                Corrected Reprint 6/4/2007

                  FOR PUBLICATION
  UNITED STATES COURT OF APPEALS
       FOR THE NINTH CIRCUIT

PERFECT 10, INC., a California          
corporation,
                Plaintiff-Appellant,
                 v.
CCBILL LLC, a corporation;                    No. 04-57143
CAVECREEK WHOLESALE INTERNET
EXCHANGE, a corporation d/b/a                  D.C. No.
                                            CV-02-07624-LGB
CWIE LLC,
             Defendants-Appellees,
               and
NETPASS SYSTEMS INC., a
corporation,
                         Defendant.
                                        
PERFECT 10, INC., a California          
corporation,
                  Plaintiff-Appellee,         No. 04-57207
                 v.                             D.C. No.
CCBILL LLC, a corporation;
                                            CV-02-07624-LGB
CAVECREEK WHOLESALE INTERNET
EXCHANGE, a corporation d/b/a                  ORDER
CWIE LLC,                                     AMENDING
             Defendants-Appellants,          OPINION AND
                and                           AMENDED
NETPASS SYSTEMS INC., a                        OPINION
corporation,
                          Defendant.
                                        


                             6535
6536          PERFECT 10, INC. v. CCBILL LLC
       Appeal from the United States District Court
          for the Central District of California
       Lourdes G. Baird, District Judge, Presiding

               Argued and Submitted
        December 4, 2006—Pasadena, California

                  Filed March 29, 2007
                 Amended May 31, 2007

        Before: Stephen Reinhardt, Alex Kozinski,
           Milan D. Smith, Jr., Circuit Judges.

          Opinion by Judge Milan D. Smith, Jr.
               PERFECT 10, INC. v. CCBILL LLC                  6541


                         COUNSEL

Daniel J. Cooper, General Counsel, Perfect 10, Inc., Beverly
Hills, California, and Jeffrey N. Mausner, Berman, Mausner
& Resser, A Law Corporation, Los Angeles, California, for
the plaintiff-appellant/cross-appellee.

Jay M. Spillane, Fox & Spillane, LLP, Los Angeles, Califor-
nia, and John P. Flynn, Tiffany & Bosco, P.A., Phoenix, Ari-
zona, for the defendants-appellees/cross-appellants.


                           ORDER

  The opinion filed on March 29, 2007, is amended as fol-
lows:

   On slip opinion page 3577, line 33, after “federal intellec-
tual property.” insert the following footnote:

       In its petition for rehearing, Perfect 10 claims that
    our decision on this point conflicts with Universal
    Communication Systems, Inc. v. Lycos, Inc., 478
    F.3d 413 (1st Cir. 2007). But neither party in that
    case raised the question of whether state law counts
    as “intellectual property” for purposes of § 230 and
    the court seems to simply have assumed that it does.
    We thus create no conflict with Universal Communi-
    cation.

       We note that Universal Communication demon-
    strates the difficulties inherent in allowing state laws
6542           PERFECT 10, INC. v. CCBILL LLC
    to count as intellectual property for CDA purposes.
    In that case, the district court struggled with the
    question of whether the “trademark dilution” claim
    brought under Florida Law counted as intellectual
    property for purposes of the CDA, and concluded
    that it was more like a defamation claim than a trade-
    mark claim. Id. at 423 n.7. Rather than decide how
    to draw the line between defamation and trademark,
    the First Circuit held that “because of the serious
    First Amendment issues that would be raised” if
    Lycos were found liable, defendant had not violated
    the Florida statute. Id. at 423.

       The First Circuit was able to sidestep the question
    of what counted as intellectual property on First
    Amendment grounds. But we cannot do so here.
    States have any number of laws that could be charac-
    terized as intellectual property laws: trademark,
    unfair competition, dilution, right of publicity and
    trade defamation, to name just a few. Because such
    laws vary widely from state to state, no litigant will
    know if he is entitled to immunity for a state claim
    until a court decides the legal issue. And, of course,
    defendants that are otherwise entitled to CDA immu-
    nity will usually be subject to the law of numerous
    states. An entity otherwise entitled to § 230 immu-
    nity would thus be forced to bear the costs of litiga-
    tion under a wide variety of state statutes that could
    arguably be classified as “intellectual property.” As
    a practical matter, inclusion of rights protected by
    state law within the “intellectual property” exemp-
    tion would fatally undermine the broad grant of
    immunity provided by the CDA.

   With this amendment, the panel has voted to deny the peti-
tion for rehearing and petition for rehearing en banc.

  The full court has been advised of the petition for rehearing
en banc, and no judge of the court has requested a vote on it.
               PERFECT 10, INC. v. CCBILL LLC           6543
   The petition for rehearing and petition for rehearing en
banc are DENIED. No further petitions for rehearing may be
filed.


                         OPINION

MILAN D. SMITH, JR., Circuit Judge:

   Perfect 10, the publisher of an adult entertainment maga-
zine and the owner of the subscription website perfect10.com,
alleges that CCBill and CWIE violated copyright, trademark,
and state unfair competition, false advertising and right of
publicity laws by providing services to websites that posted
images stolen from Perfect 10’s magazine and website. Per-
fect 10 appeals the district court’s finding that CCBill and
CWIE qualified for certain statutory safe harbors from copy-
right infringement liability under the Digital Millennium
Copyright Act (“DMCA”), 17 U.S.C. § 512, and that CCBill
and CWIE were immune from liability for state law unfair
competition and false advertising claims based on the Com-
munications Decency Act (“CDA”), 47 U.S.C. § 230(c)(1).
CCBill and CWIE cross-appeal, arguing that the district court
erred in holding that the CDA does not provide immunity
against Perfect 10’s right of publicity claims and in denying
their requests for costs and attorney’s fees under the Copy-
right Act.

   We have jurisdiction pursuant to 28 U.S.C. § 1291. We
affirm in part, reverse in part, and remand.

                     BACKGROUND

   Perfect 10 is the publisher of the eponymous adult enter-
tainment magazine and the owner of the website, per-
fect10.com. Perfect10.com is a subscription site where
consumers pay a membership fee in order to gain access to
6544            PERFECT 10, INC. v. CCBILL LLC
content on the website. Perfect 10 has created approximately
5,000 images of models for display in its website and maga-
zine. Many of the models in these images have signed
releases assigning their rights of publicity to Perfect 10. Per-
fect 10 also holds registered U.S. copyrights for these images
and owns several related, registered trademark and service
marks.

   CWIE provides webhosting and related Internet connectiv-
ity services to the owners of various websites. For a fee,
CWIE provides “ping, power, and pipe,” services to their cli-
ents by ensuring the “box” or server is on, ensuring power is
provided to the server and connecting the client’s service or
website to the Internet via a data center connection. CCBill
allows consumers to use credit cards or checks to pay for sub-
scriptions or memberships to e-commerce venues.

   Beginning August 10, 2001, Perfect 10 sent letters and
emails to CCBill and CWIE stating that CCBill and CWIE
clients were infringing Perfect 10 copyrights. Perfect 10
directed these communications to Thomas A. Fisher, the des-
ignated agent to receive notices of infringement. Fisher is also
the Executive Vice-President of both CCBill and CWIE. Rep-
resentatives of celebrities who are not parties to this lawsuit
also sent notices of infringement to CCBill and CWIE. On
September 30, 2002, Perfect 10 filed the present action alleg-
ing copyright and trademark violations, state law claims of
violation of right of publicity, unfair competition, false and
misleading advertising, as well as RICO claims.

                STANDARDS OF REVIEW

  We review a district court’s grant of summary judgment de
novo. Rossi v. Motion Picture Ass’n of Am. Inc., 391 F.3d
1000, 1002 (9th Cir. 2004). “Viewing the evidence in the light
most favorable to the nonmoving party, we must determine
whether there are any genuine issues of material fact and
whether the district court correctly applied the relevant sub-
                  PERFECT 10, INC. v. CCBILL LLC                    6545
stantive law.” Leever v. Carson City, 360 F.3d 1014, 1017
(9th Cir. 2004). The district court’s interpretations of the
Copyright Act are also reviewed de novo. Ellison v. Robert-
son, 357 F.3d 1072, 1076 (9th Cir. 2004).

  We review a district court’s decision to grant or deny attor-
ney’s fees under the Copyright Act for abuse of discretion.
Columbia Pictures Television, Inc. v. Krypton Broad. of Bir-
mingham, Inc., 259 F.3d 1186, 1197 (9th Cir. 2001).

                           DISCUSSION

             I.   SECTION 512 SAFE HARBORS

   [1] The DMCA established certain safe harbors to “provide
protection from liability for: (1) transitory digital network
communications; (2) system caching; (3) information residing
on systems or networks at the direction of users; and (4) infor-
mation location tools.” Ellison, 357 F.3d at 1076-77 (citing 17
U.S.C. §§ 512(a)-(d)) (footnotes omitted). These safe harbors
limit liability but “do not affect the question of ultimate liabil-
ity under the various doctrines of direct, vicarious, and con-
tributory liability,” Perfect 10, Inc. v. Cybernet Ventures, Inc.,
213 F. Supp. 2d 1146, 1174 (C.D. Cal. 2002) (citing H.R.
Rep. 105-551 (II), at 50 (1998) (“H.R. Rep.”),1 and “nothing
in the language of § 512 indicates that the limitation on liabil-
ity described therein is exclusive.” CoStar Group, Inc. v.
LoopNet, Inc., 373 F.3d 544, 552 (4th Cir. 2004).

A.    Reasonably Implemented Policy: § 512(i)(1)(A)

   [2] To be eligible for any of the four safe harbors at
§§ 512(a)-(d), a service provider must first meet the threshold
conditions set out in § 512(i), including the requirement that
the service provider:
  1
   The relevant portions of H.R. Rep. 105-551 (II) (1998) and S. Rep.
105-190 (1998) are largely identical. We cite to H.R. Rep. for purposes of
consistency.
6546              PERFECT 10, INC. v. CCBILL LLC
       [H]as adopted and reasonably implemented, and
       informs subscribers and account holders of the ser-
       vice provider’s system or network of, a policy that
       provides for the termination in appropriate circum-
       stances of subscribers and account holders of the ser-
       vice provider’s system or network who are repeat
       infringers.

Section 512(i)(1)(A); Ellison, 357 F.3d at 1080.

   [3] The statute does not define “reasonably implemented.”
We hold that a service provider “implements” a policy if it
has a working notification system, a procedure for dealing
with DMCA-compliant notifications, and if it does not
actively prevent copyright owners from collecting information
needed to issue such notifications. Ellison, 357 F.3d at 1080
(working notification system required); Corbis Corp. v. Ama-
zon.com, Inc., 351 F. Supp. 2d 1090, 1102-03 (W.D. Wash.
2004) (must adopt procedure for dealing with notifications);
In re Aimster Copyright Litig., 252 F. Supp. 2d 634, 659
(N.D. Ill. 2002) (policy not implemented if service provider
actively blocks collection of information). The statute permits
service providers to implement a variety of procedures, but an
implementation is reasonable if, under “appropriate circum-
stances,” the service provider terminates users who repeatedly
or blatantly infringe copyright. See 17 U.S.C. § 512(i); Cor-
bis, 351 F. Supp. 2d at 1102.

  1.     “Implementation”

   Perfect 10 argues that there is a genuine issue of material
fact whether CCBill and CWIE prevented the implementation
of their policies by failing to keep track of repeatedly infring-
ing webmasters. The district court found that there was not,
and we agree.

  In Ellison, Stephen Robertson posted copies of Harlan Elli-
son’s copyrighted short stories on Internet newsgroups avail-
                PERFECT 10, INC. v. CCBILL LLC              6547
able through USENET servers. 357 F.3d at 1075. Ellison
asserted that America Online, Inc. (“AOL”) had infringed his
copyright by providing access to the USENET servers. Id.
Based on evidence that AOL changed its contact email
address for copyright infringement notices from copy-
right@aol.com to aolcopyright@aol.com in the fall of 1999,
but neglected to register the change with the U.S. Copyright
Office until April 2000, we held that the district court erred
in concluding on summary judgment that AOL satisfied the
requirements of § 512(i). Id. at 1077. Even though Ellison did
not learn of the infringing activity until after AOL had noti-
fied the U.S. Copyright Office of the correct email address,
we found that “AOL allowed notices of potential copyright
infringement to fall into a vacuum and go unheeded; that fact
is sufficient for a reasonable jury to conclude that AOL had
not reasonably implemented its policy against repeat infring-
ers.” Id. at 1080.

   Similarly, the Aimster cases hold that a repeat infringer pol-
icy is not implemented under § 512(i)(1)(A) if the service pro-
vider prevents copyright holders from providing DMCA-
compliant notifications. In Aimster, the district court held that
Aimster did not reasonably implement its stated repeat
infringer policy because “the encryption on Aimster renders
it impossible to ascertain which users are transferring which
files.” 252 F. Supp. 2d at 659. The court found that
“[a]dopting a repeat infringer policy and then purposely evis-
cerating any hope that such a policy could ever be carried out
is not an ‘implementation’ as required by § 512(i).” Id. The
Seventh Circuit affirmed, finding that Aimster did not meet
the requirement of § 512(i)(1)(A) because, in part, “by teach-
ing its users how to encrypt their unlawful distribution of
copyrighted materials [Aimster] disabled itself from doing
anything to prevent infringement.” In re Aimster Copyright
Litig., 334 F.3d 643, 655 (7th Cir. 2003).

   [4] Based on Ellison and the Aimster cases, a substantial
failure to record webmasters associated with allegedly
6548            PERFECT 10, INC. v. CCBILL LLC
infringing websites may raise a genuine issue of material fact
as to the implementation of the service provider’s repeat
infringer policy. In this case, however, the record does not
reflect such a failure. Perfect 10 references a single page from
CCBill and CWIE’s “DMCA Log.” Although this page shows
some empty fields in the spreadsheet column labeled “Web-
masters [sic] Name,” Perfect 10’s conclusion that the DMCA
Log thus “does not reflect any effort to track notices of
infringements received by webmaster identity” is not sup-
ported by evidence in the record. The remainder of the
DMCA Log indicates that the email address and/or name of
the webmaster is routinely recorded in CCBill and CWIE’s
DMCA Log. CCBill’s interrogatory responses dated Decem-
ber 11, 2003 also contain a chart indicating that CCBill and
CWIE largely kept track of the webmaster for each website.

   [5] Unlike Ellison and Aimster, where the changed email
address and the encryption system ensured that no informa-
tion about the repeat infringer was collected, it is undisputed
that CCBill and CWIE recorded most webmasters. The dis-
trict court properly concluded that the DMCA Log does not
raise a triable issue of fact that CCBill and CWIE did not
implement a repeat infringer policy.

  2.   Reasonableness

   [6] A service provider reasonably implements its repeat
infringer policy if it terminates users when “appropriate.” See
Corbis, 351 F. Supp. 2d at 1104. Section 512(i) itself does not
clarify when it is “appropriate” for service providers to act. It
only requires that a service provider terminate users who are
“repeat infringers.”

   [7] To identify and terminate repeat infringers, a service
provider need not affirmatively police its users for evidence
of repeat infringement. Section 512(c) states that “[a] service
provider shall not be liable for monetary relief” if it does not
know of infringement. A service provider is also not liable
                    PERFECT 10, INC. v. CCBILL LLC                     6549
under § 512(c) if it acts “expeditiously to remove, or disable
access to, the material” when it (1) has actual knowledge, (2)
is aware of facts or circumstances from which infringing
activity is apparent, or (3) has received notification of claimed
infringement meeting the requirements of § 512(c)(3). Were
we to require service providers to terminate users under cir-
cumstances other than those specified in § 512(c), § 512(c)’s
grant of immunity would be meaningless. This interpretation
of the statute is supported by legislative history. See H.R.
Rep., at 61 (Section 512(i) is not intended “to undermine the
. . . knowledge standard of [§ 512](c).”).

   Perfect 10 claims that CCBill and CWIE unreasonably
implemented their repeat infringer policies by tolerating fla-
grant and blatant copyright infringement by its users despite
notice of infringement from Perfect 10, notice of infringement
from copyright holders not a party to this litigation and “red
flags” of copyright infringement.

       a.   Perfect 10’s Claimed Notice of Infringement

   Perfect 10 argues that CCBill and CWIE implemented their
repeat infringer policy in an unreasonable manner because
CCBill and CWIE received notices of infringement from Per-
fect 10, and yet the infringement identified in these notices
continued. The district court found that Perfect 10 did not pro-
vide notice that substantially complied with the requirements
of § 512(c)(3),2 and thus did not raise a genuine issue of mate-
  2
   Section 512(c)(3) reads:
      (A) To be effective under this subsection, a notification of
      claimed infringement must be a written communication provided
      to the designated agent of a service provider that includes sub-
      stantially the following:
      (i) A physical or electronic signature of a person authorized to
      act on behalf of the owner of an exclusive right that is allegedly
      infringed.
6550             PERFECT 10, INC. v. CCBILL LLC
rial fact as to whether CCBill and CWIE reasonably imple-
mented their repeat infringer policy. We agree.

   [8] Compliance is not “substantial” if the notice provided
complies with only some of the requirements of
§ 512(c)(3)(A). Section 512(c)(3)(B)(ii) explains that a ser-
vice provider will not be deemed to have notice of infringe-
ment when “the notification that is provided to the service
provider’s designated agent fails to comply substantially with
all the provisions of subparagraph (A) but substantially com-
plies with clauses (ii), (iii), and (iv) of subparagraph (A)” so
long as the service provider responds to the inadequate notice
and explains the requirements for substantial compliance. The
statute thus signals that substantial compliance means sub-
stantial compliance with all of § 512(c)(3)’s clauses, not just
some of them. See H.R. Rep., at 56 (A communication sub-
stantially complies even if it contains technical errors such as

   (ii) Identification of the copyrighted work claimed to have been
   infringed, or, if multiple copyrighted works at a single online site
   are covered by a single notification, a representative list of such
   works at that site.
   (iii) Identification of the material that is claimed to be infring-
   ing or to be the subject of infringing activity and that is to be
   removed or access to which is to be disabled, and information
   reasonably sufficient to permit the service provider to locate the
   material.
   (iv) Information reasonably sufficient to permit the service pro-
   vider to contact the complaining party, such as an address, tele-
   phone number, and, if available, an electronic mail address at
   which the complaining party may be contacted.
   (v) A statement that the complaining party has a good faith
   belief that use of the material in the manner complained of is not
   authorized by the copyright owner, its agent, or the law.
   (vi) A statement that the information in the notification is accu-
   rate, and under penalty of perjury, that the complaining party is
   authorized to act on behalf of the owner of an exclusive right that
   is allegedly infringed.
                  PERFECT 10, INC. v. CCBILL LLC                    6551
misspellings or outdated information.). See also Recording
Indus. Ass’n of Am., Inc. v. Verizon Internet Servs., Inc., 351
F.3d 1229, 1236 (D.C. Cir. 2003) (citing H.R. Rep., at 56).3

   Perfect 10 claims that it met the requirements of
§ 512(c)(3) through a combination of three sets of documents.
The first set of documents is a 22,185 page bates-stamped
production on October 16, 2002 that includes pictures with
URLs of Perfect 10 models allegedly posted on CCBill or
CWIE client websites. The October 16, 2002 production did
not contain a statement under penalty of perjury that the com-
plaining party was authorized to act, as required by
§ 512(c)(3)(A)(vi). The second set of documents was also not
sworn to, and consisted of a spreadsheet emailed to Fisher on
July 14, 2003 identifying the Perfect 10 models in the October
16, 2002 production by bates number. On December 2, 2003,
Perfect 10 completed interrogatory responses which were
signed under penalty of perjury. These responses incorporated
the July 14, 2003 spreadsheet by reference.

   [9] Taken individually, Perfect 10’s communications do not
substantially comply with the requirements of § 512(c)(3).
Each communication contains more than mere technical
errors; often one or more of the required elements are entirely
absent. See Perfect 10, Inc. v. CCBill, LLC, 340 F. Supp. 2d
1077, 1100-01 (C.D. Cal. 2004) (“Order”). In order to sub-
stantially comply with § 512(c)(3)’s requirements, a notifica-
tion must do more than identify infringing files. The DMCA
requires a complainant to declare, under penalty of perjury,
that he is authorized to represent the copyright holder, and
that he has a good-faith belief that the use is infringing. This
requirement is not superfluous. Accusations of alleged
infringement have drastic consequences: A user could have
  3
   We do not read the Fourth Circuit’s holding in ALS Scan, Inc. v.
RemarQ Communities, Inc., 239 F.3d 619, 625 (4th Cir. 2001), as holding
that only location information is required for substantial compliance with
the terms of § 512(c)(3).
6552               PERFECT 10, INC. v. CCBILL LLC
content removed, or may have his access terminated entirely.
If the content infringes, justice has been done. But if it does
not, speech protected under the First Amendment could be
removed. We therefore do not require a service provider to
start potentially invasive proceedings if the complainant is
unwilling to state under penalty of perjury that he is an autho-
rized representative of the copyright owner, and that he has a
good-faith belief that the material is unlicensed.4

   Permitting a copyright holder to cobble together adequate
notice from separately defective notices also unduly burdens
service providers. Indeed, the text of § 512(c)(3) requires that
the notice be “a written communication.” (Emphasis added).
Again, this requirement is not a mere technicality. It would
have taken Fisher substantial time to piece together the rele-
vant information for each instance of claimed infringement.
To do so, Fisher would have to first find the relevant line in
the spreadsheet indicating ownership information, then comb
the 22,185 pages provided by Perfect 10 in order to find the
appropriate image, and finally copy into a browser the loca-
tion printed at the top of the page—a location which was, in
some instances, truncated. The DMCA notification proce-
dures place the burden of policing copyright infringement—
identifying the potentially infringing material and adequately
documenting infringement—squarely on the owners of the
copyright. We decline to shift a substantial burden from the
copyright owner to the provider; Perfect 10’s separate com-
munications are inadequate.

  [10] Since Perfect 10 did not provide effective notice,
knowledge of infringement may not be imputed to CCBill or
  4
   Perfect 10’s argument that its initial notice substantially complied with
the DMCA’s notice requirements because Fisher, the recipient of that
notice, admitted that he could have found the infringing photographs on
the basis of the October 16, 2002, bates-stamped production, is thus beside
the point. Without the predicate certification under penalty of perjury,
Fisher would have had no reason to go looking for the photographs.
               PERFECT 10, INC. v. CCBILL LLC             6553
CWIE based on Perfect 10’s communications. Perfect 10’s
attempted notice does not raise a genuine issue of material
fact that CCBill and CWIE failed to reasonably implement a
repeat infringer policy within the meaning of § 512(i)(1)(A).

    b.   Non-Party Notices

   Perfect 10 also cites to notices of infringement by other
copyright holders, and argues that CCBill and CWIE did not
reasonably implement their repeat infringer policies because
they continued to provide services for websites that infringed
non-party copyrights. The district court expressly declined to
consider evidence of notices provided by any party other than
Perfect 10 on the basis that these notices were irrelevant to
Perfect 10’s claims. We disagree.

   [11] CCBill and CWIE’s actions towards copyright holders
who are not a party to the litigation are relevant in determin-
ing whether CCBill and CWIE reasonably implemented their
repeat infringer policy. Section 512(i)(1)(A) requires an
assessment of the service provider’s “policy,” not how the
service provider treated a particular copyright holder. See
Ellison, 357 F.3d at 1080 (AOL’s repeat infringer policy was
not reasonably implemented because copyright holders other
than Ellison could have attempted to notify AOL during the
time that AOL’s email address was incorrectly listed.). Thus,
CCBill and CWIE’s response to adequate non-party notifica-
tions is relevant in determining whether they reasonably
implemented their policy against repeat infringers.

   [12] A policy is unreasonable only if the service provider
failed to respond when it had knowledge of the infringement.
The district court in this case did not consider any evidence
relating to copyright holders other than Perfect 10. We
remand for determination of whether CCBill and/or CWIE
implemented its repeat infringer policy in an unreasonable
manner with respect to any copyright holder other than Per-
fect 10.
6554            PERFECT 10, INC. v. CCBILL LLC
    c.   Apparent Infringing Activity

   [13] In importing the knowledge standards of § 512(c) to
the analysis of whether a service provider reasonably imple-
mented its § 512(i) repeat infringer policy, Congress also
imported the “red flag” test of § 512(c)(1)(A)(ii). Under this
section, a service provider may lose immunity if it fails to
take action with regard to infringing material when it is
“aware of facts or circumstances from which infringing activ-
ity is apparent.” § 512(c)(1)(A)(ii). Notice that fails to sub-
stantially comply with § 512(c)(3), however, cannot be
deemed to impart such awareness. §§ 512(c)(3)(B)(i) & (ii).

  Perfect 10 alleges that CCBill and CWIE were aware of a
number of “red flags” that signaled apparent infringement.
Because CWIE and CCBill provided services to “illegal.net”
and “stolencelebritypics.com,” Perfect 10 argues that they
must have been aware of apparent infringing activity. We dis-
agree. When a website traffics in pictures that are titillating by
nature, describing photographs as “illegal” or “stolen” may be
an attempt to increase their salacious appeal, rather than an
admission that the photographs are actually illegal or stolen.
We do not place the burden of determining whether photo-
graphs are actually illegal on a service provider.

   Perfect 10 also argues that a disclaimer posted on illegal.net
made it apparent that infringing activity had taken place. Per-
fect 10 alleges no facts showing that CWIE and CCBill were
aware of that disclaimer, and, in any event, we disagree that
the disclaimer made infringement apparent. The disclaimer in
question stated: “The copyrights of these files remain the cre-
ator’s. I do not claim any rights to these files, other than the
right to post them.” Contrary to Perfect 10’s assertion, this
disclaimer is not a “red flag” of infringement. The disclaimer
specifically states that the webmaster has the right to post the
files.

   In addition, Perfect 10 argues that password-hacking web-
sites, hosted by CWIE, also obviously infringe. While such
                PERFECT 10, INC. v. CCBILL LLC             6555
sites may not directly infringe on anyone’s copyright, they
may well contribute to such infringement. The software pro-
vided by Grokster in Metro-Goldwyn-Mayer Studios Inc. v.
Grokster, Ltd., 545 U.S. 913 (2005), also did not itself
infringe, but did enable users to swap infringing files. Grok-
ster held that “instructing [users] how to engage in an infring-
ing use” could constitute contributory infringement. Id. at
936. Similarly, providing passwords that enable users to ille-
gally access websites with copyrighted content may well
amount to contributory infringement.

   [14] However, in order for a website to qualify as a “red
flag” of infringement, it would need to be apparent that the
website instructed or enabled users to infringe another’s copy-
right. See A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004,
1013 n.2 (9th Cir. 2001). We find that the burden of determin-
ing whether passwords on a website enabled infringement is
not on the service provider. The website could be a hoax, or
out of date. The owner of the protected content may have sup-
plied the passwords as a short-term promotion, or as an
attempt to collect information from unsuspecting users. The
passwords might be provided to help users maintain anonym-
ity without infringing on copyright. There is simply no way
for a service provider to conclude that the passwords enabled
infringement without trying the passwords, and verifying that
they enabled illegal access to copyrighted material. We
impose no such investigative duties on service providers.
Password-hacking websites are thus not per se “red flags” of
infringement.

   [15] Perfect 10 also alleges that “red flags” raised by third
parties identified repeat infringers who were not terminated.
Because the district court did not consider potential red flags
raised by third parties, we remand to the district court to
determine whether third-party notices made CCBill and
CWIE aware that it provided services to repeat infringers, and
if so, whether they responded appropriately.
6556             PERFECT 10, INC. v. CCBILL LLC
B.     Standard Technical Measures: § 512(i)(1)(B)

  [16] Under § 512(i)(1)(B), a service provider that interferes
with “standard technical measures” is not entitled to the safe
harbors at §§ 512(a)-(d). “Standard technical measures” refers
to a narrow group of technology-based solutions to online
copyright infringement:

       [T]he term “standard technical measures” means
       technical measures that are used by copyright own-
       ers to identify or protect copyrighted works and—

           (A) have been developed pursuant to a
           broad consensus of copyright owners and
           service providers in an open, fair, volun-
           tary, multi-industry standards process;

           (B) are available to any person on reason-
           able and nondiscriminatory terms; and

           (C) do not impose substantial costs on ser-
           vice providers or substantial burdens on
           their systems or networks.

§ 512(i)(2). Perfect 10 argues that CCBill does not qualify for
any safe harbor because it interfered with “standard technical
measures” by blocking Perfect 10’s access to CCBill affiliated
websites in order to prevent Perfect 10 from discovering
whether those websites infringed Perfect 10 copyrights.

     There are two disputed facts here.

   We are unable to determine on this record whether access-
ing websites is a standard technical measure, which was “de-
veloped pursuant to a broad consensus of copyright owners
and service providers in an open, fair, voluntary, multi-
industry standards process.” § 512(i)(2)(A). We thus remand
to the district court to determine whether access to a website
                PERFECT 10, INC. v. CCBILL LLC                6557
is a “standard technical measure,” and if so, whether CCBill
interfered with that access.

   [17] If allowing access is a standard technical measure,
CCBill claims it only blocked Perfect 10’s credit card because
Perfect 10 had previously reversed charges for subscriptions;
Perfect 10 insists it did so in order to prevent Perfect 10 from
identifying infringing content. If CCBill is correct, Perfect
10’s method of identifying infringement—forcing CCBill to
pay the fines and fees associated with chargebacks—may well
impose a substantial cost on CCBill. If not, CCBill may well
have interfered with Perfect 10’s efforts to police the websites
in question for possible infringements. Because there are dis-
puted issues of material fact, we remand to the district court
for a determination of whether CCBill’s refusal to process
Perfect 10’s transactions interfered with a “standard technical
measure” for identifying infringement.

C.   Transitory Digital Network Communications:
     § 512(a)

   [18] Section 512(a) provides safe harbor for service provid-
ers who act as conduits for infringing content. In order to
qualify for the safe harbor of § 512(a), a party must be a ser-
vice provider under a more restrictive definition than applica-
ble to the other safe harbors provided under § 512:

     As used in subsection (a), the term “service provid-
     er” means an entity offering the transmission, rout-
     ing, or providing of connections for digital online
     communications, between or among points specified
     by a user, of material of the user’s choosing, without
     modification to the content of the material as sent or
     received.

Section 512 (k)(1)(A). The district court held that CCBill met
the requirements of § 512(k)(1)(A) by “provid[ing] a connec-
tion to the material on its clients’ websites through a system
6558            PERFECT 10, INC. v. CCBILL LLC
which it operates in order to provide its clients with billing
services.” Order at 1102. We reject Perfect 10’s argument that
CCBill is not eligible for immunity under § 512(a) because it
does not itself transmit the infringing material. A service pro-
vider is “an entity offering the transmission, routing, or pro-
viding of connections for digital online communications.”
§ 512(k)(1)(A). There is no requirement in the statute that the
communications must themselves be infringing, and we see
no reason to import such a requirement. It would be perverse
to hold a service provider immune for transmitting informa-
tion that was infringing on its face, but find it contributorily
liable for transmitting information that did not infringe.

   Section 512(a) provides a broad grant of immunity to ser-
vice providers whose connection with the material is tran-
sient. When an individual clicks on an Internet link, his
computer sends a request for the information. The company
receiving that request sends that request on to another com-
puter, which sends it on to another. After a series of such
transmissions, the request arrives at the computer that stores
the information. The requested information is then returned in
milliseconds, not necessarily along the same path. In passing
the information along, each intervening computer makes a
short-lived copy of the data. A short time later, the informa-
tion is displayed on the user’s computer.

   [19] Those intervening computers provide transient connec-
tions among users. The Internet as we know it simply cannot
exist if those intervening computers must block indirectly
infringing content. We read § 512(a)’s grant of immunity
exactly as it is written: Service providers are immune for
transmitting all digital online communications, not just those
that directly infringe.

   [20] CCBill transmits credit card information and proof of
payment, both of which are “digital online communications.”
However, we have little information as to how CCBill sends
the payment it receives to its account holders. It is unclear
                PERFECT 10, INC. v. CCBILL LLC                6559
whether such payment is a digital communication, transmitted
without modification to the content of the material, or trans-
mitted often enough that CCBill is only a transient holder. On
the record before us, we cannot conclude that CCBill is a ser-
vice provider under § 512(a). Accordingly, we remand to the
district court for further consideration the issue of whether
CCBill meets the requirements of § 512(a).

D.   Information Location Tools: § 512(d)

   After CCBill processes a consumer’s credit card and issues
a password granting access to a client website, CCBill dis-
plays a hyperlink so that the user may access the client web-
site. CCBill argues that it falls under the safe harbor of
§ 512(d) by displaying this hyperlink at the conclusion of the
consumer transaction. We disagree. Section 512 (d) reads:

     A service provider shall not be liable for monetary
     relief, or, except as provided in subsection (j), for
     injunctive or other equitable relief, for infringement
     of copyright by reason of the provider referring or
     linking users to an online location containing
     infringing material or infringing activity, by using
     information location tools, including a directory,
     index, reference, pointer, or hypertext link.

Even if the hyperlink provided by CCBill could be viewed as
an “information location tool,” the majority of CCBill’s func-
tions would remain outside of the safe harbor of § 512(d).
Section 512(d) provides safe harbor only for “infringement of
copyright by reason of the provider referring or linking users
to an online location containing infringing material or infring-
ing activity.” (Emphasis added). Perfect 10 does not claim
that CCBill infringed its copyrights by providing a hyperlink;
rather, Perfect 10 alleges infringement through CCBill’s per-
formance of other business services for these websites. Even
if CCBill’s provision of a hyperlink is immune under
6560            PERFECT 10, INC. v. CCBILL LLC
§ 512(n), CCBill does not receive blanket immunity for its
other services.

E.     Information Residing on Systems or Networks at the
       Direction of Users: § 512(c)

   Section 512(c) “limits the liability of qualifying service
providers for claims of direct, vicarious, and contributory
infringement for storage at the direction of a user of material
that resides on a system or network controlled or operated by
or for the service provider.” H.R. Rep., at 53. A service pro-
vider qualifies for safe harbor under § 512(c) if it meets the
requirements of § 512(i) and:

     (A)(i) does not have actual knowledge that the mate-
     rial or an activity using the material on the system or
     network is infringing;

     (ii) in the absence of such actual knowledge, is not
     aware of facts or circumstances from which infring-
     ing activity is apparent; or

     (iii) upon obtaining such knowledge or awareness,
     acts expeditiously to remove, or disable access to,
     the material;

     (B) does not receive a financial benefit directly
     attributable to the infringing activity, in a case in
     which the service provider has the right and ability
     to control such activity; and

     (C) upon notification of claimed infringement as
     described in paragraph (3), responds expeditiously to
     remove, or disable access to, the material that is
     claimed to be infringing or to be the subject of
     infringing activity.

Section 512(c)(1). As discussed above, Perfect 10 did not pro-
vide CWIE with knowledge or awareness within the standard
                PERFECT 10, INC. v. CCBILL LLC              6561
of § 512(c)(1)(A), and Perfect 10 did not provide notice that
complies with the requirements of § 512(c)(3).

   [21] The remaining question is whether Perfect 10 raises a
genuine issue of material fact that CWIE does not qualify for
safe harbor under § 512(c) because it fails to meet the require-
ments of § 512(c)(1)(B), namely, that a service provider not
receive a direct financial benefit from the infringing activity
if the service provider also has the right and ability to control
the infringing activity.

   [22] Based on the “well-established rule of construction
that where Congress uses terms that have accumulated settled
meaning under common law, a court must infer, unless the
statute otherwise dictates, that Congress means to incorporate
the established meaning of these terms,” Rossi, 391 F.3d at
1004 n.4 (9th Cir. 2004) (quoting Neder v. United States, 527
U.S. 1, 21 (1999)), we hold that “direct financial benefit”
should be interpreted consistent with the similarly-worded
common law standard for vicarious copyright liability. See,
e.g., Ellison, 357 F.3d at 1078 (a vicariously liable copyright
infringer “derive[s] a direct financial benefit from the
infringement and ha[s] the right and ability to supervise the
infringing activity”). Thus, the relevant inquiry is “whether
the infringing activity constitutes a draw for subscribers, not
just an added benefit.” Id. at 1079. In Ellison, the court held
that “no jury could reasonably conclude that AOL received a
direct financial benefit from providing access to the infringing
material” because “[t]he record lacks evidence that AOL
attracted or retained subscriptions because of the infringement
or lost subscriptions because of AOL’s eventual obstruction
of the infringement.” Id.

  [23] In this case, Perfect 10 provides almost no evidence
about the alleged direct financial benefit to CWIE. Perfect 10
only alleges that “CWIE ‘hosts’ websites for a fee.” This alle-
gation is insufficient to show that the infringing activity was
“a draw” as required by Ellison. 357 F.3d at 1079. Further-
6562            PERFECT 10, INC. v. CCBILL LLC
more, the legislative history expressly states that “receiving a
one-time set-up fee and flat, periodic payments for service
from a person engaging in infringing activities would not con-
stitute receiving a ‘financial benefit directly attributable to the
infringing activity.’ ” H.R. Rep., at 54. Perfect 10 has not
raised a genuine issue of material fact that CWIE receives a
direct financial benefit from infringing activity. Because
CWIE does not receive a direct financial benefit, CWIE meets
the requirements of § 512(c).

  [24] If the district court finds that CWIE meets the thresh-
old requirements of § 512(i), CWIE is entitled to safe harbor
under § 512(c).

       II.   COMMUNICATIONS DECENCY ACT

   [25] The Communications Decency Act states that “[n]o
provider or user of an interactive computer service shall be
treated as the publisher or speaker of any information pro-
vided by another information content provider,” and expressly
preempts any state law to the contrary. 47 U.S.C.
§§ 230(c)(1), (e)(3). “The majority of federal circuits have
interpreted the CDA to establish broad ‘federal immunity to
any cause of action that would make service providers liable
for information originating with a third-party user of the ser-
vice.’ ” Almeida v. Amazon.com, Inc., 456 F.3d 1316, 1321
(11th Cir. 2006) (quoting Zeran v. America Online, Inc., 129
F.3d 327, 331 (4th Cir. 1997)); see also Carafano v. Metro-
splash.com, Inc., 339 F.3d 1119, 1122 (9th Cir. 2003) (citing
Batzel v. Smith, 333 F.3d 1018, 1026-27 (9th Cir. 2003)).

   The immunity created by § 230(c)(1) is limited by
§ 230(e)(2), which requires the court to “construe Section
230(c)(1) in a manner that would neither ‘limit or expand any
law pertaining to intellectual property.’ ” Gucci Am., Inc. v.
Hall & Assocs., 135 F. Supp. 2d 409, 413 (S.D.N.Y. 2001)
(quoting § 230(e)(2)). As a result, the CDA does not clothe
                   PERFECT 10, INC. v. CCBILL LLC                       6563
service providers in immunity from “law[s] pertaining to
intellectual property.” See Almeida, 456 F.3d at 1322.

   [26] The CDA does not contain an express definition of
“intellectual property,” and there are many types of claims in
both state and federal law which may—or may not—be char-
acterized as “intellectual property” claims. While the scope of
federal intellectual property law is relatively well-established,
state laws protecting “intellectual property,” however defined,
are by no means uniform. Such laws may bear various names,
provide for varying causes of action and remedies, and have
varying purposes and policy goals. Because material on a
website may be viewed across the Internet, and thus in more
than one state at a time, permitting the reach of any particular
state’s definition of intellectual property to dictate the con-
tours of this federal immunity would be contrary to Con-
gress’s expressed goal of insulating the development of the
Internet from the various state-law regimes. See 47 U.S.C.
§§ 230(a) and (b); see also Batzel, 333 F.3d at 1027 (noting
that “courts construing § 230 have recognized as critical in
applying the statute the concern that lawsuits could threaten
the ‘freedom of speech in the new and burgeoning Internet
medium’ ” (quoting Zeran, 129 F.3d at 330)). In the absence
of a definition from Congress, we construe the term “intellec-
tual property” to mean “federal intellectual property.”5
  5
    In its petition for rehearing, Perfect 10 claims that our decision on this
point conflicts with Universal Communication Systems, Inc. v. Lycos, Inc.,
478 F.3d 413 (1st Cir. 2007). But neither party in that case raised the ques-
tion of whether state law counts as “intellectual property” for purposes of
§ 230 and the court seems to simply have assumed that it does. We thus
create no conflict with Universal Communication.
   We note that Universal Communication demonstrates the difficulties
inherent in allowing state laws to count as intellectual property for CDA
purposes. In that case, the district court struggled with the question of
whether the “trademark dilution” claim brought under Florida Law
counted as intellectual property for purposes of the CDA, and concluded
that it was more like a defamation claim than a trademark claim. Id. at 423
n.7. Rather than decide how to draw the line between defamation and
6564               PERFECT 10, INC. v. CCBILL LLC
Accordingly, CCBill and CWIE are eligible for CDA immu-
nity for all of the state claims raised by Perfect 10.

       III.   DIRECT COPYRIGHT INFRINGEMENT

   “Plaintiffs must satisfy two requirements to present a prima
facie case of direct infringement: (1) they must show owner-
ship of the allegedly infringed material and (2) they must
demonstrate that the alleged infringers violate at least one
exclusive right granted to copyright holders under 17 U.S.C.
§ 106.” Napster, 239 F.3d at 1013. Perfect 10 alleges that
CCBill and CWIE directly infringed its copyrights through its
website, hornybees.com.

  There is a genuine issue of material fact as to the relation-
ship between CCBill/CWIE and hornybees.com. CCBill and
CWIE state that hornybees.com is operated by an entity called
“CCBucks,” and that CCBill and CWIE have no interest in
hornybees.com. However, the hornybees.com website reads:
“Brought to you by CCBill LLC and Cavecreek Web Host-
ing.” The record indicates that Cavecreek Web Hosting may

trademark, the First Circuit held that “because of the serious First Amend-
ment issues that would be raised” if Lycos were found liable, defendant
had not violated the Florida statute. Id. at 423.
   The First Circuit was able to sidestep the question of what counted as
intellectual property on First Amendment grounds. But we cannot do so
here. States have any number of laws that could be characterized as intel-
lectual property laws: trademark, unfair competition, dilution, right of
publicity and trade defamation, to name just a few. Because such laws
vary widely from state to state, no litigant will know if he is entitled to
immunity for a state claim until a court decides the legal issue. And, of
course, defendants that are otherwise entitled to CDA immunity will usu-
ally be subject to the law of numerous states. An entity otherwise entitled
to § 230 immunity would thus be forced to bear the costs of litigation
under a wide variety of state statutes that could arguably be classified as
“intellectual property.” As a practical matter, inclusion of rights protected
by state law within the “intellectual property” exemption would fatally
undermine the broad grant of immunity provided by the CDA.
                 PERFECT 10, INC. v. CCBILL LLC                6565
be CWIE, and that CWIE may be the registrant of horny-
bees.com. Furthermore, the vice president of operations of
both CCBill and CWIE lists CCBucks as being related to
CWIE and CCBill.

   Perfect 10 has also raised a genuine issue of material fact
that hornybees.com has infringed Perfect 10’s copyrights by
posting pictures of a Perfect 10 model’s body with the head
of a celebrity. The declaration provided by Perfect 10’s
founder and president asserting that the photo is that of a Per-
fect 10 model is sufficient evidence to raise a genuine issue
of material fact.

   [27] Because Perfect 10 has raised a triable issue whether
CCBill and CWIE directly infringed Perfect 10 copyrights by
operating hornybees.com, and because the district court did
not address this issue in its order granting summary judgment
in favor of Perfect 10, we remand this issue for a determina-
tion by the district court.6

         IV.    COSTS AND ATTORNEY’S FEES

   The Copyright Act of 1976 permits the district court to
“award a reasonable attorney’s fee to the prevailing party as
part of the costs.” 17 U.S.C. § 505. Fees are proper under this
statute when either successful prosecution or successful
defense of the action furthers the purposes of the Copyright
Act. See Fantasy, Inc. v. Fogerty, 94 F.3d 553, 558 (9th Cir.
1996) (“[A] successful defense of a copyright infringement
action may further the policies of the Copyright Act every bit
as much as a successful prosecution of an infringement claim
by the holder of a copyright.” (quoting Fogerty v. Fantasy,
Inc., 510 U.S. 517, 527 (1994)). As such, prevailing defen-
dants as well as prevailing plaintiffs are eligible for such an
award, and the standards for evaluating whether an award is
  6
  If CCBill and CWIE operate hornybees.com, no immunity for infringe-
ment on that site is available under either the DMCA or the CDA.
6566            PERFECT 10, INC. v. CCBILL LLC
proper are the same regardless of which party prevails.
Fogerty v. Fantasy, Inc., 510 U.S. 517, 534 (1994).

   Thus, the awarding of attorney’s fees is a matter for the dis-
trict court’s discretion. Id. To guide that discretion, the
Supreme Court endorsed the non-exclusive list employed by
the Third Circuit in Lieb v. Topstone Industries, Inc., 788 F.2d
151, 156 (1986) (the so-called “Lieb factors”). Fogerty, 510
U.S. at 534 n.19. The list includes “frivolousness, motivation,
objective unreasonableness (both in the factual and in the
legal components of the case) and the need in particular cir-
cumstances to advance considerations of compensation and
deterrence.” Id.

   [28] The district court made clear in its order denying fees
that it had weighed each of the Lieb factors and validly exer-
cised its discretion to deny defendants’ fees. Defendants argue
that the district judge inadequately considered these factors,
that Perfect 10’s litigation positions were frivolous and merit-
less, and that Perfect 10 is a serial filer of nuisance copyright
claims. Because we reverse in part and remand a substantial
portion of this case to the district court, there is ample support
for the district court’s finding that Perfect 10’s legal claims
are not frivolous or objectively unreasonable. The district
court reasonably found the evidence regarding Perfect 10’s
motivation to be equivocal, and did not abuse its discretion in
weighing the interests of compensation and deterrence and
denying costs and attorney’s fees to defendants.

                        CONCLUSION

   We remand to the district court for a determination of
whether CCBill and CWIE reasonably implemented a policy
under § 512(i)(1)(A) based on its treatment of non-party
copyright holders. Because § 512(i)(1)(A) is a threshold
determination, we remand the remaining issues under § 512
for further proceedings consistent with this opinion.
               PERFECT 10, INC. v. CCBILL LLC            6567
   We remand for further determination of whether horny-
bees.com is owned by CCBill or CWIE, and if so, whether
CCBill or CWIE are directly liable under state or federal law
for its operation.

   The district court’s decision regarding CDA immunity is
affirmed as to the unfair competition and false advertising
claims, and reversed as to the right of publicity claim.

   We affirm the district court’s decision to deny an award of
attorney’s fees and costs to defendants.

  Each party shall bear its own costs on appeal.

 AFFIRMED IN PART, REVERSED IN PART, AND
REMANDED
