Saudi Arabia‘s government, frustrated by growing criticism of its leaders and policies on social media, recruited two Twitter employees to gather confidential personal information on thousands of accounts that included prominent opponents, prosecutors alleged on Wednesday.
The complaint unsealed in US District Court in San Francisco detailed a coordinated effort by Saudi government officials to recruit employees at the social media giant to look up the private data of Twitter accounts, including email addresses linked to the accounts and internet protocol addresses that can give up a user’s location.
The accounts included those of a popular critic of the government with more than one million followers and a news personality. Neither was named.
Two Saudi citizens and one US citizen allegedly worked together to unmask the ownership details behind dissident Twitter accounts on behalf of the government in Riyadh and the royal family, the US justice department said.
According to a court filing, they were guided by an unnamed Saudi official who worked for someone prosecutors designated “Royal Family Member-1,” which The Washington Post reported was Saudi Crown Prince Mohammed bin Salman or MBS as he is commonly known.
Those charged were Twitter employees Ali Alzabarah and Ahmad Abouammo, along with Ahmed Almutairi, a marketing official with ties to the royal family.
“The criminal complaint unsealed today alleges that Saudi agents mined Twitter’s internal systems for personal information about known Saudi critics and thousands of other Twitter users,” said US lawyer David Anderson.
“US law protects US companies from such an unlawful foreign intrusion. We will not allow US companies or US technology to become tools of foreign repression in violation of US law,” he said in a statement.
The lawsuit comes as US-Saudi relations continue to suffer strains over the brutal, Riyadh-sanctioned murder one year ago of Saudi journalist Jamal Khashoggi, who wrote for, among others, The Washington Post newspaper
A critic of MBS, Khashoggi was killed and dismembered inside the Saudi consulate in Istanbul.
According to the Post, US intelligence has concluded that the prince himself was closely linked to the murder.
The criminal allegations reveal the extent the Saudi government went to control the flow of information on Twitter, said Adam Coogle, a Middle East researcher with Human Rights Watch.
‘The Black List’
The platform is the main place for Saudis to express their views, and about a third of the nation’s 30 million people are active users. But the free-wheeling nature of Twitter is a major source of concern for the authoritarian regime, Coogle said.
The government has used different tactics to control speech and keep reformers and others from organising, including employing troll armies to harass and intimidate users online. It has even arrested and imprisoned Twitter users.
The crown prince’s former top adviser, Saud al-Qahtani, who also served as director of the cybersecurity federation, started the “Black List” hashtag to target critics of the government. He ominously tweeted in 2017 that the government had ways of unmasking anonymous Twitter users.
“Does a pseudonym protect you from #the_black_list? No,” al-Qahtani wrote, according to a report by Coogle released this week. “1) States have a method to learn the owner of the pseudonym 2) the IP address can be learned using a number of methods 3) a secret I will not say.”
“If you combine that with what we know about at least these two individuals and what went on in 2014 and into 2015, it’s pretty chilling,” Coogle said.
Al-Qahtani has been sanctioned for his suspected role in orchestrating the brutal killing of Khashoggi. His Twitter account was suspended in September for violating its platform manipulation policy.
Twitter acknowledged that it cooperated in the criminal investigation and said in a statement that it restricts access to sensitive account information “to a limited group of trained and vetted employees.”
“We understand the incredible risks faced by many who use Twitter to share their perspectives with the world and to hold those in power accountable,” the statement said.
“We have tools in place to protect their privacy and their ability to do their vital work.”
A critic said Twitter did not live up to its principle of restricting access to information about private individuals to the smallest possible number of employees.
“If Twitter had implemented this principle, this misappropriation of information would not have been possible,” said Mike Chapple, who teaches cybersecurity at the University of Notre Dame’s Mendoza College of Business.
“Social media companies must understand the sensitivity of this information and restrict access to the smallest possible number of employees. Failing to do so puts the privacy, and even the physical safety, of social media users at risk.”