Probably the privacy angle is best. Given that this uses an "attester’s public key", this enables to uniquely identify a given device repeatedly over time with no margin for error. It's essentially "perfect fingerprinting".
There's also the option that devices don't use a per-device key. If all the devices from a vendor use the same keypair, then this would be broken by just extracting the key from a single device (AFAIK, in the US this would likely not be legal to use).