A question to you legal experts out there: if a potential CSAM match is found during client-side scanning, but such a match has not yet been confirmed by an Apple employee to actually be CSAM, does Apple have the option, legally speaking, to SIMPLY DELETE the "gray-area" content in-place (just like a regular virus scanner), instead of sending it to Apple for further analysis?
Someone performs "an implication by malicious actors attack" on your iPhone/iPad and the injected content simply gets deleted. You take a (false positive) photo with your iPhone/iPad - and it simply disappears (making you retake). No private content is ever sent anywhere, no horrible accusation is ever made, no CSAM ever gets uploaded to iCloud. Simple.
It seems like this system was designed specifically so that this would be impossible, and such a feature would go against what seem to be design goals of this system.
They went through the trouble of making this whole “private set” matching so that the client does the matching but doesn’t know the result of the matching. Only the server can (once enough matches are made that the key is available).
But this strongly suggests that the entire Apple/NCMEC initiative is a "suveillance-and-arrest" system first and foremost (preserving hash secrecy at the cost of user privacy), while the goal of "stop-known-CSAM-distribution-in-iCloud" (developing an in-house CSAM database at the cost of scanning effectiveness) being secondary.
This seems to come from the NCMEC, not from Apple. I remember another thread (can’t find the link) from someone explaining how difficult it was for them to get access to PhotoDNA and the relative hashes.
Someone performs "an implication by malicious actors attack" on your iPhone/iPad and the injected content simply gets deleted. You take a (false positive) photo with your iPhone/iPad - and it simply disappears (making you retake). No private content is ever sent anywhere, no horrible accusation is ever made, no CSAM ever gets uploaded to iCloud. Simple.
Why doesn't Apple do that?