FWIW the slight of hand mentioned here isn’t in the article. I presume it means the fact iCloud backups aren’t end to end encrypted with your iCloud Keychain passphrase, which was reportedly either:
A) because apple wanted to be sure you could restore a device to which you lost the key (not implausible user experience story, but one you could imagine folks opting into)
B) the FBI complained and they caved
C) both A and B
Note that iCloud backups include the keys needed to decode your ostensibly end-to-end encrypted iMessage history. Effectively key escrow, but they don't market it like that.
That seems like a bad way to think about security threats. The fact that the door is open at all is severely problematic, regardless of how many people have walked through it.
That wasn't my point. The OP suggested that Apple was being deceitful about its position that this posture is "for users". To me, the fact that a user can potentially (and accidentally) lock themselves out of their own data with no recourse is a justification for a more relaxed security posture that completely lines up with being "for users". If there is no evidence of a security breach as a result of this lowered posture, then the lowered posture is both "for users" and also worth it. I, personally, would rather have the higher security posture but I can't see any way for Apple to implement that that wouldn't result in someone's grandparent unintentionally locking themselves out of years worth of data. I already see it when people don't backup their phones (to iCloud, since it's so easy) and then lose all their data when they drop their phone and it gets run over by a car. Apple must see the trade-off as worthwhile to be able to offer users the ability to gain access to their data after an extensive verification process vs. having the strongest security posture possible.
