly Colin Powell.
"My predecessors did the same thing, and many other people in the government," Clinton said during a Democratic primary debate in March.
The Clinton campaign seized on reports in February that Powell had been contacted by the FBI as part of its investigation into private emails that contained classified information. Powell had reportedly received two sensitive emails, classified at the lowest level, during his time at State.
By contrast, Clinton had more than 2,000 classified emails on her server, with dozens classified at the "secret" and "top secret" level. Clinton also set up and maintained her own email network hosted on a server in her basement, while Powell simply used a commercial account.
Unlike Clinton, Powell agreed to be interviewed for the inspector general's report. He told the watchdog he sometimes used a personal account due to restrictions during his tenure on communicating via email with individuals outside the State Department using an official account.
The inspector general noted policies governing email usage were "very fluid" at the time Powell worked at State.
"By Secretary Clinton's tenure, the Department's guidance was considerably more detailed and more sophisticated," the inspector general wrote.
4. It wasn't against the rules
In July of last year, Clinton told CNN her private email use was not problematic because "there was no law, there was no regulation" prohibiting her from using a personal account. She has repeatedly argued that her record-keeping practices were "above board."
However, the inspector general concluded Clinton did indeed violate rules that were in place at the time she served as secretary of state.
"Secretary Clinton should have preserved any federal records she created and received on her personal account by printing and filing those records ... because she did not do so, she did not comply with the department's policies that were implemented in accordance with the Federal Records Act," the report said.
5. She turned over all her emails
Clinton said in a press conference in March of last year, during which she addressed the email controversy for the first time, that she "provided all my emails that could possibly be work-related" to the State Department.
But the inspector general highlighted gaps in Clinton's emails that suggested some official communications did not make it into the batch of 55,000 pages of records Clinton gave the agency.
According to the watchdog, those pages "included no email covering the first few months of Secretary Clinton's tenure — from January 21, 2009, to March 17, 2009, for received messages; and from January 21, 2009, to April 12, 2009, for sent messages. [The inspector general] discovered multiple instances in which Secretary Clinton's personal email account sent and received official business email during this period."
6. Her server was safe from hackers
Clinton and her allies have long argued her private email use did not put any government information at risk because her server was not vulnerable to attacks. During an October interview with "60 Minutes," President Obama publicly dismissed the suggestion that Clinton jeopardized national security information.
"We have no indication that the email was compromised, the account was compromised or hacked in any way," a State Department spokeswoman said in March 2015.
"We're not aware of any evidence whatsoever that the server was hacked," said Brian Fallon, Clinton's campaign spokesman, a year later.
However, the inspector general did provide evidence that, at the very least, attempts had been made to hack into Clinton's server. Whether those hackers were ultimately successful fell outside the scope of the audit.
The inspector general cited a March 2011 classified memo that was sent directly to Clinton warning of "a dramatic increase since January 2011 in attempts by [redacted] cyber actors to compromise the private home e-mail accounts of senior Department officials."
State Department technology officials noted "Secretary Clinton never demonstrated to them that her private server or mobile device met minimum information security requirements."
A State Department spokesman acknowledged Wednesday that "hack attempts" were made on Clinton's server and could not conclude with certainty that those attempts were unsuccessful.