Since 1995 he has worked primarily as a software litigation consultant, providing technical details in legal cases involving patents, copyright, trade secrets, antitrust and Internet privacy, providing services such as source-code comparisons (for copyright and patent purposes), inspection of binary code, and assessments of bugs, incompatibilities, error and warning messages. Cases include Caldera v. Microsoft, Stac v. Microsoft, and consumer antitrust class actions in California, Minnesota, and Iowa (Comes v. Microsoft; see e.g. Schulman supplemental expert report and transcript of second Schulman deposition which were made public towards the end of the Iowa case).
Partial list of publications:
Andrew Schulman, “Finding Binary Clones with Opstrings & Function Digests,” Dr. Dobb’s Journal, July 2005 (Part I), August 2005 (Part II), and September 2005 (Part III) (available with registration at Dr. Dobb's web site: Part I, Part II, Part III)
Andrew Schulman, Unauthorized Windows 95: A Developer's Guide to Exploring the Foundations of Windows "Chicago" (Foster City CA: IDG Books, 1994); updates (August 1996) at http://ftp.uni-mannheim.de/info/OReilly/windows/win95.update/unauthw.html
Coauthor and editor, Undocumented DOS: A Programmer's Guide to Reserved MS-DOS Functions and Data Structures (Reading MA: Addison-Wesley, 1990); 2nd edition (1994)
Coauthor and editor, Undocumented Windows: A Programmer's Guide to Reserved Microsoft Windows API Functions (Reading MA: Addison Wesley, 1992)
Coauthor, Extending DOS: A Programmer's Guide to Protected-Mode DOS, edited by Ray Duncan (Reading MA: Addison-Wesley, 1990); 2nd edition (1992)
Articles in Microsoft Systems Journal, Data Based Advisor, BYTE, Dr. Dobb's Journal, PC Magazine, Web Review, Infoworld, Newsweek, and other publications. Some representative articles:
The US/Mexico Border Crossing Card (BCC): A Case Study in Biometric, Machine-Readable ID. This is a paper I presented at CFP 2002 as a study in what "National ID" might look like. (It's a Microsoft Word .doc file; for a less-recent HTML version, click here.)
"Deanonymizing Users of the SafeWeb Anonymizing Service", written with Prof. David Martin (Boston University). We demonstrate spectacular failures of the SafeWeb (and PrivaSec) anonymizing services, based on simple JavaScript attacks.
"The Extent of Systematic Monitoring of Employee E-mail and Internet Use". A lengthy report for the Privacy Foundation, establishing that about one-third of the US online workforce has its internet and/or e-mail communications at work under continuous monitoring by employers.
Ongoing workplace
surveillance (employee monitoring) projects.
"Computer and
Internet Surveillance in the Workplace". A lengthy paper on
employee monitoring, originally given at a privacy conference in Hong
Kong.
"Business &
Technology of Email Surveillance". PowerPoint slides from a
presentation given in Sydney, Australia.
"Privacy
Protection Strategies". PowerPoint slides from a presentation
given in Melbourne, Australia. I'm not sure how much sense the slides
make without the actual presentation though.
ID Card Conspiracy
Theories. Submitted for the forthcoming Encyclopedia of
American Conspiracy Theories.
"Fatline
& AltaVista: 'Peer Pressure' Employee Monitoring?", Privacy
Foundation, June 2001
"The
'Boss Button' Updated: Web Anonymizers vs. Employee Monitoring",
Privacy Foundation, April 2001
"Client
or Server: A Primer on Employee Monitoring Technology", Privacy
Foundation, March 2001
"Consecutive numbers
considered harmful: Compaq rebate tracking exposes customer names and
addresses", September 2000
"AllAdvantage: A
Front-End to DoubleClick", July 2000
"The
Caldera v. Microsoft Dossier", O'Reilly Network, February 2000
"Java
Shines When HTML Stars", Web Review, August 15, 1997
"Java
on the Fly", Web Review, July 25, 1997
"Java:
Will Invention Become the Father of Necessity?", Web Review, June
27, 1997
"InActiveX",
Web Review, May 23, 1997
"Differences
Between NT Server and Workstation are Minimal: Registry Settings Used
to Force Use of Microsoft Web Server", O'Reilly, November 1996
"Microsoft
Deliberately Limiting NT Workstation 4.0 as a Web Server",
O'Reilly, September 1996
"Can Microsoft
Catch Up to the Internet?" O'Reilly, March 1996; Part 2, February
1997
"SoftRAM
95: 'False and Misleading'", O'Reilly, August 1996; see
especially "SoftRAM
95 and PC Magazine's 1MBFORT", O'Reilly, December 1995
"Windows
95: What It Is, What It Isn't, Why It Matters", O'Reilly, 1996
"Inside
the Windows 95 Registration Wizard", O'Reilly, January 1996
"LA Law" (on Stac v. Microsoft), Dr. Dobb's Journal, May
1994
"Examining the AARD Detection Code",
Dr. Dobb's Journal, September 1993
Old book reviews from Dr. Dobb's Journal:
Windows Source Disassembly Pre-Processor, versions 1 and 2, V
Communications (San Jose CA, 1992-1998). Later versions were greatly
changed and improved by Clive Turvey. See http://www.v-com.com/product/devsopr.html.
Microprocessors
From the Programmer's Perspective (Sept. 1990)
Object-Oriented
Software Development: Reality Sets In (Nov. 1990)
Network
Programming (Jan. 1991)
Subatomic
Programming (March 1991)
C++: The Next
Generation (May 1991)
Ten Pounds of
Windows Books (July 1991)
You Could Look It
Up (Oct. 1991)
Libraries and "the
One Right Way" (Dec. 1991)
10 lbs. of Data in
a 5-lb. Bag (Feb. 1992)
Beyond the
Official Rules (April 1992)
Operating Systems:
The Nightmare Continues (June 1992)
Literate
Programming (Aug. 1992)
Slaying the
Dragon (Oct. 1992)
Wake Up and Smell
the Working Set (Dec. 1992)
Commercial Software:
Email: undoc@sonic.net
Newer site: http://www.SoftwareLitigationConsulting.com
Photographs: http://aschulman.smugmug.com/