Lack of saying how to pay for it, might be a criticial key to the motivation.
First of all, remember "they" never pay for anything; it would be "we," If, say, our taxes were to go up n% in order to fund such an effort, some people might complain or watch where that n% goes, making it harder for whoever the beneficiary of this law is, to remain undetected.
On the other hand, if a new law doesn't say how to pay, but rather, simply demands that services be "certified insecure" (yeah, it needs a better name) where the insecurity certification authority is presumably whoever is buying this new law, and they are paid not by one government program, but by skimming a little bit from every business in the country individually, there's less to talk about.
When the government spends $40 billion on something, someone might ask an embarrassing question about it. When you spend an extra $400 per year amortized across all goods and services in order to pay for those things' advertising on your phone, which in turn funds your phone's developers, who have to pay $40000 for an insecurity audit, to prove that your phone will always reject attempts to communicate high-entropy data (i.e. can't be used as a dumb pipe by some secure application), then there's no good question to ask.
Things just cost more than they used to, and don't work as reliably as they used to, and that's how things are. That's just something for weirdos to bitch about, not for the press to ask about.
People are willing to pay anything, as long as it's not called a tax. Why do you think Republicans still get votes?