The notion that scanning cloud data on device is somehow worse than doing the same thing on server is deeply flawed.
If you have a false positive on device, nothing is sent to Apple's servers. It takes several (possibly false) positives at once to trigger a human review.
If you have a single false positive on server, that data is sitting there where it can be subpoenaed and abused.
Also, recent history shows that Apple is willing to fight government demands to invade user privacy in court.
> Also, recent history shows that Apple is willing to fight government demands to invade user privacy in court.
I can only think of one instance where they did that (the San Bernardino shooter case), and the request was hugely overreaching (the FBI wanted them to compromise their software update signing services), and also they actually DID comply with giving the FBI access to their iCloud data -- just not the software update service.
This is a big part of the reason people are surprised and concerned about the scanning program, because it seems like a departure from what Apple has said and done about privacy of iPhone data for the last decade.
If you have a false positive on device, nothing is sent to Apple's servers. It takes several (possibly false) positives at once to trigger a human review.
If you have a single false positive on server, that data is sitting there where it can be subpoenaed and abused.
Also, recent history shows that Apple is willing to fight government demands to invade user privacy in court.