Even if consumers don't necessarily care about security, required labelling gives brands an opportunity to stand out from one another. If I'm looking at two products on the shelf, where one claims to have greater security, and the other makes no such claim, I'm likely to buy the more secure one, even if I don't necessarily care much about security. If getting the secure label is relatively cheap (which it should be, since most of the issues we see are the product of laziness rather than being especially hard to fix), than we could see the market dominated by products promoting high security, even without customers ever caring that much about insecure devices.
oh man, you sound like the type of person that would fall for the intentionally misleading labels that makes it sound like one thing but is in fact absolutely not that thing. just yesterday, there was a link to an article about the lies on food packaging.
so, labeling requirements are one thing, but requiring that the information is straight forward and leaves no options for misleading would be great. I just don't think there's ever going to be a way from preventing someone from finding loopholes.
They're in FN 20 of the linked proposal for rulemaking (which is 48 dense pages and which I don't expect anyone here to have had a chance to read yet.)
If you find yourself skeptical about the NIST proposals, please feel free to comment on the record!
