
    PERFECT 10, INC., a California corporation, Plaintiff-Appellant, v. CCBILL LLC, a corporation; Cavecreek Wholesale Internet Exchange, a corporation d/b/a CWIE LLC, Defendants-Appellees, and Netpass Systems Inc., a corporation, Defendant. Perfect 10, Inc., a California corporation, Plaintiff-Appellee, v. CCBill LLC, a corporation; Cavecreek Wholesale Internet Exchange, a corporation d/b/a CWIE LLC, Defendants-Appellants, and Netpass Systems Inc., a corporation, Defendant.
    No. 04-57143.
    United States Court of Appeals, Ninth Circuit.
    Argued and Submitted Dec. 4, 2006.
    Filed March 29, 2007.
    
      Daniel J. Cooper, General Counsel, Perfect 10, Inc., Beverly Hills, CA, and Jeffrey N. Mausner, Berman, Mausner & Resser, A Law Corporation, Los Angeles, CA, for the plaintiff-appellant/cross-appel-lee.
    Jay M. Spillane, Fox & Spillane, LLP, Los Angeles, CA, and John P. Flynn, Tiffany & Bosco, P.A., Phoenix, AZ, for the defendants-appellees/cross-appellants.
    Before REINHARDT, KOZINSKI, M. SMITH, JR., Circuit Judges.
   MILAN D. SMITH, JR., Circuit Judge.

Perfect 10, the publisher of an adult entertainment magazine and the owner of the subscription website perfectlO.com, alleges that CCBill and CWIE violated copyright, trademark, and state unfair competition, false advertising and right of publicity laws by providing services to websites that posted images stolen from Perfect 10’s magazine and website. Perfect 10 appeals the district court’s finding that CCBill and CWIE qualified for certain statutory safe harbors from copyright infringement liability under the Digital Millennium Copyright Act (“DMCA”), 17 U.S.C. § 512, and that CCBill and CWIE were immune from liability for state law unfair competition and false advertising claims based on the Communications Decency Act (“CDA”), 47 U.S.C. § 230(c)(1). CCBill and CWIE cross-appeal, arguing that the district court erred in holding that the CDA does not provide immunity against Perfect 10’s right of publicity claims and in denying their requests for costs and attorney’s fees under the Copyright Act.

We have jurisdiction pursuant to 28 U.S.C. § 1291. We affirm in part, reverse in part, and remand.

BACKGROUND

Perfect 10 is the publisher of the eponymous adult entertainment magazine and the owner of the website, perfectl0.com. Perfectl0.com is a subscription site where consumers pay a membership fee in order to gain access to content on the website. Perfect 10 has created approximately 5,000 images of models for display in its website and magazine. Many of the models in these images have signed releases assigning their rights of publicity to Perfect 10. Perfect 10 also holds registered U.S. copyrights for these images and owns several related, registered trademark and service marks.

CWIE provides webhosting and related Internet connectivity services to the owners of various websites. For a fee, CWIE provides “ping, power,' and pipe,” services to their clients by ensuring the “box” or server is on, ensuring power is provided to the server and connecting the client’s service or website to the Internet via a data center connection. CCBill allows consumers to use credit cards or checks to pay for subscriptions or memberships to e-commerce venues.

Beginning August 10, 2001, Perfect 10 sent letters and emails to CCBill and CWIE stating that CCBill and CWIE clients were infringing Perfect 10 copyrights. Perfect 10 directed these communications to Thomas A. Fisher, the designated agent to receive notices of infringement. Fisher is also the Executive Vice-President of both CCBill and CWIE. Representatives of celebrities who are not parties to this lawsuit also sent notices of infringement to CCBill and CWIE. On September 30, 2002, Perfect 10 filed the present action alleging copyright and trademark violations, state law claims of violation of right of publicity, unfair competition, false and misleading advertising, as well as RICO claims.

STANDARDS OF REVIEW

We review a district court’s grant of summary judgment de novo. Rossi v. Motion Picture Ass’n of Am. Inc., 391 F.3d 1000, 1002 (9th Cir.2004). “Viewing the evidence in the light most favorable to the nonmoving party, we must determine whether there are any genuine issues of material fact and whether the district court correctly applied the relevant substantive law.” Leever v. Carson City, 360 F.3d 1014, 1017 (9th Cir.2004). The district court’s interpretations of the Copyright Act, 17 U.S.C. § 101, et seq., are also reviewed de novo. Ellison v. Robertson, 357 F.3d 1072, 1076 (9th Cir.2004).

We review a district court’s decision to grant or deny attorney’s fees under the Copyright Act for abuse of discretion. Columbia Pictures Television, Inc. v. Krypton Broad, of Birmingham, Inc., 259 F.3d 1186, 1197 (9th Cir.2001).

DISCUSSION

I. SECTION 512 SAFE HARBORS

The DMCA established certain safe harbors to “provide protection from liability for: (1) transitory digital network communications; (2) system caching; (3) information residing on systems or networks at the direction of users; and (4) information location tools.” Ellison, 357 F.3d at 1076-77 (citing 17 U.S.C. §§ 512(a)-(d)) (footnotes omitted). These safe harbors limit liability but “do not affect the question of ultimate liability under the various doctrines of direct, vicarious, and contributory liability,” Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F.Supp.2d 1146, 1174 (C.D.Cal.2002) (citing H.R. Rep. 105-551(11), at 50 (1998) (“H.R.Rep.”)), and “nothing in the language of § 512 indicates that the limitation on liability described therein is exclusive.” CoStar Group, Inc. v. LoopNet, Inc., 373 F.3d 544, 552 (4th Cir.2004).

A. Reasonably Implemented Policy: § 512(i)(l)(A)

To be eligible for any of the four safe harbors at §§ 512(a)-(d), a service provider must first meet the threshold conditions set out in § 512(i), including the requirement that the service provider:

[H]as adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat in-fringers.

Section 512(i)(l)(A); Ellison, 357 F.3d at 1080.

? statute does not define “reasonably implemented.” We hold that a service provider “implements” a policy if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications. Ellison, 357 F.3d at 1080 (working notification system required); Corbis Corp. v. Amazon.com, Inc., 351 F.Supp.2d 1090, 1102-03 (W.D.Wash.2004) (must adopt procedure for dealing with notifications); In re Aimster Copyright Litig., 252 F.Supp.2d 634, 659 (N.D.Ill.2002) (policy not implemented if service provider actively blocks collection of information). The statute permits service providers to implement a variety of procedures, but an implementation is reasonable if, under “appropriate circumstances,” the service provider terminates users who repeatedly or blatantly infringe copyright. See 17 U.S.C. § 512(i); Corbis, 351 F.Supp.2d at 1102.

1. “Implementation”

Perfect 10 argues that there is a genuine issue of material fact whether CCBill and CWIE prevented the implementation of their policies by failing to keep track of repeatedly infringing webmasters. The district court found that there was not, and we agree.

In Ellison, Stephen Robertson posted copies of Harlan Ellison’s copyrighted short stories on Internet newsgroups available through USENET servers. 357 F.3d at 1075. Ellison asserted that America Online, Inc. (“AOL”) had infringed his copyright by providing access to the USENET servers. Id. Based on evidence that AOL changed its contact email address for copyright infringement notices from copyright@aol.com to aolcopyright@ aol.com in the fall of 1999, but neglected to register the change with the U.S. Copyright Office until April 2000, we held that the district court erred in concluding on summary judgment that AOL satisfied the requirements of § 512(i). Id. at 1077. Even though Ellison did not learn of the infringing activity until after AOL had notified the U.S. Copyright Office of the correct email address, we found that “AOL allowed notices of potential copyright infringement to fall into a vacuum and go unheeded; that fact is sufficient for a reasonable jury to conclude that AOL had not reasonably implemented its policy against repeat infringers.” Id. at 1080.

Similarly, the Aimster cases hold that a repeat infringer policy is not implemented under § 512(i)(l)(A) if the service provider prevents copyright holders from providing DMCA-compliant notifications. In Aim-ster, the district court held that Aimster did not reasonably implement its stated repeat infringer policy because “the encryption on Aimster renders it impossible to ascertain which users are transferring which files.” 252 F.Supp.2d at 659. The court found that “[a]dopting a repeat in-fringer policy and then purposely eviscerating any hope that such a policy could ever be carried out is not an ‘implementation’ as required by § 512(i).” Id. The Seventh Circuit affirmed, finding that Aim-ster did not meet the requirement of § 512(i)(l)(A) because; in part, “by teaching its users how to encrypt their unlawful distribution of copyrighted materials [Aim-ster] disabled itself from doing anything to prevent infringement.” In re Aimster Copyright Litig., 334 F.3d 643, 655 (7th Cir.2003).

Based on Ellison and the Aimster cases, a substantial failure to record webmasters associated with allegedly infringing websites may raise a genuine issue of material fact as to the implementation of the service provider’s repeat infringer policy. In this case, however, the record does not reflect such a failure. Perfect 10 references a single page from CCBill and CWIE’s “DMCA Log.” Although this page shows some empty fields in the spreadsheet column labeled “Webmasters [sic] Name,” Perfect 10’s conclusion that the DMCA Log thus “does not reflect any effort to track notices of infringements received by webmaster identity” is not supported by evidence in the record. The remainder of the DMCA Log indicates that the email address and/or name of the webmaster is routinely recorded in CCBill and CWIE’s DMCA Log. CCBill’s interrogatory responses dated December 11, 2003 also contain a chart indicating that CCBill and CWIE largely kept track of the webmaster for each website.

Unlike Ellison and Aimster, where the changed email address and the encryption system ensured that no information about the repeat infringer was collected, it is undisputed that CCBill and CWIE recorded most webmasters. The district court properly concluded that the DMCA Log does not raise a triable issue of fact that CCBill and CWIE did not implement a repeat infringer policy.

2. Reasonableness

A service provider reasonably implements its repeat infringer policy if it terminates users when “appropriate.” See Corbis, 351 F.Supp.2d at 1104. Section 512(i) itself does not clarify when it is “appropriate” for service providers to act. It only requires that a service provider terminate users who are “repeat infringers.”

To identify and terminate repeat infringers, a service provider need not affirmatively police its users for evidence of repeat infringement. Section 512(c) states that “[a] service provider shall not be liable for monetary relief’ if it does not know of infringement. A service provider is also not liable under § 512(c) if it acts “expeditiously to remove, or disable access to, the material” when it (1) has actual knowledge, (2) is aware of facts or circumstances from which infringing activity is apparent, or (3) has received notification of claimed infringement meeting the requirements of § 512(c)(3). Were we to require service providers to terminate users under circumstances other than those specified in § 512(c), § 512(c)’s grant of immunity would be meaningless. This interpretation of the statute is supported by legislative history. See H.R. Rep., at 61 (Section 512(i) is not intended “to undermine the ... knowledge standard of [§ 512](e).”).

Perfect 10 claims that CCBill and CWIE unreasonably implemented their repeat in-fringer policies by tolerating flagrant and blatant copyright infringement by its users despite notice of infringement from Perfect 10, notice of infringement from copyright holders not a party to this litigation and “red flags” of copyright infringement.

a. Perfect 10’s Claimed Notice of Infringement

Perfect 10 argues that CCBill and CWIE implemented their repeat infringer policy in an unreasonable manner because CCBill and CWIE received notices of infringement from Perfect 10, and yet the infringement identified in these notices continued. The district court found that Perfect 10 did not provide notice that substantially complied with the requirements of § 512(c)(3), and thus did not raise a genuine issue of material fact as to whether CCBill and CWIE reasonably implemented their repeat infringer policy. We agree.

Compliance is not “substantial” if the notice provided complies with only some of the requirements of § 512(c)(3)(A). Section 512(c)(3)(B)(ii) explains that a service provider will not be deemed to have notice of infringement when “the notification that is provided to the service provider’s designated agent fails to comply substantially with all the provisions of subparagraph (A) but substantially complies with clauses (ii), (in), and (iv) of subparagraph (A)” so long as the service provider responds to the inadequate notice and explains the requirements for substantial compliance. The statute thus signals that substantial compliance means substantial compliance with all of § 512(c)(3)’s clauses, not just some of them. See H.R. Rep., at 56 (A communication substantially complies even if it contains technical errors such as misspellings or outdated information.). See also Recording Indus. Ass’n of Am., Inc. v. Verizon Internet Servs., Inc., 351 F.3d 1229, 1236 (D.C.Cir.2003) (citing H.R. Rep., at 56).

Perfect 10 claims that it met the requirements of § 512(c)(3) through a combination of three sets of documents. The first set of documents is a 22,185 page bates-stamped production on October 16, 2002 that includes pictures with URLs of Perfect 10 models allegedly posted on CCBill or CWIE client websites. The October 16, 2002 production did not contain a statement under penalty of perjury that the complaining party was authorized to act, as required by § 512(c)(3)(A)(vi). The second set of documents was also not sworn to, and consisted of a spreadsheet emailed to Fisher on July 14, 2003 identifying the Perfect 10 models in the October 16, 2002 production by bates number. On December 2, 2003, Perfect 10 completed interrogatory responses which were signed under penalty of perjury. These responses incorporated the July 14, 2003 spreadsheet by reference.

Taken individually, Perfect 10’s communications do not substantially comply with the requirements of § 512(c)(3). Each communication contains more than mere technical errors; often one or more of the required elements are entirely absent. See Perfect 10, Inc. v. CCBill, LLC, 340 F.Supp.2d 1077, 1100-01 (C.D.Cal.2004) (“Order”). In order to substantially comply with § 512(c)(3)’s requirements, a notification must do more than identify infringing files. The DMCA requires a complainant to declare, under penalty of perjury, that he is authorized to represent the copyright holder, and that he has a good-faith belief that the use is infringing. This requirement is not superfluous. Accusations of alleged infringement have drastic consequences: A user could have content removed, or may have his access terminated entirely. If the content infringes, justice has been done. But if it does not, speech protected under the First Amendment could be removed. We therefore do not require a service provider to start potentially invasive proceedings if the complainant is unwilling to state under penalty of perjury that he is an authorized representative of the copyright owner, and that he has a good-faith belief that the material is unlicensed.

Permitting a copyright holder to cobble together adequate notice from separately defective notices also unduly burdens service providers. Indeed, the text of § 512(c)(3) requires that the notice be “a written communication.” (Emphasis added). Again, this requirement is not a mere technicality. It would have taken Fisher substantial time to piece together the relevant information for each instance of claimed infringement. To do so, Fisher would have to first find the relevant line in the spreadsheet indicating ownership information, then comb the 22,185 pages provided by Perfect 10 in order to find the appropriate image, and finally copy into a browser the location printed at the top of the page&emdash;a location which was, in some instances, truncated. The DMCA notification procedures place the burden of policing copyright infringement&emdash;identifying the potentially infringing material and adequately documenting infringement&emdash; squarely on the owners of the copyright. We decline to shift a substantial burden from the copyright owner to the provider; Perfect 10’s separate communications are inadequate.

Since Perfect 10 did not provide effective notice, knowledge of infringement may not be imputed to CCBill or CWIE based on Perfect 10’s communications. Perfect 10’s attempted notice does not raise a genuine issue of material fact that CCBill and CWIE failed to reasonably implement a repeat infringer policy within the meaning of § 512(i)(l)(A).

b. Non-Party Notices

Perfect 10 also cites to notices of infringement by other copyright holders, and argues that CCBill and CWIE did not reasonably implement their repeat infringer policies because they continued to provide services for websites that infringed non-party copyrights. The district court expressly declined to consider evidence of notices provided by any party other than Perfect 10 on the basis that these notices were irrelevant to Perfect 10’s claims. We disagree.

CCBill and CWIE’s actions towards copyright holders who are not a party to the litigation are relevant in determining whether CCBill and CWIE reasonably implemented their repeat infringer policy. Section 512(i)(l)(A) requires an assessment of the service provider’s “policy,” not how the service provider treated a particular copyright holder. See Ellison, 357 F.3d at 1080 (AOL’s repeat infringer policy was not reasonably implemented because copyright holders other than Ellison could have attempted to notify AOL during the time that AOL’s email address was incorrectly listed.). Thus, CCBill and CWIE’s response to adequate non-party notifications is relevant in determining whether they reasonably implemented their policy against repeat infringers.

A policy is unreasonable only if the service provider failed to respond when it had knowledge of the infringement. The district court in this case did not consider any evidence relating to copyright holders other than Perfect 10. We remand for determination of whether CCBill and/or CWIE implemented its repeat infringer policy in an unreasonable manner with respect to any copyright holder other than Perfect 10.

c. Apparent Infringing Activity

In importing the knowledge standards of § 512(c) to the analysis of whether a service provider reasonably implemented its § 512(i) repeat infringer policy, Congress also imported the “red flag” test of § 512(c)(l)(A)(ii). Under this section, a service provider may lose immunity if it fails to take action with regard to infringing material when it is “aware of facts or circumstances from which infringing activity is apparent.” § 512(c)(l)(A)(ii). Notice that fails to substantially comply with § 512(c)(3), however, cannot be deemed to impart such awareness. §§ 512(c)(3)(B)(i) & (ii).

Perfect 10 alleges that CCBill and CWIE were aware of a number of “red flags” that signaled apparent infringement. Because CWIE and CCBill provided services to “illegal.net” and “stolencelebrityp-ics.com,” Perfect 10 argues that they must have been aware of apparent infringing activity. We disagree. When a website traffics in pictures that are titillating by nature, describing photographs as “illegal” or “stolen” may be an attempt to increase their salacious appeal, rather than an admission that the photographs are actually illegal or stolen. We do not place the burden of determining whether photographs are actually illegal on a service provider.

Perfect 10 also argues that a disclaimer posted on illegal.net made it apparent that infringing activity had taken place. Perfect 10 alleges no facts showing that CWIE and CCBill were aware of that disclaimer, and, in any event, we disagree that the disclaimer made infringement apparent. The disclaimer in question stated: “The copyrights of these files remain the creator’s. I do not claim any rights to these files, other than the right to post them.” Contrary to Perfect 10’s assertion, this disclaimer is not a “red flag” of infringement. The disclaimer specifically states that the webmaster has the right to post the files.

In addition, Perfect 10 argues that password-hacking websites, hosted by CWIE, also obviously infringe. While such sites may not directly infringe on anyone’s copyright, they may well contribute to such infringement. The software provided by Grokster in Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 125 S.Ct. 2764, 162 L.Ed.2d 781 (2005), also did not itself infringe, but did enable users to swap infringing files. Grokster held that “instructing [users] how to engage in an infringing use” could constitute contributory infringement. Id. at 936, 125 S.Ct. 2764. Similarly, providing passwords that enable users to illegally access websites with copyrighted content may well amount to contributory infringement.

However, in order for a website to qualify as a “red flag” of infringement, it would need to be apparent that the website instructed or enabled users to infringe another’s copyright. See A & M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1013 n. 2 (9th Cir.2001). We find that the burden of determining whether passwords on a website enabled infringement is not on the service provider. The website could be a hoax, or out of date. The owner of the protected content may have supplied the passwords as a short-term promotion, or as an attempt to collect information from unsuspecting users. The passwords might be provided to help users maintain anonymity without infringing on copyright. There is simply no way for a service provider to conclude that the passwords enabled infringement without trying the passwords, and verifying that they enabled illegal access to copyrighted material. We impose no such investigative duties on service providers. Password-hacking websites are thus not per se “red flags” of infringement.

Perfect 10 also alleges that “red flags” raised by third parties identified repeat infringers who were not terminated. Because the district court did not consider potential red flags raised by third parties, we remand to the district court to determine whether third-party notices made CCBill and CWIE aware that it provided services to repeat infringers, and if so, whether they responded appropriately.

B. Standard Technical Measures: § 512(i)(l)(B)

Under § 512(i)(l)(B), a service provider that interferes with “standard technical measures” is not entitled to the safe harbors at §§ 512(a)-(d). “Standard technical measures” refers to a narrow group of technology-based solutions to online copyright infringement:

[T]he term “standard technical measures” means technical measures that are used by copyright owners to identify or protect copyrighted works and&emdash;
(A) have been developed pursuant to a broad consensus of copyright owners and service providers in an open, fair, voluntary, multi-industry standards process;
(B) are available to any person on reasonable and nondiscriminatory terms; and
(C) do not impose substantial costs on service providers or substantial burdens on their systems or networks.

§ 512(i)(2). Perfect 10 argues that CCBill does not qualify for any safe harbor because it interfered with “standard technical measures” by blocking Perfect 10’s access to CCBill affiliated websites in order to prevent Perfect 10 from discovering whether those websites infringed Perfect 10 copyrights.

There are two disputed facts here.

We are unable to determine on this record whether accessing websites is a standard technical measure, which was “developed pursuant to a broad consensus of copyright owners and service providers in an open, fair, voluntary, multi-industry standards process.” § 512(i)(2)(A). We thus remand to the district court to determine whether access to a website is a “standard technical measure,” and if so, whether CCBill interfered with that access.

If allowing access is a standard technical measure, CCBill claims it only blocked Perfect 10’s credit card because Perfect 10 had previously reversed charges for subscriptions; Perfect 10 insists it did so in order to prevent Perfect 10 from identifying infringing content. If CCBill is correct, Perfect 10’s method of identifying infringement&emdash;forcing CCBill to pay the fines and fees associated with chargebacks&emdash;may well impose a substantial cost on CCBill. If not, CCBill may well have interfered with Perfect 10’s efforts to police the websites in question for possible infringements. Because there are disputed issues of material fact, we remand to the district court for a determination of whether CCBill’s refusal to process Perfect 10’s transactions interfered with a “standard technical measure” for identifying infringement.

C. Transitory Digital Network Communications: § 512(a)

Section 512(a) provides safe harbor for service providers who act as conduits for infringing content. In order to qualify for the safe harbor of § 512(a), a party must be a service provider under a more restrictive definition than applicable to the other safe harbors provided under § 512:

As used in subsection (a), the term “service provider” means an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received.

Section 512(k)(l)(A). The district court held that CCBill met the requirements of § 512(k)(l)(A) by “provid[ing] a connection to the material on its clients’ websites through a system which it operates in order to provide its clients with billing services.” Order at 1102. We reject Perfect 10’s argument that CCBill is not eligible for immunity under § 512(a) because it does not itself transmit the infringing material. A service provider is “an entity offering the transmission, routing, or providing of connections for digital online communications.” § 512(k)(l)(A). There is no requirement in the statute that the communications must themselves be infringing, and we see no reason to import such á requirement. It would be perverse to hold a service provider immune for transmitting information that was infringing on its face, but find it contributorily liable for transmitting information that did not infringe.

Section 512(a) provides a broad grant of immunity to service providers whose connection with the material is transient. When an individual clicks on an Internet link, his computer sends a request for the information. The company receiving that request sends that request on to another computer, which sends it on to another. After a series of such transmissions, the request arrives at the computer that stores the information. The requested information is then returned in milliseconds, not necessarily along the same path. In passing the information along, each intervening computer makes a short-lived copy of the data. A short time later, the information is displayed on the user’s computer.

Those intervening computers provide transient connections among users. The Internet as we know it simply cannot exist if those intervening computers must block indirectly infringing content. We read § 512(a)’s grant of immunity exactly as it is written: Service providers are immune for transmitting all digital online communications, not just those that directly infringe. ■

CCBill transmits credit card information and proof of payment, both of which are “digital online communications.” However, we have little information as to how CCBill sends the payment it receives to its account holders. It is unclear whether such payment is a digital communication, transmitted -without modification to the content of the material, or transmitted often enough that CCBill is only a transient holder. On the record before us, we cannot conclude that CCBill is a service provider under § 512(a). Accordingly, we remand to the district court for further consideration the issue of whether CCBill meets the requirements of § 512(a).

D. Information Location Tools: § 512(d)

After CCBill processes a consumer’s credit card and issues a password granting access to a client website, CCBill displays a hyperlink so that the user may access the client website. CCBill argues that, it falls under the safe harbor of § 512(d) by displaying this hyperlink at the conclusion of the consumer transaction. We disagree. Section 512(d) reads:

A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the provider referring or linking users to an online location containing infringing material or infringing activity, by using information location tools, including a directory, index, reference, pointer, or hypertext link.

Even if the hyperlink provided by CCBill could be viewed as an “information location tool,” the majority of CCBill’s functions would remain outside of the safe harbor of § 512(d). Section 512(d) provides safe harbor only for “infringement of copyright by reason of the provider referring or linking users to an online location containing infringing material or infringing activity.” (Emphasis added). Perfect 10 does not claim that CCBill infringed its copyrights by providing a hyperlink; rather, Perfect 10 alleges infringement through CCBill’s performance of other business services for these websites. Even if CCBill’s provision of a hyperlink is immune under § 512(n), CCBill does not receive blanket immunity for its other services.

E. Information Residing on Systems or Networks at the Direction of Users: § 512(c)

Section 512(c) “limits the liability of qualifying service providers for claims of direct, vicarious, and contributory infringement for storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider.” H.R. Rep., at 53. A service provider qualifies for safe harbor under § 512(c) if it meets the requirements of § 512(i) and:

(A)(i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;
(ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or
(iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;
(B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; and
(C) upon notification of claimed infringement as described in paragraph (3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.

Section 512(c)(1). As discussed above, Perfect 10 did not provide CWIE with knowledge or awareness within the standard of § 512(c)(1)(A), and Perfect 10 did not provide notice that complies with the requirements of § 512(c)(3).

The remaining question is whether Perfect 10 raises a genuine issue of material fact that CWIE does not qualify for safe harbor under § 512(c) because it fails to meet the requirements of § 512(c)(1)(B), namely, that a service provider not receive a direct financial benefit from the infringing activity if the service provider also has the right and ability to control the infringing activity.

Based on the “well-established rule of construction that where Congress uses terms that have accumulated settled meaning under common law, a court must infer, unless the statute otherwise dictates, that Congress means to incorporate the established meaning of these terms,” Rossi 391 F.3d at 1004 n. 4 (9th Cir.2004) (quoting Neder v. United States, 527 U.S. 1, 21, 119 S.Ct. 1827, 144 L.Ed.2d 35 (1999)), we hold that “direct financial benefit” should be interpreted consistent with the similarly-worded common law standard for vicarious copyright liability. See, e.g., Ellison, 357 F.3d at 1078 (a vicariously liable copyright infringer “derive[s] a direct financial benefit from the infringement and ha[s] the right and ability to supervise the infringing activity”). Thus, the relevant inquiry is “whether the infringing activity constitutes a draw for subscribers, not just an added benefit.” Id. at 1079. In Ellison, the court held that “no jury could reasonably conclude that AOL received a direct financial benefit from providing access to the infringing material” because “[t]he record lacks evidence that AOL attracted or retained subscriptions because of the infringement or lost subscriptions because of AOL’s eventual obstruction of the infringement.” Id.

In this case, Perfect 10 provides almost no evidence about the alleged direct financial benefit to CWIE. Perfect 10 only alleges that “CWIE ‘hosts’ websites for a fee.” This allegation is insufficient to show that the infringing activity was “a draw” as required by Ellison. 357 F.3d at 1079. Furthermore, the legislative history expressly states that “receiving a one-time set-up fee and flat, periodic payments for service from a person engaging in infringing activities would not constitute receiving a ‘financial benefit directly attributable to the infringing activity.’ ” H.R. Rep., at 54. Perfect 10 has not raised a genuine issue of material fact that CWIE receives a direct financial benefit from infringing activity. Because CWIE does not receive a direct financial benefit, CWIE meets the requirements of § 512(c).

If the district court finds that CWIE meets the threshold requirements of § 512(i), CWIE is entitled to safe harbor under § 512(c).

II. COMMUNICATIONS DECENCY ACT

The Communications Decency Act states that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider,” and expressly preempts any state law to the contrary. 47 U.S.C. §§ 230(c)(1), (e)(3). “The majority of federal circuits have interpreted the CDA to establish broad ‘federal immunity to any cause of action that would make service providers liable for information originating with a third-party user of the service.’ ” Almeida v. Amazon.com, Inc., 456 F.3d 1316, 1321 (11th Cir.2006) (quoting Zeran v. America Online, Inc., 129 F.3d 327, 331 (4th Cir.1997)); see also Carafano v. Metrosplash.com, Inc., 339 F.3d 1119, 1122 (9th Cir.2003) (citing Batzel v. Smith, 333 F.3d 1018, 1026-27 (9th Cir.2003)).

The immunity created by § 230(c)(1) is limited by § 230(e)(2), which requires the court to “construe Section 230(c)(1) in a manner that would neither ‘limit or expand any law pertaining to intellectual property.’ ” Gucci Am., Inc. v. Hall & Assocs., 135 F.Supp.2d 409, 413 (S.D.N.Y.2001) (quoting § 230(e)(2)). As a result, the CDA does not clothe service providers in immunity from “law[s] pertaining to intellectual property.” See Almeida, 456 F.3d at 1322.

The CDA does not contain an express definition of “intellectual property,” and there are many types of claims in both state and federal law which may — or may not — be characterized as “intellectual property” claims. While the scope of federal intellectual property law is relatively well-established, state laws protecting “intellectual property,” however defined, are by no means uniform. Such laws may bear various names, provide for varying causes of action and remedies, and have varying purposes and policy goals. Because material on a website may be viewed across the Internet, and thus in more than one state at a time, permitting the reach of any particular state’s definition of intellectual property to dictate the contours of this federal immunity would be contrary to Congress’s expressed goal of insulating the development of the Internet from the various state-law regimes. See 47 U.S.C. §§ 230(a) and (b); see also Batzel, 333 F.3d at 1027 (noting that “courts construing § 230 have recognized as critical in applying the statute the concern that lawsuits could threaten the ‘freedom of speech in the new and burgeoning Internet medium’ ” (quoting Zeran, 129 F.3d at 330)). In the absence of a definition from Congress, we construe the term “intellectual property” to mean “federal intellectual property.” Accordingly, CCBill and CWIE are eligible for CDA immunity for all of the state claims raised by Perfect 10.

III. DIRECT COPYRIGHT INFRINGEMENT

“Plaintiffs must satisfy two requirements to present a prima facie case of direct infringement: (1) they must show ownership of the allegedly infringed material and (2) they must demonstrate that the alleged infringers violate at least one exclusive right granted to copyright holders under 17 U.S.C. § 106.” Napster, 239 F.3d at 1013. Perfect 10 alleges that CCBill and CWIE directly infringed its copyrights through its website, horny-bees.com.

There is a genuine issue of material fact as to the relationship between CCBill/ CWIE and hornybees.com. CCBill and CWIE state that hornybees.com is operated by an entity called “CCBucks,” and that CCBill and CWIE have no interest in hor-nybees.com. However, the hornybees.com website reads: “Brought to you by CCBill LLC and Cavecreek Web Hosting.” The record indicates that Cavecreek Web Hosting may be CWIE, and that CWIE may be the registrant of hornybees.com. Furthermore, the vice president of operations of both CCBill and CWIE lists CCBucks as being related to CWIE and CCBill.

Perfect 10 has also raised a genuine issue of material fact that horny-bees.com has infringed Perfect 10’s copyrights by posting pictures of a Perfect 10 model’s body with the head of a celebrity. The declaration provided by Perfect 10’s founder and president asserting that the photo is that of a Perfect 10 model is sufficient evidence to raise a genuine issue of material fact.

Because Perfect 10 has raised a triable issue whether CCBill and CWIE directly infringed Perfect 10 copyrights by operating hornybees.com, and because the district court did not address this issue in its order granting summary judgment in favor of Perfect 10, we remand this issue for a determination by the district court.

IV. COSTS AND ATTORNEY’S FEES

The Copyright Act of 1976 permits the district court to “award a reasonable attorney’s fee to the prevailing party as part of the costs.” 17 U.S.C. § 505. Fees are proper under this statute when either successful prosecution or successful defense of the action furthers the purposes of the Copyright Act. See Fanta sy, Inc. v. Fogerty, 94 F.3d 553, 558 (9th Cir.1996) (“[A] successful defense of a copyright infringement action may further the policies of the Copyright Act every bit as much as a successful prosecution of an infringement claim by the holder of a copyright.”) (quoting Fogerty v. Fantasy, Inc., 510 U.S. 517, 527, 114 S.Ct. 1023, 127 L.Ed.2d 455 (1994)). As such, prevailing defendants as well as prevailing plaintiffs are eligible for such an award, and the standards for evaluating whether an award is proper are the same regardless of which party prevails. Fogerty v. Fantasy, Inc., 510 U.S. 517, 534, 114 S.Ct. 1023, 127 L.Ed.2d 455 (1994).

Thus, the awarding of attorney’s fees is a matter for the district court’s discretion. Id. To guide that discretion, the Supreme Court endorsed the non-exclusive list employed by the Third Circuit in Lieb v. Topstone Industries, Inc., 788 F.2d 151, 156 (1986) (the so-called “Lieb factors”). Fogerty, 510 U.S. at 534 n. 19, 114 S.Ct. 1023. The list includes “frivolousness, motivation, objective unreasonableness (both in the factual and in the legal components of the case) and the need in particular circumstances to advance considerations of compensation and deterrence.” Id.

The district court made clear in its order denying fees that it had weighed each of the Lieb factors and validly exercised its discretion to deny defendants’ fees. Defendants argue that the district judge inadequately considered these factors, that Perfect 10’s litigation positions were frivolous and meritless, and that Perfect 10 is a serial filer of nuisance copyright claims. Because we reverse in part and remand a substantial portion of this case to the district court, there is ample support for the district court’s finding that Perfect 10’s legal claims are not frivolous or objectively unreasonable. The district court reasonably found the evidence regarding Perfect 10’s motivation to be equivocal, and did not abuse its discretion in weighing the interests of compensation and deterrence and denying costs and attorney’s fees to defendants.

CONCLUSION

We remand to the district court for a determination of whether CCBill and CWIE reasonably implemented a policy under § 512(i)(l)(A) based on its treatment of non-party copyright holders. Because § 512(i)(l)(A) is a threshold determination, we remand the remaining issues under § 512 for further proceedings consistent with this opinion.

We remand for further determination of whether hornybees.com is owned by CCBill or CWIE, and if so, whether CCBill or CWIE are directly liable under state or federal law for its operation.

The district court’s decision regarding CDA immunity is affirmed as to the unfair competition and false advertising claims, and reversed as to the right of publicity claim.

We affirm the district court’s decision to deny an award of attorney’s fees and costs to defendants.

Each party shall bear its own costs on appeal.

AFFIRMED IN PART, REVERSED IN PART, AND REMANDED 
      
      . The relevant portions of H.R. Rep. 105-551(11) (1998) and S. Rep. 105-190 (1998) are largely identical. We cite to H.R. Rep. for purposes of consistency.
     
      
      . Section 512(c)(3) reads:
      (A) To be effective under this subsection, a notification of claimed infringement must be a written communication provided to the designated agent of a service provider that includes substantially the following:
      (i) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
      (ii) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.
      (iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material.
      (iv) Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.
      (v) A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
      (vi) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
     
      
      . We do not read the Fourth Circuit’s holding in ALS Scan, Inc. v. RemarQ Communities, Inc., 239 F.3d 619, 625 (4th Cir.2001), as holding that only location information is required for substantial compliance with the terms of § 512(c)(3).
     
      
      . Perfect 10's argument that its initial notice substantially complied with the DMCA's notice requirements because Fisher, the recipient of that notice, admitted that he could have found the infringing photographs on the basis of the October 16, 2002, bates-stamped production, is thus beside the point. Without the predicate certification under penalty of perjury, Fisher would have had no reason to go looking for the photographs.
     
      
      . If CCBill and CWIE operate hornybees.com, no immunity for infringement on that site is available under either the DMCA or the CDA.
     