                  FOR PUBLICATION
  UNITED STATES COURT OF APPEALS
       FOR THE NINTH CIRCUIT

PERFECT 10, INC., a California          
corporation,
                Plaintiff-Appellant,
                 v.
CCBILL LLC, a corporation;                    No. 04-57143
CAVECREEK WHOLESALE INTERNET
EXCHANGE, a corporation d/b/a                  D.C. No.
                                            CV-02-07624-LGB
CWIE LLC,
             Defendants-Appellees,
               and
NETPASS SYSTEMS INC., a
corporation,
                         Defendant.
                                        

PERFECT 10, INC., a California          
corporation,
                  Plaintiff-Appellee,
                 v.
CCBILL LLC, a corporation;                    No. 04-57207
CAVECREEK WHOLESALE INTERNET
EXCHANGE, a corporation d/b/a                  D.C. No.
                                            CV-02-07624-LGB
CWIE LLC,
             Defendants-Appellants,            OPINION
                and
NETPASS SYSTEMS INC., a
corporation,
                          Defendant.
                                        

                             3551
3552          PERFECT 10, INC. v. CCBILL LLC
       Appeal from the United States District Court
          for the Central District of California
       Lourdes G. Baird, District Judge, Presiding

               Argued and Submitted
        December 4, 2006—Pasadena, California

                  Filed March 29, 2007

        Before: Stephen Reinhardt, Alex Kozinski,
           Milan D. Smith, Jr., Circuit Judges.

          Opinion by Judge Milan D. Smith, Jr.
               PERFECT 10, INC. v. CCBILL LLC           3557


                        COUNSEL

Daniel J. Cooper, General Counsel, Perfect 10, Inc., Beverly
Hills, California, and Jeffrey N. Mausner, Berman, Mausner
& Resser, A Law Corporation, Los Angeles, California, for
the plaintiff-appellant/cross-appellee.

Jay M. Spillane, Fox & Spillane, LLP, Los Angeles, Califor-
nia, and John P. Flynn, Tiffany & Bosco, P.A., Phoenix, Ari-
zona, for the defendants-appellees/cross-appellants.


                         OPINION

MILAN D. SMITH, JR., Circuit Judge:

   Perfect 10, the publisher of an adult entertainment maga-
zine and the owner of the subscription website perfect10.com,
alleges that CCBill and CWIE violated copyright, trademark,
and state unfair competition, false advertising and right of
publicity laws by providing services to websites that posted
images stolen from Perfect 10’s magazine and website. Per-
fect 10 appeals the district court’s finding that CCBill and
CWIE qualified for certain statutory safe harbors from copy-
right infringement liability under the Digital Millennium
Copyright Act (“DMCA”), 17 U.S.C. § 512, and that CCBill
and CWIE were immune from liability for state law unfair
competition and false advertising claims based on the Com-
munications Decency Act (“CDA”), 47 U.S.C. § 230(c)(1).
CCBill and CWIE cross-appeal, arguing that the district court
erred in holding that the CDA does not provide immunity
against Perfect 10’s right of publicity claims and in denying
3558            PERFECT 10, INC. v. CCBILL LLC
their requests for costs and attorney’s fees under the Copy-
right Act.

   We have jurisdiction pursuant to 28 U.S.C. § 1291. We
affirm in part, reverse in part, and remand.

                      BACKGROUND

   Perfect 10 is the publisher of the eponymous adult enter-
tainment magazine and the owner of the website, per-
fect10.com. Perfect10.com is a subscription site where
consumers pay a membership fee in order to gain access to
content on the website. Perfect 10 has created approximately
5,000 images of models for display in its website and maga-
zine. Many of the models in these images have signed
releases assigning their rights of publicity to Perfect 10. Per-
fect 10 also holds registered U.S. copyrights for these images
and owns several related, registered trademark and service
marks.

   CWIE provides webhosting and related Internet connectiv-
ity services to the owners of various websites. For a fee,
CWIE provides “ping, power, and pipe,” services to their cli-
ents by ensuring the “box” or server is on, ensuring power is
provided to the server and connecting the client’s service or
website to the Internet via a data center connection. CCBill
allows consumers to use credit cards or checks to pay for sub-
scriptions or memberships to e-commerce venues.

   Beginning August 10, 2001, Perfect 10 sent letters and
emails to CCBill and CWIE stating that CCBill and CWIE
clients were infringing Perfect 10 copyrights. Perfect 10
directed these communications to Thomas A. Fisher, the des-
ignated agent to receive notices of infringement. Fisher is also
the Executive Vice-President of both CCBill and CWIE. Rep-
resentatives of celebrities who are not parties to this lawsuit
also sent notices of infringement to CCBill and CWIE. On
September 30, 2002, Perfect 10 filed the present action alleg-
                  PERFECT 10, INC. v. CCBILL LLC                    3559
ing copyright and trademark violations, state law claims of
violation of right of publicity, unfair competition, false and
misleading advertising, as well as RICO claims.

                  STANDARDS OF REVIEW

   We review a district court’s grant of summary judgment de
novo. Rossi v. Motion Picture Ass’n of Am. Inc., 391 F.3d
1000, 1002 (9th Cir. 2004). “Viewing the evidence in the light
most favorable to the nonmoving party, we must determine
whether there are any genuine issues of material fact and
whether the district court correctly applied the relevant sub-
stantive law.” Leever v. Carson City, 360 F.3d 1014, 1017
(9th Cir. 2004). The district court’s interpretations of the
Copyright Act are also reviewed de novo. Ellison v. Robert-
son, 357 F.3d 1072, 1076 (9th Cir. 2004).

  We review a district court’s decision to grant or deny attor-
ney’s fees under the Copyright Act for abuse of discretion.
Columbia Pictures Television, Inc. v. Krypton Broad. of Bir-
mingham, Inc., 259 F.3d 1186, 1197 (9th Cir. 2001).

                           DISCUSSION

             I.   SECTION 512 SAFE HARBORS

   [1] The DMCA established certain safe harbors to “provide
protection from liability for: (1) transitory digital network
communications; (2) system caching; (3) information residing
on systems or networks at the direction of users; and (4) infor-
mation location tools.” Ellison, 357 F.3d at 1076-77 (citing 17
U.S.C. §§ 512(a)-(d)) (footnotes omitted). These safe harbors
limit liability but “do not affect the question of ultimate liabil-
ity under the various doctrines of direct, vicarious, and con-
tributory liability,” Perfect 10, Inc. v. Cybernet Ventures, Inc.,
213 F. Supp. 2d 1146, 1174 (C.D. Cal. 2002) (citing H.R.
Rep. 105-551 (II), at 50 (1998) (“H.R. Rep.”),1 and “nothing
  1
   The relevant portions of H.R. Rep. 105-551 (II) (1998) and S. Rep.
105-190 (1998) are largely identical. We cite to H.R. Rep. for purposes of
consistency.
3560            PERFECT 10, INC. v. CCBILL LLC
in the language of § 512 indicates that the limitation on liabil-
ity described therein is exclusive.” CoStar Group, Inc. v.
LoopNet, Inc., 373 F.3d 544, 552 (4th Cir. 2004).

A.     Reasonably Implemented Policy: § 512(i)(1)(A)

   [2] To be eligible for any of the four safe harbors at
§§ 512(a)-(d), a service provider must first meet the threshold
conditions set out in § 512(i), including the requirement that
the service provider:

     [H]as adopted and reasonably implemented, and
     informs subscribers and account holders of the ser-
     vice provider’s system or network of, a policy that
     provides for the termination in appropriate circum-
     stances of subscribers and account holders of the ser-
     vice provider’s system or network who are repeat
     infringers.

Section 512(i)(1)(A); Ellison, 357 F.3d at 1080.

   [3] The statute does not define “reasonably implemented.”
We hold that a service provider “implements” a policy if it
has a working notification system, a procedure for dealing
with DMCA-compliant notifications, and if it does not
actively prevent copyright owners from collecting information
needed to issue such notifications. Ellison, 357 F.3d at 1080
(working notification system required); Corbis Corp. v. Ama-
zon.com, Inc., 351 F. Supp. 2d 1090, 1102-03 (W.D. Wash.
2004) (must adopt procedure for dealing with notifications);
In re Aimster Copyright Litig., 252 F. Supp. 2d 634, 659
(N.D. Ill. 2002) (policy not implemented if service provider
actively blocks collection of information). The statute permits
service providers to implement a variety of procedures, but an
implementation is reasonable if, under “appropriate circum-
stances,” the service provider terminates users who repeatedly
or blatantly infringe copyright. See 17 U.S.C. § 512(i); Cor-
bis, 351 F. Supp. 2d at 1102.
                PERFECT 10, INC. v. CCBILL LLC              3561
  1.   “Implementation”

   Perfect 10 argues that there is a genuine issue of material
fact whether CCBill and CWIE prevented the implementation
of their policies by failing to keep track of repeatedly infring-
ing webmasters. The district court found that there was not,
and we agree.

   In Ellison, Stephen Robertson posted copies of Harlan Elli-
son’s copyrighted short stories on Internet newsgroups avail-
able through USENET servers. 357 F.3d at 1075. Ellison
asserted that America Online, Inc. (“AOL”) had infringed his
copyright by providing access to the USENET servers. Id.
Based on evidence that AOL changed its contact email
address for copyright infringement notices from copy-
right@aol.com to aolcopyright@aol.com in the fall of 1999,
but neglected to register the change with the U.S. Copyright
Office until April 2000, we held that the district court erred
in concluding on summary judgment that AOL satisfied the
requirements of § 512(i). Id. at 1077. Even though Ellison did
not learn of the infringing activity until after AOL had noti-
fied the U.S. Copyright Office of the correct email address,
we found that “AOL allowed notices of potential copyright
infringement to fall into a vacuum and go unheeded; that fact
is sufficient for a reasonable jury to conclude that AOL had
not reasonably implemented its policy against repeat infring-
ers.” Id. at 1080.

   Similarly, the Aimster cases hold that a repeat infringer pol-
icy is not implemented under § 512(i)(1)(A) if the service pro-
vider prevents copyright holders from providing DMCA-
compliant notifications. In Aimster, the district court held that
Aimster did not reasonably implement its stated repeat
infringer policy because “the encryption on Aimster renders
it impossible to ascertain which users are transferring which
files.” 252 F. Supp. 2d at 659. The court found that
“[a]dopting a repeat infringer policy and then purposely evis-
cerating any hope that such a policy could ever be carried out
3562            PERFECT 10, INC. v. CCBILL LLC
is not an ‘implementation’ as required by § 512(i).” Id. The
Seventh Circuit affirmed, finding that Aimster did not meet
the requirement of § 512(i)(1)(A) because, in part, “by teach-
ing its users how to encrypt their unlawful distribution of
copyrighted materials [Aimster] disabled itself from doing
anything to prevent infringement.” In re Aimster Copyright
Litig., 334 F.3d 643, 655 (7th Cir. 2003).

   [4] Based on Ellison and the Aimster cases, a substantial
failure to record webmasters associated with allegedly
infringing websites may raise a genuine issue of material fact
as to the implementation of the service provider’s repeat
infringer policy. In this case, however, the record does not
reflect such a failure. Perfect 10 references a single page from
CCBill and CWIE’s “DMCA Log.” Although this page shows
some empty fields in the spreadsheet column labeled “Web-
masters [sic] Name,” Perfect 10’s conclusion that the DMCA
Log thus “does not reflect any effort to track notices of
infringements received by webmaster identity” is not sup-
ported by evidence in the record. The remainder of the
DMCA Log indicates that the email address and/or name of
the webmaster is routinely recorded in CCBill and CWIE’s
DMCA Log. CCBill’s interrogatory responses dated Decem-
ber 11, 2003 also contain a chart indicating that CCBill and
CWIE largely kept track of the webmaster for each website.

   [5] Unlike Ellison and Aimster, where the changed email
address and the encryption system ensured that no informa-
tion about the repeat infringer was collected, it is undisputed
that CCBill and CWIE recorded most webmasters. The dis-
trict court properly concluded that the DMCA Log does not
raise a triable issue of fact that CCBill and CWIE did not
implement a repeat infringer policy.

  2.   Reasonableness

   [6] A service provider reasonably implements its repeat
infringer policy if it terminates users when “appropriate.” See
                PERFECT 10, INC. v. CCBILL LLC              3563
Corbis, 351 F. Supp. 2d at 1104. Section 512(i) itself does not
clarify when it is “appropriate” for service providers to act. It
only requires that a service provider terminate users who are
“repeat infringers.”

   [7] To identify and terminate repeat infringers, a service
provider need not affirmatively police its users for evidence
of repeat infringement. Section 512(c) states that “[a] service
provider shall not be liable for monetary relief” if it does not
know of infringement. A service provider is also not liable
under § 512(c) if it acts “expeditiously to remove, or disable
access to, the material” when it (1) has actual knowledge, (2)
is aware of facts or circumstances from which infringing
activity is apparent, or (3) has received notification of claimed
infringement meeting the requirements of § 512(c)(3). Were
we to require service providers to terminate users under cir-
cumstances other than those specified in § 512(c), § 512(c)’s
grant of immunity would be meaningless. This interpretation
of the statute is supported by legislative history. See H.R.
Rep., at 61 (Section 512(i) is not intended “to undermine the
. . . knowledge standard of [§ 512](c).”).

   Perfect 10 claims that CCBill and CWIE unreasonably
implemented their repeat infringer policies by tolerating fla-
grant and blatant copyright infringement by its users despite
notice of infringement from Perfect 10, notice of infringement
from copyright holders not a party to this litigation and “red
flags” of copyright infringement.

    a.   Perfect 10’s Claimed Notice of Infringement

   Perfect 10 argues that CCBill and CWIE implemented their
repeat infringer policy in an unreasonable manner because
CCBill and CWIE received notices of infringement from Per-
fect 10, and yet the infringement identified in these notices
continued. The district court found that Perfect 10 did not pro-
vide notice that substantially complied with the requirements
3564                PERFECT 10, INC. v. CCBILL LLC
of § 512(c)(3),2 and thus did not raise a genuine issue of mate-
rial fact as to whether CCBill and CWIE reasonably imple-
mented their repeat infringer policy. We agree.

   [8] Compliance is not “substantial” if the notice provided
complies with only some of the requirements of
§ 512(c)(3)(A). Section 512(c)(3)(B)(ii) explains that a ser-
vice provider will not be deemed to have notice of infringe-
ment when “the notification that is provided to the service
provider’s designated agent fails to comply substantially with
  2
   Section 512(c)(3) reads:
      (A) To be effective under this subsection, a notification of
      claimed infringement must be a written communication provided
      to the designated agent of a service provider that includes sub-
      stantially the following:
      (i) A physical or electronic signature of a person authorized to
      act on behalf of the owner of an exclusive right that is allegedly
      infringed.
      (ii) Identification of the copyrighted work claimed to have been
      infringed, or, if multiple copyrighted works at a single online site
      are covered by a single notification, a representative list of such
      works at that site.
      (iii) Identification of the material that is claimed to be infring-
      ing or to be the subject of infringing activity and that is to be
      removed or access to which is to be disabled, and information
      reasonably sufficient to permit the service provider to locate the
      material.
      (iv) Information reasonably sufficient to permit the service pro-
      vider to contact the complaining party, such as an address, tele-
      phone number, and, if available, an electronic mail address at
      which the complaining party may be contacted.
      (v) A statement that the complaining party has a good faith
      belief that use of the material in the manner complained of is not
      authorized by the copyright owner, its agent, or the law.
      (vi) A statement that the information in the notification is accu-
      rate, and under penalty of perjury, that the complaining party is
      authorized to act on behalf of the owner of an exclusive right that
      is allegedly infringed.
                  PERFECT 10, INC. v. CCBILL LLC                    3565
all the provisions of subparagraph (A) but substantially com-
plies with clauses (ii), (iii), and (iv) of subparagraph (A)” so
long as the service provider responds to the inadequate notice
and explains the requirements for substantial compliance. The
statute thus signals that substantial compliance means sub-
stantial compliance with all of § 512(c)(3)’s clauses, not just
some of them. See H.R. Rep., at 56 (A communication sub-
stantially complies even if it contains technical errors such as
misspellings or outdated information.). See also Recording
Indus. Ass’n of Am., Inc. v. Verizon Internet Servs., Inc., 351
F.3d 1229, 1236 (D.C. Cir. 2003) (citing H.R. Rep., at 56).3

   Perfect 10 claims that it met the requirements of
§ 512(c)(3) through a combination of three sets of documents.
The first set of documents is a 22,185 page bates-stamped
production on October 16, 2002 that includes pictures with
URLs of Perfect 10 models allegedly posted on CCBill or
CWIE client websites. The October 16, 2002 production did
not contain a statement under penalty of perjury that the com-
plaining party was authorized to act, as required by
§ 512(c)(3)(A)(vi). The second set of documents was also not
sworn to, and consisted of a spreadsheet emailed to Fisher on
July 14, 2003 identifying the Perfect 10 models in the October
16, 2002 production by bates number. On December 2, 2003,
Perfect 10 completed interrogatory responses which were
signed under penalty of perjury. These responses incorporated
the July 14, 2003 spreadsheet by reference.

   [9] Taken individually, Perfect 10’s communications do not
substantially comply with the requirements of § 512(c)(3).
Each communication contains more than mere technical
errors; often one or more of the required elements are entirely
absent. See Perfect 10, Inc. v. CCBill, LLC, 340 F. Supp. 2d
  3
   We do not read the Fourth Circuit’s holding in ALS Scan, Inc. v.
RemarQ Communities, Inc., 239 F.3d 619, 625 (4th Cir. 2001), as holding
that only location information is required for substantial compliance with
the terms of § 512(c)(3).
3566               PERFECT 10, INC. v. CCBILL LLC
1077, 1100-01 (C.D. Cal. 2004) (“Order”). In order to sub-
stantially comply with § 512(c)(3)’s requirements, a notifica-
tion must do more than identify infringing files. The DMCA
requires a complainant to declare, under penalty of perjury,
that he is authorized to represent the copyright holder, and
that he has a good-faith belief that the use is infringing. This
requirement is not superfluous. Accusations of alleged
infringement have drastic consequences: A user could have
content removed, or may have his access terminated entirely.
If the content infringes, justice has been done. But if it does
not, speech protected under the First Amendment could be
removed. We therefore do not require a service provider to
start potentially invasive proceedings if the complainant is
unwilling to state under penalty of perjury that he is an autho-
rized representative of the copyright owner, and that he has a
good-faith belief that the material is unlicensed.4

   Permitting a copyright holder to cobble together adequate
notice from separately defective notices also unduly burdens
service providers. Indeed, the text of § 512(c)(3) requires that
the notice be “a written communication.” (Emphasis added).
Again, this requirement is not a mere technicality. It would
have taken Fisher substantial time to piece together the rele-
vant information for each instance of claimed infringement.
To do so, Fisher would have to first find the relevant line in
the spreadsheet indicating ownership information, then comb
the 22,185 pages provided by Perfect 10 in order to find the
appropriate image, and finally copy into a browser the loca-
tion printed at the top of the page—a location which was, in
some instances, truncated. The DMCA notification proce-
dures place the burden of policing copyright infringement—
  4
   Perfect 10’s argument that its initial notice substantially complied with
the DMCA’s notice requirements because Fisher, the recipient of that
notice, admitted that he could have found the infringing photographs on
the basis of the October 16, 2002, bates-stamped production, is thus beside
the point. Without the predicate certification under penalty of perjury,
Fisher would have had no reason to go looking for the photographs.
               PERFECT 10, INC. v. CCBILL LLC             3567
identifying the potentially infringing material and adequately
documenting infringement—squarely on the owners of the
copyright. We decline to shift a substantial burden from the
copyright owner to the provider; Perfect 10’s separate com-
munications are inadequate.

   [10] Since Perfect 10 did not provide effective notice,
knowledge of infringement may not be imputed to CCBill or
CWIE based on Perfect 10’s communications. Perfect 10’s
attempted notice does not raise a genuine issue of material
fact that CCBill and CWIE failed to reasonably implement a
repeat infringer policy within the meaning of § 512(i)(1)(A).

    b.   Non-Party Notices

   Perfect 10 also cites to notices of infringement by other
copyright holders, and argues that CCBill and CWIE did not
reasonably implement their repeat infringer policies because
they continued to provide services for websites that infringed
non-party copyrights. The district court expressly declined to
consider evidence of notices provided by any party other than
Perfect 10 on the basis that these notices were irrelevant to
Perfect 10’s claims. We disagree.

   [11] CCBill and CWIE’s actions towards copyright holders
who are not a party to the litigation are relevant in determin-
ing whether CCBill and CWIE reasonably implemented their
repeat infringer policy. Section 512(i)(1)(A) requires an
assessment of the service provider’s “policy,” not how the
service provider treated a particular copyright holder. See
Ellison, 357 F.3d at 1080 (AOL’s repeat infringer policy was
not reasonably implemented because copyright holders other
than Ellison could have attempted to notify AOL during the
time that AOL’s email address was incorrectly listed.). Thus,
CCBill and CWIE’s response to adequate non-party notifica-
tions is relevant in determining whether they reasonably
implemented their policy against repeat infringers.
3568            PERFECT 10, INC. v. CCBILL LLC
   [12] A policy is unreasonable only if the service provider
failed to respond when it had knowledge of the infringement.
The district court in this case did not consider any evidence
relating to copyright holders other than Perfect 10. We
remand for determination of whether CCBill and/or CWIE
implemented its repeat infringer policy in an unreasonable
manner with respect to any copyright holder other than Per-
fect 10.

    c.   Apparent Infringing Activity

   [13] In importing the knowledge standards of § 512(c) to
the analysis of whether a service provider reasonably imple-
mented its § 512(i) repeat infringer policy, Congress also
imported the “red flag” test of § 512(c)(1)(A)(ii). Under this
section, a service provider may lose immunity if it fails to
take action with regard to infringing material when it is
“aware of facts or circumstances from which infringing activ-
ity is apparent.” § 512(c)(1)(A)(ii). Notice that fails to sub-
stantially comply with § 512(c)(3), however, cannot be
deemed to impart such awareness. §§ 512(c)(3)(B)(i) & (ii).

  Perfect 10 alleges that CCBill and CWIE were aware of a
number of “red flags” that signaled apparent infringement.
Because CWIE and CCBill provided services to “illegal.net”
and “stolencelebritypics.com,” Perfect 10 argues that they
must have been aware of apparent infringing activity. We dis-
agree. When a website traffics in pictures that are titillating by
nature, describing photographs as “illegal” or “stolen” may be
an attempt to increase their salacious appeal, rather than an
admission that the photographs are actually illegal or stolen.
We do not place the burden of determining whether photo-
graphs are actually illegal on a service provider.

   Perfect 10 also argues that a disclaimer posted on illegal.net
made it apparent that infringing activity had taken place. Per-
fect 10 alleges no facts showing that CWIE and CCBill were
aware of that disclaimer, and, in any event, we disagree that
                PERFECT 10, INC. v. CCBILL LLC             3569
the disclaimer made infringement apparent. The disclaimer in
question stated: “The copyrights of these files remain the cre-
ator’s. I do not claim any rights to these files, other than the
right to post them.” Contrary to Perfect 10’s assertion, this
disclaimer is not a “red flag” of infringement. The disclaimer
specifically states that the webmaster has the right to post the
files.

   In addition, Perfect 10 argues that password-hacking web-
sites, hosted by CWIE, also obviously infringe. While such
sites may not directly infringe on anyone’s copyright, they
may well contribute to such infringement. The software pro-
vided by Grokster in Metro-Goldwyn-Mayer Studios Inc. v.
Grokster, Ltd., 545 U.S. 913 (2005), also did not itself
infringe, but did enable users to swap infringing files. Grok-
ster held that “instructing [users] how to engage in an infring-
ing use” could constitute contributory infringement. Id. at
936. Similarly, providing passwords that enable users to ille-
gally access websites with copyrighted content may well
amount to contributory infringement.

   [14] However, in order for a website to qualify as a “red
flag” of infringement, it would need to be apparent that the
website instructed or enabled users to infringe another’s copy-
right. See A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004,
1013 n.2 (9th Cir. 2001). We find that the burden of determin-
ing whether passwords on a website enabled infringement is
not on the service provider. The website could be a hoax, or
out of date. The owner of the protected content may have sup-
plied the passwords as a short-term promotion, or as an
attempt to collect information from unsuspecting users. The
passwords might be provided to help users maintain anonym-
ity without infringing on copyright. There is simply no way
for a service provider to conclude that the passwords enabled
infringement without trying the passwords, and verifying that
they enabled illegal access to copyrighted material. We
impose no such investigative duties on service providers.
3570            PERFECT 10, INC. v. CCBILL LLC
Password-hacking websites are thus not per se “red flags” of
infringement.

   [15] Perfect 10 also alleges that “red flags” raised by third
parties identified repeat infringers who were not terminated.
Because the district court did not consider potential red flags
raised by third parties, we remand to the district court to
determine whether third-party notices made CCBill and
CWIE aware that it provided services to repeat infringers, and
if so, whether they responded appropriately.

B.     Standard Technical Measures: § 512(i)(1)(B)

  [16] Under § 512(i)(1)(B), a service provider that interferes
with “standard technical measures” is not entitled to the safe
harbors at §§ 512(a)-(d). “Standard technical measures” refers
to a narrow group of technology-based solutions to online
copyright infringement:

     [T]he term “standard technical measures” means
     technical measures that are used by copyright own-
     ers to identify or protect copyrighted works and—

          (A) have been developed pursuant to a
          broad consensus of copyright owners and
          service providers in an open, fair, volun-
          tary, multi-industry standards process;

          (B) are available to any person on reason-
          able and nondiscriminatory terms; and

          (C) do not impose substantial costs on ser-
          vice providers or substantial burdens on
          their systems or networks.

§ 512(i)(2). Perfect 10 argues that CCBill does not qualify for
any safe harbor because it interfered with “standard technical
measures” by blocking Perfect 10’s access to CCBill affiliated
                 PERFECT 10, INC. v. CCBILL LLC            3571
websites in order to prevent Perfect 10 from discovering
whether those websites infringed Perfect 10 copyrights.

     There are two disputed facts here.

   We are unable to determine on this record whether access-
ing websites is a standard technical measure, which was “de-
veloped pursuant to a broad consensus of copyright owners
and service providers in an open, fair, voluntary, multi-
industry standards process.” § 512(i)(2)(A). We thus remand
to the district court to determine whether access to a website
is a “standard technical measure,” and if so, whether CCBill
interfered with that access.

   [17] If allowing access is a standard technical measure,
CCBill claims it only blocked Perfect 10’s credit card because
Perfect 10 had previously reversed charges for subscriptions;
Perfect 10 insists it did so in order to prevent Perfect 10 from
identifying infringing content. If CCBill is correct, Perfect
10’s method of identifying infringement—forcing CCBill to
pay the fines and fees associated with chargebacks—may well
impose a substantial cost on CCBill. If not, CCBill may well
have interfered with Perfect 10’s efforts to police the websites
in question for possible infringements. Because there are dis-
puted issues of material fact, we remand to the district court
for a determination of whether CCBill’s refusal to process
Perfect 10’s transactions interfered with a “standard technical
measure” for identifying infringement.

C.     Transitory Digital Network Communications:
       § 512(a)

   [18] Section 512(a) provides safe harbor for service provid-
ers who act as conduits for infringing content. In order to
qualify for the safe harbor of § 512(a), a party must be a ser-
vice provider under a more restrictive definition than applica-
ble to the other safe harbors provided under § 512:
3572            PERFECT 10, INC. v. CCBILL LLC
    As used in subsection (a), the term “service provid-
    er” means an entity offering the transmission, rout-
    ing, or providing of connections for digital online
    communications, between or among points specified
    by a user, of material of the user’s choosing, without
    modification to the content of the material as sent or
    received.

Section 512 (k)(1)(A). The district court held that CCBill met
the requirements of § 512(k)(1)(A) by “provid[ing] a connec-
tion to the material on its clients’ websites through a system
which it operates in order to provide its clients with billing
services.” Order at 1102. We reject Perfect 10’s argument that
CCBill is not eligible for immunity under § 512(a) because it
does not itself transmit the infringing material. A service pro-
vider is “an entity offering the transmission, routing, or pro-
viding of connections for digital online communications.”
§ 512(k)(1)(A). There is no requirement in the statute that the
communications must themselves be infringing, and we see
no reason to import such a requirement. It would be perverse
to hold a service provider immune for transmitting informa-
tion that was infringing on its face, but find it contributorily
liable for transmitting information that did not infringe.

   Section 512(a) provides a broad grant of immunity to ser-
vice providers whose connection with the material is tran-
sient. When an individual clicks on an Internet link, his
computer sends a request for the information. The company
receiving that request sends that request on to another com-
puter, which sends it on to another. After a series of such
transmissions, the request arrives at the computer that stores
the information. The requested information is then returned in
milliseconds, not necessarily along the same path. In passing
the information along, each intervening computer makes a
short-lived copy of the data. A short time later, the informa-
tion is displayed on the user’s computer.

   [19] Those intervening computers provide transient connec-
tions among users. The Internet as we know it simply cannot
                PERFECT 10, INC. v. CCBILL LLC                3573
exist if those intervening computers must block indirectly
infringing content. We read § 512(a)’s grant of immunity
exactly as it is written: Service providers are immune for
transmitting all digital online communications, not just those
that directly infringe.

   [20] CCBill transmits credit card information and proof of
payment, both of which are “digital online communications.”
However, we have little information as to how CCBill sends
the payment it receives to its account holders. It is unclear
whether such payment is a digital communication, transmitted
without modification to the content of the material, or trans-
mitted often enough that CCBill is only a transient holder. On
the record before us, we cannot conclude that CCBill is a ser-
vice provider under § 512(a). Accordingly, we remand to the
district court for further consideration the issue of whether
CCBill meets the requirements of § 512(a).

D.   Information Location Tools: § 512(d)

   After CCBill processes a consumer’s credit card and issues
a password granting access to a client website, CCBill dis-
plays a hyperlink so that the user may access the client web-
site. CCBill argues that it falls under the safe harbor of
§ 512(d) by displaying this hyperlink at the conclusion of the
consumer transaction. We disagree. Section 512 (d) reads:

     A service provider shall not be liable for monetary
     relief, or, except as provided in subsection (j), for
     injunctive or other equitable relief, for infringement
     of copyright by reason of the provider referring or
     linking users to an online location containing
     infringing material or infringing activity, by using
     information location tools, including a directory,
     index, reference, pointer, or hypertext link.

Even if the hyperlink provided by CCBill could be viewed as
an “information location tool,” the majority of CCBill’s func-
3574            PERFECT 10, INC. v. CCBILL LLC
tions would remain outside of the safe harbor of § 512(d).
Section 512(d) provides safe harbor only for “infringement of
copyright by reason of the provider referring or linking users
to an online location containing infringing material or infring-
ing activity.” (Emphasis added). Perfect 10 does not claim
that CCBill infringed its copyrights by providing a hyperlink;
rather, Perfect 10 alleges infringement through CCBill’s per-
formance of other business services for these websites. Even
if CCBill’s provision of a hyperlink is immune under
§ 512(n), CCBill does not receive blanket immunity for its
other services.

E.     Information Residing on Systems or Networks at the
       Direction of Users: § 512(c)

   Section 512(c) “limits the liability of qualifying service
providers for claims of direct, vicarious, and contributory
infringement for storage at the direction of a user of material
that resides on a system or network controlled or operated by
or for the service provider.” H.R. Rep., at 53. A service pro-
vider qualifies for safe harbor under § 512(c) if it meets the
requirements of § 512(i) and:

     (A)(i) does not have actual knowledge that the mate-
     rial or an activity using the material on the system or
     network is infringing;

     (ii) in the absence of such actual knowledge, is not
     aware of facts or circumstances from which infring-
     ing activity is apparent; or

     (iii) upon obtaining such knowledge or awareness,
     acts expeditiously to remove, or disable access to,
     the material;

     (B) does not receive a financial benefit directly
     attributable to the infringing activity, in a case in
                PERFECT 10, INC. v. CCBILL LLC              3575
    which the service provider has the right and ability
    to control such activity; and

    (C) upon notification of claimed infringement as
    described in paragraph (3), responds expeditiously to
    remove, or disable access to, the material that is
    claimed to be infringing or to be the subject of
    infringing activity.

Section 512(c)(1). As discussed above, Perfect 10 did not pro-
vide CWIE with knowledge or awareness within the standard
of § 512(c)(1)(A), and Perfect 10 did not provide notice that
complies with the requirements of § 512(c)(3).

   [21] The remaining question is whether Perfect 10 raises a
genuine issue of material fact that CWIE does not qualify for
safe harbor under § 512(c) because it fails to meet the require-
ments of § 512(c)(1)(B), namely, that a service provider not
receive a direct financial benefit from the infringing activity
if the service provider also has the right and ability to control
the infringing activity.

   [22] Based on the “well-established rule of construction
that where Congress uses terms that have accumulated settled
meaning under common law, a court must infer, unless the
statute otherwise dictates, that Congress means to incorporate
the established meaning of these terms,” Rossi, 391 F.3d at
1004 n.4 (9th Cir. 2004) (quoting Neder v. United States, 527
U.S. 1, 21 (1999)), we hold that “direct financial benefit”
should be interpreted consistent with the similarly-worded
common law standard for vicarious copyright liability. See,
e.g., Ellison, 357 F.3d at 1078 (a vicariously liable copyright
infringer “derive[s] a direct financial benefit from the
infringement and ha[s] the right and ability to supervise the
infringing activity”). Thus, the relevant inquiry is “whether
the infringing activity constitutes a draw for subscribers, not
just an added benefit.” Id. at 1079. In Ellison, the court held
that “no jury could reasonably conclude that AOL received a
3576            PERFECT 10, INC. v. CCBILL LLC
direct financial benefit from providing access to the infringing
material” because “[t]he record lacks evidence that AOL
attracted or retained subscriptions because of the infringement
or lost subscriptions because of AOL’s eventual obstruction
of the infringement.” Id.

   [23] In this case, Perfect 10 provides almost no evidence
about the alleged direct financial benefit to CWIE. Perfect 10
only alleges that “CWIE ‘hosts’ websites for a fee.” This alle-
gation is insufficient to show that the infringing activity was
“a draw” as required by Ellison. 357 F.3d at 1079. Further-
more, the legislative history expressly states that “receiving a
one-time set-up fee and flat, periodic payments for service
from a person engaging in infringing activities would not con-
stitute receiving a ‘financial benefit directly attributable to the
infringing activity.’ ” H.R. Rep., at 54. Perfect 10 has not
raised a genuine issue of material fact that CWIE receives a
direct financial benefit from infringing activity. Because
CWIE does not receive a direct financial benefit, CWIE meets
the requirements of § 512(c).

  [24] If the district court finds that CWIE meets the thresh-
old requirements of § 512(i), CWIE is entitled to safe harbor
under § 512(c).

       II.   COMMUNICATIONS DECENCY ACT

   [25] The Communications Decency Act states that “[n]o
provider or user of an interactive computer service shall be
treated as the publisher or speaker of any information pro-
vided by another information content provider,” and expressly
preempts any state law to the contrary. 47 U.S.C.
§§ 230(c)(1), (e)(3). “The majority of federal circuits have
interpreted the CDA to establish broad ‘federal immunity to
any cause of action that would make service providers liable
for information originating with a third-party user of the ser-
vice.’ ” Almeida v. Amazon.com, Inc., 456 F.3d 1316, 1321
(11th Cir. 2006) (quoting Zeran v. America Online, Inc., 129
                PERFECT 10, INC. v. CCBILL LLC              3577
F.3d 327, 331 (4th Cir. 1997)); see also Carafano v. Metro-
splash.com, Inc., 339 F.3d 1119, 1122 (9th Cir. 2003) (citing
Batzel v. Smith, 333 F.3d 1018, 1026-27 (9th Cir. 2003)).

   The immunity created by § 230(c)(1) is limited by
§ 230(e)(2), which requires the court to “construe Section
230(c)(1) in a manner that would neither ‘limit or expand any
law pertaining to intellectual property.’ ” Gucci Am., Inc. v.
Hall & Assocs., 135 F. Supp. 2d 409, 413 (S.D.N.Y. 2001)
(quoting § 230(e)(2)). As a result, the CDA does not clothe
service providers in immunity from “law[s] pertaining to
intellectual property.” See Almeida, 456 F.3d at 1322.

   [26] The CDA does not contain an express definition of
“intellectual property,” and there are many types of claims in
both state and federal law which may—or may not—be char-
acterized as “intellectual property” claims. While the scope of
federal intellectual property law is relatively well-established,
state laws protecting “intellectual property,” however defined,
are by no means uniform. Such laws may bear various names,
provide for varying causes of action and remedies, and have
varying purposes and policy goals. Because material on a
website may be viewed across the Internet, and thus in more
than one state at a time, permitting the reach of any particular
state’s definition of intellectual property to dictate the con-
tours of this federal immunity would be contrary to Con-
gress’s expressed goal of insulating the development of the
Internet from the various state-law regimes. See 47 U.S.C.
§§ 230(a) and (b); see also Batzel, 333 F.3d at 1027 (noting
that “courts construing § 230 have recognized as critical in
applying the statute the concern that lawsuits could threaten
the ‘freedom of speech in the new and burgeoning Internet
medium’ ” (quoting Zeran, 129 F.3d at 330)). In the absence
of a definition from Congress, we construe the term “intellec-
tual property” to mean “federal intellectual property.”
Accordingly, CCBill and CWIE are eligible for CDA immu-
nity for all of the state claims raised by Perfect 10.
3578             PERFECT 10, INC. v. CCBILL LLC
       III.   DIRECT COPYRIGHT INFRINGEMENT

   “Plaintiffs must satisfy two requirements to present a prima
facie case of direct infringement: (1) they must show owner-
ship of the allegedly infringed material and (2) they must
demonstrate that the alleged infringers violate at least one
exclusive right granted to copyright holders under 17 U.S.C.
§ 106.” Napster, 239 F.3d at 1013. Perfect 10 alleges that
CCBill and CWIE directly infringed its copyrights through its
website, hornybees.com.

  There is a genuine issue of material fact as to the relation-
ship between CCBill/CWIE and hornybees.com. CCBill and
CWIE state that hornybees.com is operated by an entity called
“CCBucks,” and that CCBill and CWIE have no interest in
hornybees.com. However, the hornybees.com website reads:
“Brought to you by CCBill LLC and Cavecreek Web Host-
ing.” The record indicates that Cavecreek Web Hosting may
be CWIE, and that CWIE may be the registrant of horny-
bees.com. Furthermore, the vice president of operations of
both CCBill and CWIE lists CCBucks as being related to
CWIE and CCBill.

   Perfect 10 has also raised a genuine issue of material fact
that hornybees.com has infringed Perfect 10’s copyrights by
posting pictures of a Perfect 10 model’s body with the head
of a celebrity. The declaration provided by Perfect 10’s
founder and president asserting that the photo is that of a Per-
fect 10 model is sufficient evidence to raise a genuine issue
of material fact.

  [27] Because Perfect 10 has raised a triable issue whether
CCBill and CWIE directly infringed Perfect 10 copyrights by
operating hornybees.com, and because the district court did
not address this issue in its order granting summary judgment
                 PERFECT 10, INC. v. CCBILL LLC                3579
in favor of Perfect 10, we remand this issue for a determina-
tion by the district court.5

         IV.    COSTS AND ATTORNEY’S FEES

   The Copyright Act of 1976 permits the district court to
“award a reasonable attorney’s fee to the prevailing party as
part of the costs.” 17 U.S.C. § 505. Fees are proper under this
statute when either successful prosecution or successful
defense of the action furthers the purposes of the Copyright
Act. See Fantasy, Inc. v. Fogerty, 94 F.3d 553, 558 (9th Cir.
1996) (“[A] successful defense of a copyright infringement
action may further the policies of the Copyright Act every bit
as much as a successful prosecution of an infringement claim
by the holder of a copyright.” (quoting Fogerty v. Fantasy,
Inc., 510 U.S. 517, 527 (1994)). As such, prevailing defen-
dants as well as prevailing plaintiffs are eligible for such an
award, and the standards for evaluating whether an award is
proper are the same regardless of which party prevails.
Fogerty v. Fantasy, Inc., 510 U.S. 517, 534 (1994).

   Thus, the awarding of attorney’s fees is a matter for the dis-
trict court’s discretion. Id. To guide that discretion, the
Supreme Court endorsed the non-exclusive list employed by
the Third Circuit in Lieb v. Topstone Industries, Inc., 788 F.2d
151, 156 (1986) (the so-called “Lieb factors”). Fogerty, 510
U.S. at 534 n.19. The list includes “frivolousness, motivation,
objective unreasonableness (both in the factual and in the
legal components of the case) and the need in particular cir-
cumstances to advance considerations of compensation and
deterrence.” Id.

   [28] The district court made clear in its order denying fees
that it had weighed each of the Lieb factors and validly exer-
cised its discretion to deny defendants’ fees. Defendants argue
  5
  If CCBill and CWIE operate hornybees.com, no immunity for infringe-
ment on that site is available under either the DMCA or the CDA.
3580            PERFECT 10, INC. v. CCBILL LLC
that the district judge inadequately considered these factors,
that Perfect 10’s litigation positions were frivolous and merit-
less, and that Perfect 10 is a serial filer of nuisance copyright
claims. Because we reverse in part and remand a substantial
portion of this case to the district court, there is ample support
for the district court’s finding that Perfect 10’s legal claims
are not frivolous or objectively unreasonable. The district
court reasonably found the evidence regarding Perfect 10’s
motivation to be equivocal, and did not abuse its discretion in
weighing the interests of compensation and deterrence and
denying costs and attorney’s fees to defendants.

                        CONCLUSION

   We remand to the district court for a determination of
whether CCBill and CWIE reasonably implemented a policy
under § 512(i)(1)(A) based on its treatment of non-party
copyright holders. Because § 512(i)(1)(A) is a threshold
determination, we remand the remaining issues under § 512
for further proceedings consistent with this opinion.

   We remand for further determination of whether horny-
bees.com is owned by CCBill or CWIE, and if so, whether
CCBill or CWIE are directly liable under state or federal law
for its operation.

   The district court’s decision regarding CDA immunity is
affirmed as to the unfair competition and false advertising
claims, and reversed as to the right of publicity claim.

   We affirm the district court’s decision to deny an award of
attorney’s fees and costs to defendants.

  Each party shall bear its own costs on appeal.

 AFFIRMED IN PART, REVERSED IN PART, AND
REMANDED
