SAN FRANCISCO — In 2014, Twitter began building a system that would record when its employees viewed user information. It wasn’t long before the system triggered alarm bells.
The new technology revealed that two Twitter employees had looked at the personal information of dissidents who criticized the Saudi Arabian government, a Twitter security executive testified Tuesday. But the logs also showed that the employees viewed information tied to other accounts, including the official account of King Salman and those that shared news from Lebanon and Saudi Arabia.
“Certainly it raised some red flags,” said Seth Wilson, the director of information security at Twitter.
The new details about the scope of the employees’ access emerged in the trial of Ahmad Abouammo, a former Twitter employee who is accused of gathering the personal information of political dissidents and passing it to Saudi Arabia in exchange for a luxury watch and hundreds of thousands of dollars.
In 2019, the Justice Department charged him and Ali Alzabarah, his former colleague, with acting as agents of a foreign power inside the United States without properly disclosing their work. Lawyers for Mr. Abouammo have argued that he did not share private information with Saudi officials, and pointed out that other employees also viewed account information without clear justification.
Mr. Wilson said he investigated Mr. Abouammo’s access of users’ Twitter accounts and found that he had likely viewed phone numbers and email addresses of dissidents during the early months of 2015. According to the testimony, Mr. Abouammo had also likely viewed dissidents’ internet protocol addresses, which identify devices on internet networks and can sometimes be used to deduce users’ locations.
“If I recall, there were some accounts that appeared to be commensurate to their job responsibility of helping individuals get their accounts verified,” Mr. Wilson said. “But a significant number, I questioned. I could not find a reasonable justification for the accesses.”
Mr. Wilson also testified that Mr. Alzabarah had viewed information connected to King Salman’s Twitter account, and to Mr. Abouammo’s account.
The investigation prompted a security overhaul at Twitter, and the company tried to clamp down on the number of employees who could access sensitive information, Mr. Wilson said.
“We had identified individuals who were misusing and abusing their access for nefarious purposes,” he said. “The goal, longer term, of the program was to identify ways of not only how could we log it and identify it, but how could we potentially stop it or detect it sooner than what occurred in 2014 and 2015.”