The distinction there is that it's the server doing the matching and reporting, not the client. People expect remote servers to be accessible to government searches, but not their own personal devices.
This distinction is even codified in U.S. law. The government needs a warrant to search your phone, but only needs a subpoena to search a remote server that's storing your files[1].
But yes, I can see why that distinction might feel a little arbitrary at times, particularly in the modern age where cloud storage is so common. Perhaps the 4th amendment should cover third parties storing "papers, and effects" on a person's behalf.
> The distinction there is that it's the server doing the matching and reporting, not the client. People expect remote servers to be accessible to government searches, but not their own personal devices.
Speaking solely for myself, I don't see a meaningful difference between these cases. They're both "content you upload to a server is scanned", with the only difference being that the scan happens immediately before upload rather than sometime after upload.
My opinion would be notably changed if Apple was scanning content you're not uploading, but the current system doesn't seem to allow for that.
The difference is you need just to change a flag in the process to scan all your pictures on the device no matter if iCloud or not.
It's their software and you have only their promise they only scan pictures meant to be stored in the iCloud.
The reason the distinction is meaningful here is that Apple end to end encrypts iCloud uploads, meaning that Apple does not have access to the files. Scanning on the device is this weird middleground where they do sort of have access, and in some cases might very well end up with access (false positives).
Apple doesn't end to end encrypt iCloud Photo uploads -- they do transfer and store them encrypted, but they still have a key to view them if they want to.
> iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information.
This distinction is even codified in U.S. law. The government needs a warrant to search your phone, but only needs a subpoena to search a remote server that's storing your files[1].
But yes, I can see why that distinction might feel a little arbitrary at times, particularly in the modern age where cloud storage is so common. Perhaps the 4th amendment should cover third parties storing "papers, and effects" on a person's behalf.
[1]: https://grandjurytarget.com/2020/10/28/by-search-warrant-or-...