A situation where I see a direct justification of scanning is, for example, when doing a financial transaction over an e-commerce site. Personally, checking out the general security of a site, as a consumer before submitting billing info gives me more security than any certification can. I even see this as advantage for the company offering the service. If they have poor security, people would stay away from them, or possibly notify them, reducing their costs by preventing incidents (and the accompanying lawsuits of customers who have fallen victim to an attack). If they have good security, people would know it and prefer their services.
The criminalization of scanning and the general access of network services that some people don't like to have accessed - already, the current laws can label almost any activity on a network as intrusion, because they can be interpreted arbitrarily - will ultimately lead to a situation where companies and individuals performing scans and network surveys for security relevant data are going to have big problems, while system crackers using illegally acquired resources can effectively still probe and attack any site.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.