IIRC, Charlie Shrem gave Faiella (BTCKing) explicit instructions on how to avoid the AML rules he was required to enforce as Chief Compliance Officer of BitInstant.
What it applies to: any intelligence collection activity not otherwise authorized by court order (including FISA courts), subpoena, or similar legal process that is reasonably anticipated to result in the acquisition of a covered communication to or from a US person.
What it does: permits the acquisition, retention, and dissemination of non-public communications indefinitely, unless any parties are US persons and the communication is NOT encrypted, in which case they can only be retained for 5 years. (There are some other exemptions to this 5 year rule.)
Note that "incidentally acquired" appears only in the section title.
The main question here for me is what exactly this applies to. Is "any intelligence collection activity not otherwise authorized" blanket permission to collect anything?
In the most literal reading, the phrase "shall permit" refers to the required "procedures", which are themselves "approved by the Attorney General"... So that might be "Anything, subject to the discretion of the AG"?
Or does that actually require the AG to approve procedures which "shall permit the acquisition" of "[private] communication to or from a United States person" during "any intelligence collection activity not otherwise authorized"?
They do control botnets (Vinnie operates a DDoS service at legion.cm) but certainly not on that scale.