Why not? Maybe they don't 100% trust their government for whatever reason. Why must they let their ports be subject to arbitrary inspection by an entity they don't trust if they don't have to? Hell, I'd block this port scanning on general principle.
I realize this is an emotional topic for some people but think about what this is really doing: the government isn't asking anyone to open anything up but rather scanning what they've already exposed to the entire internet. If there's something there you want to keep private, you should be closing it to everyone except the authenticated users you want to have access to it. You are not better off in any meaningful way if you block a public vulnerability scanner but leave yourself wide open to everyone else.
Consider, for example, the possibility that the government might have technical people at least as adept as the average teenager looking to pirate movies. If they were trying to something you consider malicious, would they a) put up a public web page telling you how to detect their traffic and stop it[1] or b) scan it from IPs which are not easily attributed? Using cheap commercial hosting for that would cost a fraction of what they pay a single employee per month and it's not exactly a technically-daunting task — and if it were, they'd toss a few thousand at Shodan.io to do it for them, an amount which could be buried in the printer supply budget of any national government.
> You are not better off in any meaningful way if you block a public vulnerability scanner but leave yourself wide open to everyone else.
That is a value judgment better made by the server owner, don't you think? It is their private (perhaps leased) property we're talking about after all. Perhaps the government should ask first before periodically scanning someone's property?
It’s privately owned but publicly accessible and there’s a strong public interest in shutting down insecure servers before they’re compromised by malicious actors. To me this seems more like the government having an inspector walking down the street and observing whether your building has broken windows, rats, and smells of gas. Any information they get is something you’re giving away to the entire internet anyway.
Again, I’m not saying you don’t have the right to block them - they even give you an easy way to opt-out - but that it seems misdirected to worry about the people asking nicely when the internet is full of actually malicious people who don’t ask.
> Why must they let their ports be subject to arbitrary inspection by an entity they don't trust
because that's literally how the internet works. Their ports are and will always be subject to arbitrary inspection while they are reachable on the internet.
The if they don't have to was a rather important part of the statement you quoted. I'm saying if they can block the scanning packets and have some subjective reason to do so then this is fine, the value of the scanning as a service notwithstanding.
The point is that if you want to have a device on the internet you will "have to" by definition. You don't get a choice. Everything on the global internet is subject to arbitrary inspection at any time by anyone. That's how it works. Someone may inspect your device and discover they are blocked, or ports aren't open, but arbitrary inspection isn't something you ever have a choice in.
