Third possibility: Apple is going to E2E encrypt iCloud photos, but the only way the U.S. government will allow it while still complying with CSAM laws is if the photos to be uploaded are scanned on the device.

There are no CSAM laws that require this sort of privacy violation, and it would be a gross overstep by any government to mandate it.

If they enabled E2EE iCloud after this it'd be just for marketing purposes, because client-side encryption is being circumvented it would render the whole promise of privacy as a lie.

> client-side encryption is being circumvented

Client side encryption of what? A plain photo? That you designate to upload to cloud? At which point it's encrypted, or hash-checked then encrypted. Where's the circumvention?

They have to have hashing on the phone to support the new parental control option for Messages. If parents enable this option, it checks incoming images on their child's phone against the hashes, gives the child a chance to reject matching images, and if the child chooses to accept the image notifies the parents and gives them a copy of the image.

No, that "feature" isn't based on hashes from the CSAM database. It's instead based on a machine learning model trained on the CSAM database which allows them to identify arbitrary images of underage nudity. These are independent from each other.

> why not do the hashing on Apple's servers when the photos are uploaded to the service?

Their reasoning seems to be that it would break E2E encryption.