Friday, March 24, 2023 | Back issues
Courthouse News Service Courthouse News Service

Ex-Twitter employee had no reason to access user accounts, security chief testifies

Twitter beefed up security after flagging unauthorized access of certain accounts connected to Saudi Arabia.

SAN FRANCISCO (CN) — Ahmad Abouammo had no justifiable reason to access Twitter users’ private data for his job as a media strategist, former colleagues testified Tuesday at a trial where he is accused of using his inside access at the company to spy for Saudi Arabia.

Prosecutors say Abouammo used an internal Twitter tool called “profile viewer” to gain access to personal identifiers like email addresses, phone numbers and the log-in locations of anonymous dissidents who criticized the Saudi Arabian government.

Seth Wilson, who heads Twitter's information security team, said Abouammo’s interest in the account “raised some red flags,” since Abouammo would not have a reason to use the profile viewer tool in his job managing media partnerships. “I could not find a reasonable justification for the accesses,” Wilson testified.

Jurors were also treated to an exhaustive display of spreadsheets detailing the dates and timestamps of every instance where Abouammo viewed various profiles from late 2014 through February 2015.

The logs showed Abouammo’s particular interest in @Mujtahidd, the handle of an anonymous activist who tweets critically about the Saudi royal family. Abouammo viewed the personal details connected with this account multiple times throughout January and February 2015.

Prosecutors say Abouammo passed his findings on to Bader Al-Asaker, a top aide to Crown Prince Mohamed Bin Salman, in exchange for a luxury watch and hundreds of thousands of dollars that he laundered through a bank account in Lebanon.

Abouammo and former co-worker Ali Alzabarah were charged in 2019 with acting as agents on behalf a foreign government. Abouammo, who left Twitter in 2015 to work for Amazon, was arrested at his home in Seattle while Alzabarah fled to Saudi Arabia.

The pair also accessed a number of other accounts, many of which are now suspended for violating Twitter’s policies. Alzabarah was the more prolific of the two, which Abouammo’s attorney Jerome Matthews emphasized to the jury. He noted that some of the accounts were not accessed by Abouammo at all, and that many other employees had looked at the @Mujtahidd account specifically; including those whose jobs did not give them good reason.

Wilson said only customer support and “trust and safety” staff would have grounds to use the profile viewer tool with any regularity. Alzabarah, a site engineer, certainly did not. “Alzabarah, due to the nature of his role, would have very little reason or justification for the access and the amount of access raised suspicion,” Wilson said.

The red flags prompted Twitter to try to curb unauthorized access to user accounts by its employees. “It has certainly affected us from the standpoint where we had identified individuals who were misusing and abusing their access for nefarious purposes,” Wilson said. “So the goal longer term of the program was to identify ways of not only how could we log it and identify it, but how could we potentially stop it or detect it sooner.”

To justify his contact with Al-Asaker, his receipt of cash and the watch, and his interest in accessing various user accounts, Abouammo’s defense team has leaned heavily on his role as the only media partnerships manager for Twitter’s Middle East North Africa (MENA) region.

Abouammo’s attorneys argued that Abouammo was merely doing his job and cultivating business relationships in an emerging market.

But Lara Cohen, Twitter’s VP of partners who held the same job as Abouammo back in 2014, said there was no reason for someone on the media team to use the profile viewer tool, and that she had never used it herself.

Cohen said media partnerships managers acted as “white glove” liaisons between public figures and Twitter’s internal support teams, but are not allowed to give more attentive customer service to high-profile users.

Cohen also said it would have been a violation of Twitter’s policy for employees to look at a user’s sensitive data just out of curiosity. “There was a lot of focus around not having access to someone's private data unless you authorized to do so,” she testified.

"Was a media partnerships manager permitted to look at a Twitter user's personal identifying information even if a notable account asked them to do so?” Assistant U.S. Attorney Christine Bonomo asked, to which Cohen replied, “No. And I never have, or knew of anyone who did.”

Cohen said the same policy applies to managers in emerging markets.

“There's always been a lot of careful privacy around not accessing information you didn't need to,” she said.

Abouammo’s attorney Angela Chuang noted on cross that Cohen has never worked with government officials or foreign dignitaries, though she does manage partnerships with celebrities.

Chuang asked Cohen if her job entailed "trying to maintain the relationships and not let them go sour.” When Cohen answered yes, Chuang asked if her celebrity clients were demanding.

“Yes,” she replied. “But it was clear there was no special treatment.”

Read the Top 8

Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.