Saudi Journalist’s Hacking Case Against Twitter Falls Short, Court Says in Dismissal Ruling

An opinion issued on Tuesday found in favor of Twitter Inc., in a case brought by Ali Al-Ahmed, a Saudi Arabian journalist and leading critic of the Kingdom of Saudi Arabia (KSA) granted asylum in the United States. Judge Edward M. Chen ruled that most of the 20 claims related to the hacking of his Twitter account were time-barred and the rest blocked by Section 230 of the Communications Decency Act (CDA) or for failure to state a claim.

Al-Ahmed alleged that the hacking of his Twitter account by Twitter employees, undercover KSA agents, amounted to multiple violations of California and federal contract, computer fraud, and privacy laws. In particular, he asserted that between August 2013 and December 2015, Twitter employees, later convicted of federal crimes, accessed user data, including his private messages, file transfers, and contact list without authorization and provided it to KSA government officials. 

Twitter reportedly failed to detect these breaches for more than a year. In turn, Al-Ahmed contended that the KSA used his private information to silence him and strip him of his Saudi nationality, keep him under surveillance, attempt to kidnap and kill him on multiple occasions, and target his followers.

Further, In 2018, Twitter suspended Al-Ahmed’s account, an alleged punishment of him—the victim—demonstrating that Twitter was complicit in their former employees’ conduct, or at least that Twitter ratified it. Al-Ahmed filed suit in October 2021.

In May 2022, the court dismissed the complaint for largely the same reasons articulated in this week’s opinion, principally, that the suit was too late or barred by the CDA’s liability shield that protects social media platforms for all editorial and censorship decisions with respect to content generated by third parties.

Judge Chen considered the first of Twitter’s arguments, concluding that Al-Ahmed had Article III standing to pursue his claims as he sufficiently alleged a theory holding Twitter accountable for the hacking of his account and the attendant harm.

Next, the court turned to Twitter’s statute of limitations defense. Judge Chen ruled that the causes of action accrued in 2015 when Al-Ahmed was notified of a data breach of his account, over the plaintiff’s contention that “he could not discover, and had no reason to discover, any cause of action.” In so finding, the court reiterated its prior holding that Twitter’s notice was not insufficient for failing to identify the ‘state-sponsored’ actors as Twitter employees.

Judge Chen also rejected Al-Ahmed’s reliance on the continuous accrual theory, holding that  Twitter’s acts did not constitute the type of continuing or recurring obligation required for doctrine to apply.

Lastly, the court adhered to its prior ruling that CDA Section 230(c)(1) bars Al-Ahmed’s account suspension-related claims underlying his breach of contract, California Unfair Competition Law, and promissory estoppel causes of action.

Despite the wording of the relevant CDA provision only immunizing a provider based on content posted by third parties, the court held that in the Ninth Circuit Section 230(c)(1) immunity attaches even where a provider restricts a plaintiff’s access. Notably, Judge Chen opined that “[i]f this Court were to write on a clean slate,” it might rule to the contrary as other sister districts have.

Al-Ahmed has 30 days to file an amended complaint and is represented by Gerstman Schwartz LLP. Twitter is represented by Keker, Van Nest & Peters LLP.