This doesn't help the IoT standards war at all
I guess it's not meant to. My personal guess is that a lot of IoT providers actually want to be ongoing service providers and charge you rent. If open, interoperable, protocols are deployed you could then buy the good hardware from company A and the good service from company B. Or you could buy the cheap and nasty hardware from company C and annoy the hell out of company B with service requests.
New US standards of IoT: backdoors for NSA
Given that a whole heap of IoT has sweet f*** all security (FYI, Linux is only 'more secure than Windows'
if people configure it right), I think it will actually make it a little harder for three letter agencies to break in.
However, I haven't read the draft and US laws are infamous for containing weird and wonderful extra stuff beyond what the title might suggest.
Maybe I'm being charitable, but I think the reason for a lot of products out there lacking security isn't malice or stupidity but time pressure. If you're boss is getting hell from upper management, they will say "just make it work, we need to ship it." As long as no-one checks for security issues - which the upper management possibly thinks is a waste of time - the 'working' product will go out the door. Hard-coded admin passwords and all.