Since 1994, Andrew Schulman (Software Litigation Consulting & Patent Analysis)
has assisted attorneys and their clients with technical aspects of litigation involving
computer software, especially Microsoft Windows and Windows-based software.
Litigation areas include copyright, patent, trade secret, contract,
antitrust, and privacy.
Though not by design, Microsoft antitrust cases have been a major focus;
cases include Stac Electronics v. Microsoft, Caldera v. Microsoft,
and large consumer class actions in California, Minnesota, and Iowa (see
supplemental expert report and second deposition transcript
which were made public towards the end of the case; and outline of
initial expert report).
Services include:
* Software reverse engineering (Windows/x86 code disassembly, packet
monitoring, etc.)
* Undocumented APIs and internal interfaces
* Inspection of binary code
* Patent portfolio ranking for valuation, or for detection of
potentially infringing technologies
* Code comparisons for copyright, patent, trade secret, and
contracts issues -- including not only source code, but also
binary-code comparisons
* Assessments of bugs, incompatibilities, error and warning messages
* Assistance with technical (non-legal) aspects of complaints,
summary judgment motions and responses, interrogatory and
discovery requests and responses
* Assistance with technical issues in depositions, and trial
preparation of testifying technical experts
* Presentations to attorneys on technical issues
* Software demonstrative exhibits
* Comparison and correlation of internal documents (emails, etc.)
with resulting technical practices
* Operating systems, particularly Windows 9x, Windows 3.x, DOS, and
Windows NT/Win2k/XP
* Programming language: C/C++, Intel x86 assembler (16/32 bit), Awk
* Internet privacy and security issues
Representative projects include:
* Designed and wrote software to generate spreadsheet to find
similarities between over 1,000 Java source code files found on
defendant's computer on the one hand, with Java source code
contained in plaintiff's PVCS version-control archive on the other.
* As demonstrative exhibit for trial, constructed timelines showing
correlation between defendant's internal emails and code in its
shipping product.
* Based on examination of voicemail system used by defendant,
determined defendant's ability to respond to discovery request by
keyword-searching archived voicemails.
* Designed and wrote software that uses Java decompiler to
automatically find similarities between plaintiff's and
defendant's binary Java .class files, without access to source code.
* Designed and wrote software that uses Win32/x86 disassembler to
automatically compare DLLs and other compiled binary Win32
software, without access to source code. In addition to being used
in several software litigation projects, this technique is
described in a three-part series: Andrew Schulman, "Finding Binary
Clones with Opstrings and Function Digests," Dr. Dobb's Journal,
July 2005 (Part I), August 2005 (Part II), September 2005 (Part III).
* After comparing claims table based on plaintiff's patent on the
one hand with pseudocode for defendant's software on the other,
constructed demonstrative exhibits showing divergence between
patent claims and allegedly infringing software.
* Wrote software to automate ranking of patent portfolios, based
upon intrinsic and extrinsic factors; used software to rank
portfolio of over 500 software patents based on relevance to
potential infringer's technology.
* Designed and wrote software to automatically inspect binary code
files to determine inter-module dependencies, and thereby
partition system of over 2,000 DLLs into separable components.
* Using Windows ToolHelp facility, designed and wrote software to
determine the modules used uniquely by (and therefore comprising)
Win32 applications running on Windows XP.
* Using Windows NT kernel device drivers, designed and wrote
software to measure use of litigated microprocessor special flags
by each process on NT/Win2K/XP systems.
* Given error messages displayed by defendant's product when
plaintiff's software is run, used Windows and DOS disassemblers
and debuggers to trace back from the error messages to the lines
of code that produced them; wrote reports assessing whether the
error messages were technically necessary, bugs, or deliberate
incompatibilities.
* Used packet sniffers to examine encrypted communications between
defendant's client software and plaintiff's server.
* To show lack of technical necessity for overlap between
defendant's and plaintiff's C++ and JavaScript code, wrote more
efficient versions of code.
* Wrote device drivers to help attach external Tekronix counting
device to Pentium debug registers, in order to measure usage of
operating-system features.
* Automated comparison between over 1 million lines of source code
(C/C++, Java, Visual Basic, HTML, resource scripts, help scripts,
etc.) produced by defendants and plaintiffs, to find percentage
overlap, while filtering out common boilerplate code, and code
"constrained" by the application domain; reported results in terms
of Altai abstraction-filtration-comparison test.
* Examine binary and source code to show evolution of software over
five versions, measuring percentage overlap between each, and
showing that despite minimal overlap between first and last
version, defendant's first version (stipulated to be based on
plaintiff's software) acted as "scaffolding" within which
defendant's final version was constructed.
* Designed and wrote scripts to verify whether software to be
removed from system under court order was, in fact, truly and
completed removed.
* Used packet sniffer to verify compliance of client/server
communications with web site privacy notice.
* Used sequences of API calls in binary code as "fingerprints" to
show similarity between defendant's and plaintiff's code, for
which source code was not yet produced in discovery.
Based in San Francisco, Andrew Schulman is the author and editor of several
computer-programming books from the late 1980s and 1990s (including Undocumented
Windows, Undocumented DOS, and Unauthorized Windows 95) on the internal
