`UNITED STATES COURT OF APPEALS
`FOR THE NINTH CIRCUIT
`
`
`
`PERFECT 10, INC., a California
`corporation,
`
`Plaintiff-Appellant,
`v.
`CCBILL LLC, a corporation;
`CAVECREEK WHOLESALE INTERNET
`EXCHANGE, a corporation d/b/a
`CWIE LLC,
`
`Defendants-Appellees,
`and
`NETPASS SYSTEMS INC., a
`corporation,
`
`Defendant.
`
`
`
`PERFECT 10, INC., a California
`corporation,
`
`Plaintiff-Appellee,
`v.
`CCBILL LLC, a corporation;
`CAVECREEK WHOLESALE INTERNET
`EXCHANGE, a corporation d/b/a
`CWIE LLC,
`
`Defendants-Appellants,
`and
`NETPASS SYSTEMS INC., a
`corporation,
`
`Defendant.
`
`3551
`
`No. 04-57143
`D.C. No.
`CV-02-07624-LGB
`
`No. 04-57207
`D.C. No.
`CV-02-07624-LGB
`OPINION
`
`(cid:252)
`(cid:253)
`(cid:254)
`(cid:252)
`(cid:253)
`(cid:254)
`
`
`3552
`
`PERFECT 10, INC. v. CCBILL LLC
`
`Appeal from the United States District Court
`for the Central District of California
`Lourdes G. Baird, District Judge, Presiding
`
`Argued and Submitted
`December 4, 2006—Pasadena, California
`
`Filed March 29, 2007
`
`Before: Stephen Reinhardt, Alex Kozinski,
`Milan D. Smith, Jr., Circuit Judges.
`
`Opinion by Judge Milan D. Smith, Jr.
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3557
`
`COUNSEL
`
`Daniel J. Cooper, General Counsel, Perfect 10, Inc., Beverly
`Hills, California, and Jeffrey N. Mausner, Berman, Mausner
`& Resser, A Law Corporation, Los Angeles, California, for
`the plaintiff-appellant/cross-appellee.
`
`Jay M. Spillane, Fox & Spillane, LLP, Los Angeles, Califor-
`nia, and John P. Flynn, Tiffany & Bosco, P.A., Phoenix, Ari-
`zona, for the defendants-appellees/cross-appellants.
`
`OPINION
`
`MILAN D. SMITH, JR., Circuit Judge:
`
`Perfect 10, the publisher of an adult entertainment maga-
`zine and the owner of the subscription website perfect10.com,
`alleges that CCBill and CWIE violated copyright, trademark,
`and state unfair competition, false advertising and right of
`publicity laws by providing services to websites that posted
`images stolen from Perfect 10’s magazine and website. Per-
`fect 10 appeals the district court’s finding that CCBill and
`CWIE qualified for certain statutory safe harbors from copy-
`right infringement liability under the Digital Millennium
`Copyright Act (“DMCA”), 17 U.S.C. § 512, and that CCBill
`and CWIE were immune from liability for state law unfair
`competition and false advertising claims based on the Com-
`munications Decency Act (“CDA”), 47 U.S.C. § 230(c)(1).
`CCBill and CWIE cross-appeal, arguing that the district court
`erred in holding that the CDA does not provide immunity
`against Perfect 10’s right of publicity claims and in denying
`
`
`
`3558
`
`PERFECT 10, INC. v. CCBILL LLC
`
`their requests for costs and attorney’s fees under the Copy-
`right Act.
`
`We have jurisdiction pursuant to 28 U.S.C. § 1291. We
`affirm in part, reverse in part, and remand.
`
`BACKGROUND
`
`Perfect 10 is the publisher of the eponymous adult enter-
`tainment magazine and the owner of the website, per-
`fect10.com. Perfect10.com is a subscription site where
`consumers pay a membership fee in order to gain access to
`content on the website. Perfect 10 has created approximately
`5,000 images of models for display in its website and maga-
`zine. Many of the models in these images have signed
`releases assigning their rights of publicity to Perfect 10. Per-
`fect 10 also holds registered U.S. copyrights for these images
`and owns several related, registered trademark and service
`marks.
`
`CWIE provides webhosting and related Internet connectiv-
`ity services to the owners of various websites. For a fee,
`CWIE provides “ping, power, and pipe,” services to their cli-
`ents by ensuring the “box” or server is on, ensuring power is
`provided to the server and connecting the client’s service or
`website to the Internet via a data center connection. CCBill
`allows consumers to use credit cards or checks to pay for sub-
`scriptions or memberships to e-commerce venues.
`
`Beginning August 10, 2001, Perfect 10 sent letters and
`emails to CCBill and CWIE stating that CCBill and CWIE
`clients were infringing Perfect 10 copyrights. Perfect 10
`directed these communications to Thomas A. Fisher, the des-
`ignated agent to receive notices of infringement. Fisher is also
`the Executive Vice-President of both CCBill and CWIE. Rep-
`resentatives of celebrities who are not parties to this lawsuit
`also sent notices of infringement to CCBill and CWIE. On
`September 30, 2002, Perfect 10 filed the present action alleg-
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3559
`
`ing copyright and trademark violations, state law claims of
`violation of right of publicity, unfair competition, false and
`misleading advertising, as well as RICO claims.
`
`STANDARDS OF REVIEW
`
`We review a district court’s grant of summary judgment de
`novo. Rossi v. Motion Picture Ass’n of Am. Inc., 391 F.3d
`1000, 1002 (9th Cir. 2004). “Viewing the evidence in the light
`most favorable to the nonmoving party, we must determine
`whether there are any genuine issues of material fact and
`whether the district court correctly applied the relevant sub-
`stantive law.” Leever v. Carson City, 360 F.3d 1014, 1017
`(9th Cir. 2004). The district court’s interpretations of the
`Copyright Act are also reviewed de novo. Ellison v. Robert-
`son, 357 F.3d 1072, 1076 (9th Cir. 2004).
`
`We review a district court’s decision to grant or deny attor-
`ney’s fees under the Copyright Act for abuse of discretion.
`Columbia Pictures Television, Inc. v. Krypton Broad. of Bir-
`mingham, Inc., 259 F.3d 1186, 1197 (9th Cir. 2001).
`
`DISCUSSION
`
`I. SECTION 512 SAFE HARBORS
`
`[1] The DMCA established certain safe harbors to “provide
`protection from liability for: (1) transitory digital network
`communications; (2) system caching; (3) information residing
`on systems or networks at the direction of users; and (4) infor-
`mation location tools.” Ellison, 357 F.3d at 1076-77 (citing 17
`U.S.C. §§ 512(a)-(d)) (footnotes omitted). These safe harbors
`limit liability but “do not affect the question of ultimate liabil-
`ity under the various doctrines of direct, vicarious, and con-
`tributory liability,” Perfect 10, Inc. v. Cybernet Ventures, Inc.,
`213 F. Supp. 2d 1146, 1174 (C.D. Cal. 2002) (citing H.R.
`Rep. 105-551 (II), at 50 (1998) (“H.R. Rep.”),1 and “nothing
`
`1The relevant portions of H.R. Rep. 105-551 (II) (1998) and S. Rep.
`105-190 (1998) are largely identical. We cite to H.R. Rep. for purposes of
`consistency.
`
`
`
`3560
`
`PERFECT 10, INC. v. CCBILL LLC
`
`in the language of § 512 indicates that the limitation on liabil-
`ity described therein is exclusive.” CoStar Group, Inc. v.
`LoopNet, Inc., 373 F.3d 544, 552 (4th Cir. 2004).
`
`A. Reasonably Implemented Policy: § 512(i)(1)(A)
`
`[2] To be eligible for any of the four safe harbors at
`§§ 512(a)-(d), a service provider must first meet the threshold
`conditions set out in § 512(i), including the requirement that
`the service provider:
`
`[H]as adopted and reasonably implemented, and
`informs subscribers and account holders of the ser-
`vice provider’s system or network of, a policy that
`provides for the termination in appropriate circum-
`stances of subscribers and account holders of the ser-
`vice provider’s system or network who are repeat
`infringers.
`
`Section 512(i)(1)(A); Ellison, 357 F.3d at 1080.
`
`[3] The statute does not define “reasonably implemented.”
`We hold that a service provider “implements” a policy if it
`has a working notification system, a procedure for dealing
`with DMCA-compliant notifications, and if it does not
`actively prevent copyright owners from collecting information
`needed to issue such notifications. Ellison, 357 F.3d at 1080
`(working notification system required); Corbis Corp. v. Ama-
`zon.com, Inc., 351 F. Supp. 2d 1090, 1102-03 (W.D. Wash.
`2004) (must adopt procedure for dealing with notifications);
`In re Aimster Copyright Litig., 252 F. Supp. 2d 634, 659
`(N.D. Ill. 2002) (policy not implemented if service provider
`actively blocks collection of information). The statute permits
`service providers to implement a variety of procedures, but an
`implementation is reasonable if, under “appropriate circum-
`stances,” the service provider terminates users who repeatedly
`or blatantly infringe copyright. See 17 U.S.C. § 512(i); Cor-
`bis, 351 F. Supp. 2d at 1102.
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3561
`
`1. “Implementation”
`
`Perfect 10 argues that there is a genuine issue of material
`fact whether CCBill and CWIE prevented the implementation
`of their policies by failing to keep track of repeatedly infring-
`ing webmasters. The district court found that there was not,
`and we agree.
`
`In Ellison, Stephen Robertson posted copies of Harlan Elli-
`son’s copyrighted short stories on Internet newsgroups avail-
`able through USENET servers. 357 F.3d at 1075. Ellison
`asserted that America Online, Inc. (“AOL”) had infringed his
`copyright by providing access to the USENET servers. Id.
`Based on evidence that AOL changed its contact email
`address for copyright infringement notices from copy-
`right@aol.com to aolcopyright@aol.com in the fall of 1999,
`but neglected to register the change with the U.S. Copyright
`Office until April 2000, we held that the district court erred
`in concluding on summary judgment that AOL satisfied the
`requirements of § 512(i). Id. at 1077. Even though Ellison did
`not learn of the infringing activity until after AOL had noti-
`fied the U.S. Copyright Office of the correct email address,
`we found that “AOL allowed notices of potential copyright
`infringement to fall into a vacuum and go unheeded; that fact
`is sufficient for a reasonable jury to conclude that AOL had
`not reasonably implemented its policy against repeat infring-
`ers.” Id. at 1080.
`
`Similarly, the Aimster cases hold that a repeat infringer pol-
`icy is not implemented under § 512(i)(1)(A) if the service pro-
`vider prevents copyright holders from providing DMCA-
`compliant notifications. In Aimster, the district court held that
`Aimster did not reasonably implement its stated repeat
`infringer policy because “the encryption on Aimster renders
`it impossible to ascertain which users are transferring which
`files.” 252 F. Supp. 2d at 659. The court found that
`“[a]dopting a repeat infringer policy and then purposely evis-
`cerating any hope that such a policy could ever be carried out
`
`
`
`3562
`
`PERFECT 10, INC. v. CCBILL LLC
`
`is not an ‘implementation’ as required by § 512(i).” Id. The
`Seventh Circuit affirmed, finding that Aimster did not meet
`the requirement of § 512(i)(1)(A) because, in part, “by teach-
`ing its users how to encrypt their unlawful distribution of
`copyrighted materials [Aimster] disabled itself from doing
`anything to prevent infringement.” In re Aimster Copyright
`Litig., 334 F.3d 643, 655 (7th Cir. 2003).
`
`[4] Based on Ellison and the Aimster cases, a substantial
`failure to record webmasters associated with allegedly
`infringing websites may raise a genuine issue of material fact
`as to the implementation of the service provider’s repeat
`infringer policy. In this case, however, the record does not
`reflect such a failure. Perfect 10 references a single page from
`CCBill and CWIE’s “DMCA Log.” Although this page shows
`some empty fields in the spreadsheet column labeled “Web-
`masters [sic] Name,” Perfect 10’s conclusion that the DMCA
`Log thus “does not reflect any effort to track notices of
`infringements received by webmaster identity” is not sup-
`ported by evidence in the record. The remainder of the
`DMCA Log indicates that the email address and/or name of
`the webmaster is routinely recorded in CCBill and CWIE’s
`DMCA Log. CCBill’s interrogatory responses dated Decem-
`ber 11, 2003 also contain a chart indicating that CCBill and
`CWIE largely kept track of the webmaster for each website.
`
`[5] Unlike Ellison and Aimster, where the changed email
`address and the encryption system ensured that no informa-
`tion about the repeat infringer was collected, it is undisputed
`that CCBill and CWIE recorded most webmasters. The dis-
`trict court properly concluded that the DMCA Log does not
`raise a triable issue of fact that CCBill and CWIE did not
`implement a repeat infringer policy.
`
`2. Reasonableness
`
`[6] A service provider reasonably implements its repeat
`infringer policy if it terminates users when “appropriate.” See
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3563
`
`Corbis, 351 F. Supp. 2d at 1104. Section 512(i) itself does not
`clarify when it is “appropriate” for service providers to act. It
`only requires that a service provider terminate users who are
`“repeat infringers.”
`
`[7] To identify and terminate repeat infringers, a service
`provider need not affirmatively police its users for evidence
`of repeat infringement. Section 512(c) states that “[a] service
`provider shall not be liable for monetary relief” if it does not
`know of infringement. A service provider is also not liable
`under § 512(c) if it acts “expeditiously to remove, or disable
`access to, the material” when it (1) has actual knowledge, (2)
`is aware of facts or circumstances from which infringing
`activity is apparent, or (3) has received notification of claimed
`infringement meeting the requirements of § 512(c)(3). Were
`we to require service providers to terminate users under cir-
`cumstances other than those specified in § 512(c), § 512(c)’s
`grant of immunity would be meaningless. This interpretation
`of the statute is supported by legislative history. See H.R.
`Rep., at 61 (Section 512(i) is not intended “to undermine the
`. . . knowledge standard of [§ 512](c).”).
`
`Perfect 10 claims that CCBill and CWIE unreasonably
`implemented their repeat infringer policies by tolerating fla-
`grant and blatant copyright infringement by its users despite
`notice of infringement from Perfect 10, notice of infringement
`from copyright holders not a party to this litigation and “red
`flags” of copyright infringement.
`
`a. Perfect 10’s Claimed Notice of Infringement
`
`Perfect 10 argues that CCBill and CWIE implemented their
`repeat infringer policy in an unreasonable manner because
`CCBill and CWIE received notices of infringement from Per-
`fect 10, and yet the infringement identified in these notices
`continued. The district court found that Perfect 10 did not pro-
`vide notice that substantially complied with the requirements
`
`
`
`3564
`
`PERFECT 10, INC. v. CCBILL LLC
`
`of § 512(c)(3),2 and thus did not raise a genuine issue of mate-
`rial fact as to whether CCBill and CWIE reasonably imple-
`mented their repeat infringer policy. We agree.
`
`[8] Compliance is not “substantial” if the notice provided
`complies with only
`some of
`the
`requirements of
`§ 512(c)(3)(A). Section 512(c)(3)(B)(ii) explains that a ser-
`vice provider will not be deemed to have notice of infringe-
`ment when “the notification that is provided to the service
`provider’s designated agent fails to comply substantially with
`
`2Section 512(c)(3) reads:
`(A) To be effective under this subsection, a notification of
`claimed infringement must be a written communication provided
`to the designated agent of a service provider that includes sub-
`stantially the following:
`(i) A physical or electronic signature of a person authorized to
`act on behalf of the owner of an exclusive right that is allegedly
`infringed.
`(ii)
`Identification of the copyrighted work claimed to have been
`infringed, or, if multiple copyrighted works at a single online site
`are covered by a single notification, a representative list of such
`works at that site.
`(iii)
`Identification of the material that is claimed to be infring-
`ing or to be the subject of infringing activity and that is to be
`removed or access to which is to be disabled, and information
`reasonably sufficient to permit the service provider to locate the
`material.
`(iv)
`Information reasonably sufficient to permit the service pro-
`vider to contact the complaining party, such as an address, tele-
`phone number, and, if available, an electronic mail address at
`which the complaining party may be contacted.
`(v) A statement that the complaining party has a good faith
`belief that use of the material in the manner complained of is not
`authorized by the copyright owner, its agent, or the law.
`(vi) A statement that the information in the notification is accu-
`rate, and under penalty of perjury, that the complaining party is
`authorized to act on behalf of the owner of an exclusive right that
`is allegedly infringed.
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3565
`
`all the provisions of subparagraph (A) but substantially com-
`plies with clauses (ii), (iii), and (iv) of subparagraph (A)” so
`long as the service provider responds to the inadequate notice
`and explains the requirements for substantial compliance. The
`statute thus signals that substantial compliance means sub-
`stantial compliance with all of § 512(c)(3)’s clauses, not just
`some of them. See H.R. Rep., at 56 (A communication sub-
`stantially complies even if it contains technical errors such as
`misspellings or outdated information.). See also Recording
`Indus. Ass’n of Am., Inc. v. Verizon Internet Servs., Inc., 351
`F.3d 1229, 1236 (D.C. Cir. 2003) (citing H.R. Rep., at 56).3
`
`the requirements of
`it met
`that
`Perfect 10 claims
`§ 512(c)(3) through a combination of three sets of documents.
`The first set of documents is a 22,185 page bates-stamped
`production on October 16, 2002 that includes pictures with
`URLs of Perfect 10 models allegedly posted on CCBill or
`CWIE client websites. The October 16, 2002 production did
`not contain a statement under penalty of perjury that the com-
`plaining party was authorized
`to act, as required by
`§ 512(c)(3)(A)(vi). The second set of documents was also not
`sworn to, and consisted of a spreadsheet emailed to Fisher on
`July 14, 2003 identifying the Perfect 10 models in the October
`16, 2002 production by bates number. On December 2, 2003,
`Perfect 10 completed interrogatory responses which were
`signed under penalty of perjury. These responses incorporated
`the July 14, 2003 spreadsheet by reference.
`
`[9] Taken individually, Perfect 10’s communications do not
`substantially comply with the requirements of § 512(c)(3).
`Each communication contains more than mere technical
`errors; often one or more of the required elements are entirely
`absent. See Perfect 10, Inc. v. CCBill, LLC, 340 F. Supp. 2d
`
`3We do not read the Fourth Circuit’s holding in ALS Scan, Inc. v.
`RemarQ Communities, Inc., 239 F.3d 619, 625 (4th Cir. 2001), as holding
`that only location information is required for substantial compliance with
`the terms of § 512(c)(3).
`
`
`
`3566
`
`PERFECT 10, INC. v. CCBILL LLC
`
`1077, 1100-01 (C.D. Cal. 2004) (“Order”). In order to sub-
`stantially comply with § 512(c)(3)’s requirements, a notifica-
`tion must do more than identify infringing files. The DMCA
`requires a complainant to declare, under penalty of perjury,
`that he is authorized to represent the copyright holder, and
`that he has a good-faith belief that the use is infringing. This
`requirement is not superfluous. Accusations of alleged
`infringement have drastic consequences: A user could have
`content removed, or may have his access terminated entirely.
`If the content infringes, justice has been done. But if it does
`not, speech protected under the First Amendment could be
`removed. We therefore do not require a service provider to
`start potentially invasive proceedings if the complainant is
`unwilling to state under penalty of perjury that he is an autho-
`rized representative of the copyright owner, and that he has a
`good-faith belief that the material is unlicensed.4
`
`Permitting a copyright holder to cobble together adequate
`notice from separately defective notices also unduly burdens
`service providers. Indeed, the text of § 512(c)(3) requires that
`the notice be “a written communication.” (Emphasis added).
`Again, this requirement is not a mere technicality. It would
`have taken Fisher substantial time to piece together the rele-
`vant information for each instance of claimed infringement.
`To do so, Fisher would have to first find the relevant line in
`the spreadsheet indicating ownership information, then comb
`the 22,185 pages provided by Perfect 10 in order to find the
`appropriate image, and finally copy into a browser the loca-
`tion printed at the top of the page—a location which was, in
`some instances, truncated. The DMCA notification proce-
`dures place the burden of policing copyright infringement—
`
`4Perfect 10’s argument that its initial notice substantially complied with
`the DMCA’s notice requirements because Fisher, the recipient of that
`notice, admitted that he could have found the infringing photographs on
`the basis of the October 16, 2002, bates-stamped production, is thus beside
`the point. Without the predicate certification under penalty of perjury,
`Fisher would have had no reason to go looking for the photographs.
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3567
`
`identifying the potentially infringing material and adequately
`documenting infringement—squarely on the owners of the
`copyright. We decline to shift a substantial burden from the
`copyright owner to the provider; Perfect 10’s separate com-
`munications are inadequate.
`
`[10] Since Perfect 10 did not provide effective notice,
`knowledge of infringement may not be imputed to CCBill or
`CWIE based on Perfect 10’s communications. Perfect 10’s
`attempted notice does not raise a genuine issue of material
`fact that CCBill and CWIE failed to reasonably implement a
`repeat infringer policy within the meaning of § 512(i)(1)(A).
`
`b. Non-Party Notices
`
`Perfect 10 also cites to notices of infringement by other
`copyright holders, and argues that CCBill and CWIE did not
`reasonably implement their repeat infringer policies because
`they continued to provide services for websites that infringed
`non-party copyrights. The district court expressly declined to
`consider evidence of notices provided by any party other than
`Perfect 10 on the basis that these notices were irrelevant to
`Perfect 10’s claims. We disagree.
`
`[11] CCBill and CWIE’s actions towards copyright holders
`who are not a party to the litigation are relevant in determin-
`ing whether CCBill and CWIE reasonably implemented their
`repeat infringer policy. Section 512(i)(1)(A) requires an
`assessment of the service provider’s “policy,” not how the
`service provider treated a particular copyright holder. See
`Ellison, 357 F.3d at 1080 (AOL’s repeat infringer policy was
`not reasonably implemented because copyright holders other
`than Ellison could have attempted to notify AOL during the
`time that AOL’s email address was incorrectly listed.). Thus,
`CCBill and CWIE’s response to adequate non-party notifica-
`tions is relevant in determining whether they reasonably
`implemented their policy against repeat infringers.
`
`
`
`3568
`PERFECT 10, INC. v. CCBILL LLC
`[12] A policy is unreasonable only if the service provider
`failed to respond when it had knowledge of the infringement.
`The district court in this case did not consider any evidence
`relating to copyright holders other than Perfect 10. We
`remand for determination of whether CCBill and/or CWIE
`implemented its repeat infringer policy in an unreasonable
`manner with respect to any copyright holder other than Per-
`fect 10.
`
`c. Apparent Infringing Activity
`
`[13] In importing the knowledge standards of § 512(c) to
`the analysis of whether a service provider reasonably imple-
`mented its § 512(i) repeat infringer policy, Congress also
`imported the “red flag” test of § 512(c)(1)(A)(ii). Under this
`section, a service provider may lose immunity if it fails to
`take action with regard to infringing material when it is
`“aware of facts or circumstances from which infringing activ-
`ity is apparent.” § 512(c)(1)(A)(ii). Notice that fails to sub-
`stantially comply with § 512(c)(3), however, cannot be
`deemed to impart such awareness. §§ 512(c)(3)(B)(i) & (ii).
`
`Perfect 10 alleges that CCBill and CWIE were aware of a
`number of “red flags” that signaled apparent infringement.
`Because CWIE and CCBill provided services to “illegal.net”
`and “stolencelebritypics.com,” Perfect 10 argues that they
`must have been aware of apparent infringing activity. We dis-
`agree. When a website traffics in pictures that are titillating by
`nature, describing photographs as “illegal” or “stolen” may be
`an attempt to increase their salacious appeal, rather than an
`admission that the photographs are actually illegal or stolen.
`We do not place the burden of determining whether photo-
`graphs are actually illegal on a service provider.
`
`Perfect 10 also argues that a disclaimer posted on illegal.net
`made it apparent that infringing activity had taken place. Per-
`fect 10 alleges no facts showing that CWIE and CCBill were
`aware of that disclaimer, and, in any event, we disagree that
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3569
`
`the disclaimer made infringement apparent. The disclaimer in
`question stated: “The copyrights of these files remain the cre-
`ator’s. I do not claim any rights to these files, other than the
`right to post them.” Contrary to Perfect 10’s assertion, this
`disclaimer is not a “red flag” of infringement. The disclaimer
`specifically states that the webmaster has the right to post the
`files.
`
`In addition, Perfect 10 argues that password-hacking web-
`sites, hosted by CWIE, also obviously infringe. While such
`sites may not directly infringe on anyone’s copyright, they
`may well contribute to such infringement. The software pro-
`vided by Grokster in Metro-Goldwyn-Mayer Studios Inc. v.
`Grokster, Ltd., 545 U.S. 913 (2005), also did not itself
`infringe, but did enable users to swap infringing files. Grok-
`ster held that “instructing [users] how to engage in an infring-
`ing use” could constitute contributory infringement. Id. at
`936. Similarly, providing passwords that enable users to ille-
`gally access websites with copyrighted content may well
`amount to contributory infringement.
`
`[14] However, in order for a website to qualify as a “red
`flag” of infringement, it would need to be apparent that the
`website instructed or enabled users to infringe another’s copy-
`right. See A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004,
`1013 n.2 (9th Cir. 2001). We find that the burden of determin-
`ing whether passwords on a website enabled infringement is
`not on the service provider. The website could be a hoax, or
`out of date. The owner of the protected content may have sup-
`plied the passwords as a short-term promotion, or as an
`attempt to collect information from unsuspecting users. The
`passwords might be provided to help users maintain anonym-
`ity without infringing on copyright. There is simply no way
`for a service provider to conclude that the passwords enabled
`infringement without trying the passwords, and verifying that
`they enabled illegal access to copyrighted material. We
`impose no such investigative duties on service providers.
`
`
`
`3570
`
`PERFECT 10, INC. v. CCBILL LLC
`
`Password-hacking websites are thus not per se “red flags” of
`infringement.
`
`[15] Perfect 10 also alleges that “red flags” raised by third
`parties identified repeat infringers who were not terminated.
`Because the district court did not consider potential red flags
`raised by third parties, we remand to the district court to
`determine whether third-party notices made CCBill and
`CWIE aware that it provided services to repeat infringers, and
`if so, whether they responded appropriately.
`
`B. Standard Technical Measures: § 512(i)(1)(B)
`
`[16] Under § 512(i)(1)(B), a service provider that interferes
`with “standard technical measures” is not entitled to the safe
`harbors at §§ 512(a)-(d). “Standard technical measures” refers
`to a narrow group of technology-based solutions to online
`copyright infringement:
`
`[T]he term “standard technical measures” means
`technical measures that are used by copyright own-
`ers to identify or protect copyrighted works and—
`
`(A) have been developed pursuant to a
`broad consensus of copyright owners and
`service providers in an open, fair, volun-
`tary, multi-industry standards process;
`
`(B) are available to any person on reason-
`able and nondiscriminatory terms; and
`
`(C) do not impose substantial costs on ser-
`vice providers or substantial burdens on
`their systems or networks.
`
`§ 512(i)(2). Perfect 10 argues that CCBill does not qualify for
`any safe harbor because it interfered with “standard technical
`measures” by blocking Perfect 10’s access to CCBill affiliated
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3571
`
`websites in order to prevent Perfect 10 from discovering
`whether those websites infringed Perfect 10 copyrights.
`
`There are two disputed facts here.
`
`We are unable to determine on this record whether access-
`ing websites is a standard technical measure, which was “de-
`veloped pursuant to a broad consensus of copyright owners
`and service providers in an open, fair, voluntary, multi-
`industry standards process.” § 512(i)(2)(A). We thus remand
`to the district court to determine whether access to a website
`is a “standard technical measure,” and if so, whether CCBill
`interfered with that access.
`
`[17] If allowing access is a standard technical measure,
`CCBill claims it only blocked Perfect 10’s credit card because
`Perfect 10 had previously reversed charges for subscriptions;
`Perfect 10 insists it did so in order to prevent Perfect 10 from
`identifying infringing content. If CCBill is correct, Perfect
`10’s method of identifying infringement—forcing CCBill to
`pay the fines and fees associated with chargebacks—may well
`impose a substantial cost on CCBill. If not, CCBill may well
`have interfered with Perfect 10’s efforts to police the websites
`in question for possible infringements. Because there are dis-
`puted issues of material fact, we remand to the district court
`for a determination of whether CCBill’s refusal to process
`Perfect 10’s transactions interfered with a “standard technical
`measure” for identifying infringement.
`
`C. Transitory Digital Network Communications:
`§ 512(a)
`
`[18] Section 512(a) provides safe harbor for service provid-
`ers who act as conduits for infringing content. In order to
`qualify for the safe harbor of § 512(a), a party must be a ser-
`vice provider under a more restrictive definition than applica-
`ble to the other safe harbors provided under § 512:
`
`
`
`3572
`
`PERFECT 10, INC. v. CCBILL LLC
`
`As used in subsection (a), the term “service provid-
`er” means an entity offering the transmission, rout-
`ing, or providing of connections for digital online
`communications, between or among points specified
`by a user, of material of the user’s choosing, without
`modification to the content of the material as sent or
`received.
`
`Section 512 (k)(1)(A). The district court held that CCBill met
`the requirements of § 512(k)(1)(A) by “provid[ing] a connec-
`tion to the material on its clients’ websites through a system
`which it operates in order to provide its clients with billing
`services.” Order at 1102. We reject Perfect 10’s argument that
`CCBill is not eligible for immunity under § 512(a) because it
`does not itself transmit the infringing material. A service pro-
`vider is “an entity offering the transmission, routing, or pro-
`viding of connections for digital online communications.”
`§ 512(k)(1)(A). There is no requirement in the statute that the
`communications must themselves be infringing, and we see
`no reason to import such a requirement. It would be perverse
`to hold a service provider immune for transmitting informa-
`tion that was infringing on its face, but find it contributorily
`liable for transmitting information that did not infringe.
`
`Section 512(a) provides a broad grant of immunity to ser-
`vice providers whose connection with the material is tran-
`sient. When an individual clicks on an Internet link, his
`computer sends a request for the information. The company
`receiving that request sends that request on to another com-
`puter, which sends it on to another. After a series of such
`transmissions, the request arrives at the computer that stores
`the information. The requested information is then returned in
`milliseconds, not necessarily along the same path. In passing
`the information along, each intervening computer makes a
`short-lived copy of the data. A short time later, the informa-
`tion is displayed on the user’s computer.
`
`[19] Those intervening computers provide transient connec-
`tions among users. The Internet as we know it simply cannot
`
`
`
`PERFECT 10, INC. v. CCBILL LLC
`
`3573
`
`exist if those intervening computers must block indirectly
`infringing content. We read § 512(a)’s grant of immunity
`exactly as it is written: Service providers are immune for
`transmitting all digital online communications, not just those
`that directly infringe.
`
`[20] CCBill transmits credit card information and proof of
`payment, both of which are “digital online communications.”
`However, we have little information as to how CCBill sends
`the payment it receives to its account holders. It is unclear
`whether such payment is a digital communic