The if they don't have to was a rather important part of the statement you quoted. I'm saying if they can block the scanning packets and have some subjective reason to do so then this is fine, the value of the scanning as a service notwithstanding.

The point is that if you want to have a device on the internet you will "have to" by definition. You don't get a choice. Everything on the global internet is subject to arbitrary inspection at any time by anyone. That's how it works. Someone may inspect your device and discover they are blocked, or ports aren't open, but arbitrary inspection isn't something you ever have a choice in.