That's not what happens. Read the white paper. The only thing sent is the hash and signature (which, at worst, essentially amounts to a thumbnail of CSAM). No part of the encrypted content is ever sent to Apple.

So Apple might end up with thumbnails of the "end-to-end encrypted" content I send, and you think that it counts as end-to-end encryption even if (a low-resolution version of) my messages can end up in a third party's hands. Did I get that right?

I'm really curious if the potential for the wrong files to be exfiltrated is going to force corporations and law firms to prohibit the use of iPhones and Macs for work.

Personally I've been dying for the next gen of M1 macs to come out. I also wonder if this tech has some magical way of getting around a hosts file and little snitch. If I can't gap my data from Apple it would raise ethical issues with my storing client secrets on the machine.

Yes. The only way they would get the signature and low-res version is if it’s already been identified as CSAM (with a 1-in-a-trillion chance of a false collision). If they’re not getting your content, it can still be E2E encrypted.

> with a 1-in-a-trillion chance of a false collision

I don't think that's exactly where the "one in a trillion" claim comes from. Rather, it's that a single matching hash isn't enough to trigger the reporting; there needs to be multiple matches, and when there are enough of them to cross an unspecified threshold, then the reporting is triggered. There's theoretically only a one in a trillion chance of that threshold being crossed without having actual CSAM matches.

If I understand the white paper correctly, this even goes a step farther than that; they can't decrypt the signatures of the images corresponding to the matched hashes until the threshold is passed, because those images form a kind of decryption key together.

On a technical level, I'm actually pretty impressed. They absolutely could set up E2E encryption and still implement this system, and it largely assuages my worries about false matches of innocent photos (with the extremely big caveat that a false match has a very high potential of ruining someone's life). As the linked article points out, though, the real privacy concern here comes from having this matching capability on-device at all, because once it's there, limiting the data set to just this one provided by NCMEC becomes a matter of company policy. If an agency of any government demands Apple add their data set, they can no longer say, "we can't do that without drastically compromising the way our devices and services work," because it will be public knowledge that this in fact how their devices and services work already.

//No part of the encrypted content is ever sent to Apple.// Except all the data before it is encrypted, if it matches the data Apple wants to see. And don't anyone dare say this is a backdoor. It just scans for arbitrary secret files a 3rd party is interested in, and sends out info whenever it finds something interesting. That is perfectly fine bc shiny Apple said so.

This is wrong. Apple never gets the contents of the file. Read the white paper.