That is not true. iMessage content is encrypted in iCloud with keys stored in your keychain only accessible to your devices. When you add a new device to your account it learns the keys from one of your existing devices and requires touch/face ID approval. In an "all devices lost" situation the keychain is backed up to iCloud but encrypted using a key stored in an HSM that requires authentication using things only you know but are never transmitted to Apple using https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco...
You have been misled. The truth is that the iMessage keys stored in iCloud are accessible to Apple unless you have enabled the non-default Advanced Data Protection (ADP) feature. This is clearly documented by Apple themselves[1]. And even if you do enable it, your messages are still accessible to Apple in the iCloud backups of the people you are messaging, since they likely didn't enable a non-default feature like ADP. Defaults matter!
From that page: "For additional privacy and security, 14 data categories — including Health and passwords in iCloud Keychain — are end-to-end encrypted. Apple doesn't have the encryption keys for these categories, and we can't help you recover this data if you lose access to your account." The page goes on to list iMessage as always E2E. Other types of data like Calendar are only encrypted in transit and at rest so they can do server side processing.
Specifically: "We designed iMessage to use end-to-end encryption, so there’s no way for Apple to decrypt the content of your conversations when they are in transit between devices. Attachments you send over iMessage (such as photos or videos) are encrypted so that no one but the sender and receiver(s) can access them."
You are likely being misled by Apple's confusing naming. In the "Data categories and encryption" table, "Messages in iCloud" is listed as always end-to-end encrypted, with a footnote. However this is not telling you that all iMessage messages are always stored end-to-end encrypted. In fact "Messages in iCloud" refers to an optional feature of iMessage. The table is telling you that if you enable the "Messages in iCloud" feature, your messages are end-to-end encrypted. But wait, remember that footnote! Follow the footnote reference to find out that in fact, as I said, the end-to-end encryption is broken by iCloud backup unless the optional ADP is enabled. This line of the table is extremely misleading to say the least.
But what if you don't enable the "Messages in iCloud" feature? Then your iCloud backup simply includes your messages, which again are not end-to-end encrypted unless you enable the optional ADP. That's covered under the "iCloud Backup (including device and Messages backup)" line in the "Data categories and encryption" table. Note that in this table "In transit & on server" means "not end-to-end".
The other page you link states that messages are "encrypted" in iCloud backups; it does not state that they are end-to-end encrypted in iCloud backups, in contrast to the following sentence which specifically calls out end-to-end encryption. The page seems designed to mislead, but it is technically not incorrect because it does not specifically claim end-to-end encryption of iCloud backups. The iCloud documentation I linked, on the other hand, is confusing but definitive and unambiguous if carefully read.
Ah, I see where you are getting confused. Yes the Messages in iCloud encryption keys are escrowed with Apple in some cases. The keys are stored inside an HSM that requires a secret known by the user and not Apple.
I know it is confusing to follow which specific Apple products each description applies to. That documentation you linked is specific to iCloud Keychain. It does not describe what Messages in iCloud does. When iCloud Backup is enabled without ADP the Messages in iCloud key is stored outside iCloud Keychain and not end-to-end encrypted. Don't believe me? Believe Apple:
> When iCloud Backup is turned on, the backup includes a copy of the Messages in iCloud encryption key so Apple can help the user recover their messages even if they have lost access to iCloud Keychain and their trusted devices.
From that page: "By default, the iCloud Backup service key is securely backed up to iCloud Hardware Security Modules in Apple data centers, and is part of the available-after-authentication data category." It is handled in the same way as the keychain, but the page I linked has a better technical description.
Let me put this issue to rest with a pair of quotes from Apple's guide for law enforcement:
Q: Can Apple intercept customers’ communications pursuant to a Wiretap Order?
A: Apple can intercept customers’ email communications, upon receipt of a valid Wiretap Order. Apple cannot intercept customers’ iMessage or FaceTime communications as these communications are end-to-end encrypted.
and
Apple does not receive or retain encryption keys for customer’s end-to-end encrypted data.
Remember this is in response to law enforcement (and by proxy the courts) and they don't get to rely on technicalities or word games about backups to not comply with a warrant. It just isn't possible.
The reality distortion field has got you good, man. I won't be responding further after this, but in one last vain attempt to get through to you let me point out that the part you quoted means the opposite of what you seem to be implying. The "available-after-authentication data category" is not end-to-end encrypted and Apple can read it without needing your password or your device. (This obviously must be true because much of the data in this category is available in the iCloud web interface from any web browser, and is not lost even if you use the password reset function in the web interface to regain access to the account without entering any previous password or using any Apple device). Just because HSMs are used in some way, that doesn't automatically make it end-to-end encrypted and doesn't mean Apple has no way to read it. In that sentence Apple is literally telling you that the iCloud backup key is not end-to-end encrypted.
As for the "guide for law enforcement", let me quote a different part that you conveniently ignored. Emphasis mine.
> I. The following information may be available from iCloud:
> [...]
> c. Email Content and Other iCloud Content, My Photo Stream, iCloud Photo
Library, iCloud Drive, Contacts, Calendars, Bookmarks, Safari Browsing History,
Maps Search History, Messages, iOS Device Backups
> [...] iCloud content may include email, stored photos, documents,
contacts, calendars, bookmarks, Safari Browsing History, Maps Search History, Messages
and iOS device backups. iOS device backups may include photos and videos in the Camera
Roll, device settings, app data, iMessage, Business Chat, SMS, and MMS messages and
voicemail. For data Apple can decrypt, Apple retains the encryption keys in its U.S. data
centers. Apple does not receive or retain encryption keys for customer’s end-to-end encrypted
data. iCloud content, as it exists in the customer’s account, may be provided in response to a
search warrant issued upon a showing of probable cause, or customer consent.
I'll bet you'll be confused by this sentence in the part that I just quoted: "Apple does not receive or retain encryption keys for customer’s end-to-end encrypted data." This is true! But iCloud backups are not end-to-end encrypted without ADP, nor are Messages in iCloud keys when stored in iCloud backups, as I have already conclusively shown. So it's irrelevant.
