While Secretary of State, Hillary Clinton used a personal email account, which was hosted on a personal server, to conduct official business.
This practice was rare but not unprecedented
A May 2016 State Department Office Inspector General (OIG) report stated that many State Department officials over the past few administrations have at times used personal emails to conduct official business, but the report found that only Clinton, Colin Powell, and a former ambassador had used private systems on "an exclusive basis for day-to-day operations."
This practice violated State Department policy
Government employees are permitted to send official emails on private systems. But in recent years the State Department issued various memos stating that the majority of one's official emails should be conducted on State Department systems. The State Department's Inspector General stated that Clinton had an obligation to discuss her email practice with the Department's Chief Information Officer and Assistant Secretary for Diplomatic Security. These individuals have stated that they would have not approved her email practice had they been aware of it.
Some of Clinton's emails contained classified information
The FBI reviewed over 30,000 Clinton emails and found that 110 emails contained classified information at the time they were sent, and 3 of those emails were marked classified at the time, although they were not properly marked.
Clinton probably didn't know that these emails contained classified information
Clinton says that she viewed classified information in hard copy, and indeed emails from her tenure show Clinton staffers discussing that they couldn't email confidential information over the private server.
It's true that the FBI found that Clinton sent 3 emails that were marked classified, but FBI Director James Comey testified before Congress that these emails were not marked in accordance with State Department procedures and that Clinton therefore might not have known they were classified.
Clinton was "careless"
Comey stated that Clinton and her colleagues "were extremely careless in their handling of very sensitive, highly classified information" and that "any reasonable person in Secretary Clinton’s position" should have known that many of the classified matters discussed in her emails should not have been discussed in "an unclassified system."
Clinton did not break the law
Comey stated that there is no precedent for prosecuting Clinton, as there is no evidence that she intentionally mishandled classified information or acted disloyally to the United States.
Law Professor Steve Vladeck explains Comey's conclusion by noting that "federal law doesn't prohibit the discussion of classified information over unsecured networks." Some have suggested that Clinton broke the Espionage Act, but Vladeck explains that Clinton did not violate 18 USC 793(d), which forbids giving classified information to "any person not entitled to receive it," because her emails were to staffers authorized to receive such information.
Others have argued that Clinton violated 18 USC 793(f) of the Espionage Act, which forbids officials from allowing, "through gross negligence," classified information to be "removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed." But Dan Abrams points out that the legal meaning of "gross negligence" is not the same as "extreme carelessness," which is how Comey described Clinton's email practices. Abrams further points to a 1941 Supreme Court ruling which stated that the authors of the Espionage Act only intended to criminalize actions intended to injure the United States.
Clinton's staff deleted some work-related emails
Clinton's attorneys said they deleted 32,000 emails which were "personal and private," many of which the FBI recovered. Comey confirmed that some of these deleted emails were in fact work-related. Comey stated that the bureau found no evidence that these latter emails "were intentionally deleted in an effort to conceal them."
There is no evidence that Clinton's account was hacked.
Comey stated that the FBI "did not find direct evidence that Secretary Clinton’s personal e-mail domain, in its various configurations since 2009, was successfully hacked."
Even if she'd been hacked, the hackers would not have learned any government secrets
Overclassification has long been a problem in the government, and mention of certain topics is automatically classified, even if the information discussed is already well-known to the public. Seven of the eight top secret chains contained publicly-accessible information about the CIA's drone program. The eighth chained described a conversation with the president of Malawi. Mention of the drone program and conversations with foreign leaders are automatically classified.
Clinton's motives were not nefarious
Hillary Clinton is deeply paranoid and not without good reason. Dylan Matthews reminds us that the Clintons have been viciously, often unfairly, besmirched since 1992. "When their close friend killed himself," Matthews writes, "they were accused of murder. When they lost money on a bad real estate deal that a friend who turned out to be a con artist suckered them into, it triggered a federal investigation...When they tried to clean up a White House office that the FBI was investigating for financial improprieties, the independent counsel wound up looking into their actions."
Matthews concludes that this blatantly unfair treatment left Bill and Hillary "sufficiently jaded and paranoid," causing them to believe that "their own conduct is irrelevant to whether they’ll be targeted," which in turn lead to carelessness, which in turn lead to more scandals, and so on. I think there's something to that, and I also think that the Clintons, knowing that their opponents will distort any little action in hopes of vilifying them, have become especially secretive, which in this case has backfired colossally.
Clinton hasn't really taken responsibility for her actions
Clinton didn't do anything awful, but she did violate State Department policy, and her actions were clearly stupid and potentially harmful to US security. She's said she made a mistake and regrets relying solely on her private server, but as Alan Jacobs writes, she really ought to give a sincere, humble apology -- e.g., “What I did with that private email server was stupid and wrong. I am sorry and I will learn from this and not make the same mistake again. And, just for the record, the ability to admit when I’m wrong is one of the major points that distinguishes me from my opponent.”
* * * * *
 A 2009 National Archives and Records Administration (NARA) regulation states that "federal agencies may allow their employees to send and receive work-related emails 'using a system not operated by the agency.'"
 The State Department's Inspector General noted in a recent report that between 2005 and 2011 the State Department revised the Foreign Affairs Manual (FAM) and "issued various memoranda specifically discussing the obligation to use Department systems in most circumstances and identifying the risks of not doing so." Throughout Clinton's tenure as Secretary of State, "the FAM stated that normal day-to-day operations should be conducted on an [Automated Information System]."
 The Inspector General "found no evidence that the Secretary requested or obtained guidance or approval to conduct official business via a personal email account on her private server."
 These were the emails that Clinton returned to the State Department in 2014. The FBI also recovered several thousand emails that Clinton had not returned, some of which were recovered by reviewing archived emails of government accounts to which Clinton had emailed. Of these additional emails, three contained classified information.
 Andrew Prokop explains that the emails in question did not bear "the traditional headers at the top of the document saying they were classified. Instead, Comey said, each had the letter C in parentheses -- a marking for confidential classified information -- down in the body." Saith Comey: "I think it’s possible, possible that she didn’t understand what a C meant when she saw it in the body of an email like that. I don’t think our investigation established she was particularly sophisticated with respect to classified information and the levels."
 Comey: "In looking back at our investigations into mishandling or removal of classified information, we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of: clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here."
 Comey also testified that the FBI did not seriously consider prosecuting Clinton for violating this statute because there is concern over its constitutionality.
 Comey: "Our assessment is that, like many e-mail users, Secretary Clinton periodically deleted e-mails or e-mails were purged from the system when devices were changed. Because she was not using a government account—or even a commercial account like Gmail—there was no archiving at all of her e-mails, so it is not surprising that we discovered e-mails that were not on Secretary Clinton’s system in 2014, when she produced the 30,000 e-mails to the State Department."
 Fred Kaplan writes that, "[a]s anyone who’s ever had a security clearance will tell you, the labels secret and confidential mean next to nothing." Regarding the top secret emails, Kaplan notes that "[s]even of the eight email chains dealt with CIA drone strikes, which are classified top secret/special access program—unlike Defense Department drone strikes, which are unclassified. The difference is that CIA drones hit targets in countries, like Pakistan and Yemen, where we are not officially at war; they are part of covert operations. (Defense Department drone strikes are in places where we are officially at war.) But these operations are covert mainly to provide cover for the Pakistani and Yemeni governments, so they don’t have to admit they’re cooperating with America. Everyone in the world knows about these strikes; nongovernment organizations, such as New America, tabulate them; newspapers around the world—including the New York Times, where some of the same reporters are now writing so breathlessly about Clinton’s careless handling of classified information—cover these strikes routinely." Kaplan notes that "[t]The other top secret email chain described a conversation with the president of Malawi. Conversations with foreign leaders are inherently classified." All of which means that, "even if Russian, Chinese, Iranian, or Syrian spies had hacked into Clinton’s email servers, and if they’d pored through 60,000 emails and come across these eight chains that held top secret material, they would not have learned anything the slightest bit new or worthy of their efforts."