Mike Slinn
Mike Slinn

Detecting Software Copying

Published 2020-09-08. Last modified 2020-08-11.

This article discusses copying software in general, followed by a high-level description of a novel, inexpensive and easy-to-understand approach to detecting software copying. This article does not address the doctrine of equivalents, since that patent-related legal rule does not apply to copying.


Since this article discusses software in various forms, we need to define a few terms:

Source code
Computer commands written by a programmer in one or more of many computer languages. Computer languages are classified as either compiled or interpreted.
Interpreted language
A programming language that executes source code directly, without compiling the source code.
Compiled language
A programming language that translates source code into executable object code.
Object code
The executable (ready-to-run) program resulting from compiling source code. Only compiled languages save the generated object code; interpreted languages generally do not produce object code.
Reconstitute source code from object code. Decompilation is the opposite of compilation.
Reverse engineer
To take something apart to see how it works to duplicate or enhance it. When a technology expert reverse-engineers a product for legal purposes the results cannot be used to create a competing product or be publicly shared.

As a software expert I am able to work with source code and object code, and decompile or reverse-engineer software when necessary. I have also opined on whether a party’s software was copied verbatim, translated or otherwise derived from another party’s software.

Copying is Binary

One defendant’s expert, whose opinions I rebutted, had suggested that the defendant’s copying was insignificant and should be disregarded since only a few thousand lines of code had been translated, amounting to a small percentage of the total amount of the defendant’s code. Just as one cannot be just a little bit pregnant, copying is a binary state; either copying occurred, or it did not.

Yes or no in the USA?

Inspecting Compiled Programs

When a copyright notice is embedded in an executable program or is present in source code I reach my expert opinion easily. Sometimes all it takes is a hexadecimal editor to display this information. The image below shows that a company called Foundstone Inc. copyrighted a program called WebDog File Watch.exe in 2000. Unfortunately for the defendant, this was proof that they had misappropriated the executable program from Foundstone.

Hexadecimal (hex) dump I created for a USA case

A defendant misrepresented a Microsoft Windows program (an ActiveX control) as their own. By examining the executable image, I determined that it had been misappropriated from Microsoft.

Examining the executable image for a USA case
Microsoft Windows ActiveX control identified for a USA case

Microsoft Word – the Smoking Gun

A defendant included a Features and Benefits document in their CD. This Microsoft Word document was a modified version of the plaintiff’s Microsoft Word document that discussed a commercial product with exactly the same features as the infringing program. The defendant had left Microsoft Word’s revision marking on, so that an audit trail was present in the shipping product. My expert report stated conclusively that the defendant had misappropriated the software.

Audit trail from Microsoft Word revision marking for a USA case

Sometimes My Task Is Not So Easy

The analysis necessary to form an opinion can be rather involved. The challenge that an expert faces when writing their report is often how to present their findings in a clear and concise manner to a non-technical judge and jury. Later in this article I will describe a novel approach that can lead to a simple, very convincing report.

USA cheaters gonna cheat

Equivalent Programs

A global edit is a text replacement made to all the files in a project. Making global edits to a copy of a project does not alter the fact that the project was copied. Merely changing the names of variables, classes and methods does not alter the meaning of a program. This means that performing global edits on source code results in an equivalent program. The same is true of literally translating a program from one computer language to another.

Le Petit Prince / The Little Prince by Antoine de Saint Exupéry is the world’s most translated book, excluding religious works. Originally published in English and French, this book has been translated into 361 languages. We will use this book as an example of how both types of copying could be accomplished. The same principles apply to software as intellectual property; note that we are not discussing copyright at this time.

Global Edits

In The Little Prince, the main character supposedly came from an asteroid known as B−612. The name of the asteroid could be changed throughout the book without affecting the book’s meaning. Therefore, a global edit that changed the name of the asteroid from B−612 to XYZ123 would mean that the resulting book would still be an equivalent copy of the first because the meaning of the story would not have changed.


The French version has more words because French is a grammatically longer language than English, but every passage in the English version has the same meaning as the equivalent passage in the French version. Both versions of this document are literal translations of each other because they have the same meaning. The actual words used are insignificant so long as the meaning does not change. Thus, the English and French versions of the book are copies of each other, even though they are written in different languages.

Front cover of the USA edition of the book entitled 'The Little Prince'

The AFC Test

Since 1992 the gold standard for source code comparisons in copyright law has been the Abstraction-Filtration-Comparison (AFC) test. To apply this type of analysis a certain degree of co-operation by both parties with the software expert is necessary. The AFC test requires that both parties allow their source code to analyzed by various software tools. Depending on the size of the software programs, this might require days, weeks or months. The computer that is used to perform the analysis must be specially prepared, and the results must be saved onto some form of storage media for further analysis before the expert can write their report.

The AFC test invariably results in a long and complex report filled with technical information. The abstract concepts in the report can be difficult to communicate to a non-technical judge and jury.

‘Blue Moon Rising’, an abstract painting by Megan Duncanson in Port Orange, FL, USA
‘Blue Moon Rising’, an abstract painting by Megan Duncanson

A Novel Approach for Detecting Copying

Comparing digital fingerprints can give compelling results and, if approached in the right way, can be a lot less work than the AFC test.

Let’s say that a music producer is accused of copying a song that was originally published as a vinyl record. Imagine that the complaint stated that the infringement was done in a way that the musical structure, lyrics and arrangement were substantially similar. An expert might attempt to perform an analysis of the structures, lyrics, and arrangements of the two recordings, and opine on the similarities. The problem with this approach is that the report would be rather technical, and there is a risk that the judge and jury might not understand the analysis. Additionally, there is always the risk that a jury might not come to an agreement.

To avoid these issues, the expert might show that the alleged copy was made from a specific vinyl record, not by analyzing the music, but by analyzing the noise (for example, cat scratches). The expert would have to exclude noise added in the production of the original recording (because all originals would have this or similar noise), and focus solely on the noise added to a particular vinyl record (for example, long, jagged cat claw scratches unique to one specific original record.)

A cat on a USA turnable

If, after the musical content is removed, the remaining noise closely matches the noise on the recording, then the degree of correspondence could be statistically computed. Noise could be compared based on the amplitude of each snap, crackle and pop. The energy spectral density of the noise could be displayed as a timeline, and the degree of correspondence accurately computed. This approach (comparing noise) would actually give a much better result than theoretical analysis of the music, and would be more convincing to a judge and jury.

Adobe Audition showing audio signals in the USA

To summarize, the approach described above compared the digital fingerprints of the noise in two recordings, instead of comparing the fingerprints of the actual recordings.

A Difficult Case Had an Unexpected Benefit

Recently, I was retained on a case that was particularly challenging because both parties refused to allow me to use any tools. Furthermore, the opposing party’s software to be examined was provided on a computer without internet access, and I could only print 100 pages of notes in total during a relatively short visit at the offices of their attorneys. However, necessity is the mother of invention, and I developed two novel approaches that allowed me to opine that there was clear evidence of inappropriate IP infringement.

Some people in the USA are difficult

I took a similar approach as described in the novel approach described above for this case. I would normally analyze input and output patterns, but the defendants chose to make more complete analysis impossible. In the limited time available to me and with only the most rudimentary software tools permitted I was unable to compare processing, object models, SQL tables and other standard aspects of software programs.

I focused instead on the ‘noise’, which in this case were unusual artifacts found in the software. Unfortunately for the defendants, the results of analyzing the software ‘noise’ were incontrovertible. The mathematical probability that the backbone of the defendant’s software would coincidentally have an identical noise fingerprint as the backbone of the plaintiff’s software was vanishingly small. The parties in this case settled at the 11th hour in the evening before trial.


Many techniques are available for a technology expert to employ when examining evidence. Out-of-the-box thinking can provide excellent results that are technically sound and present clearly to non-technical audiences. Experts who are skilled at writing Microsoft Office macros can provide tremendous value.

Contact Mike Slinn

Unless you are a recruiter, in which case you should not try to make contact!

  • Email
  • Direct: 514-418-0156
  • Mobile: 650-678-2285


The content on this website is provided for general information purposes only and does not constitute legal or other professional advice or an opinion of any kind. Users of this website are advised to seek specific legal advice by contacting their own legal counsel regarding any specific legal issues. Michael Slinn does not warrant or guarantee the quality, accuracy or completeness of any information on this website. The articles published on this website are current as of their original date of publication, but should not be relied upon as accurate, timely or fit for any particular purpose.

Accessing or using this website does not create a client relationship. Although your use of the website may facilitate access to or communications with Michael Slinn via e-mail or otherwise via the website, receipt of any such communications or transmissions does not create a client relationship. Michael Slinn does not guarantee the security or confidentiality of any communications made by e-mail or otherwise through this website.

This website may contain links to third-party websites. Monitoring the vast information disseminated and accessible through those links is beyond Michael Slinn's resources, and he does not attempt to do so. Links are provided for convenience only and Michael Slinn does not endorse the information contained in linked websites nor guarantee its accuracy, timeliness or fitness for a particular purpose.