Right, but neither is the CSAM code being used to detect anything but CSAM.
If a bit can be flipped to make the CSAM detector go evil, surely it can be flipped to make photo search go evil, or spotlight start reporting files that match keywords for that matter.
There is nothing special about this CSAM detector except that it’s narrower and harder to repurpose than most of the rest of the system.
It has already been added. That's the point here. The phone already has the code to report its own owner. People are rightfully pissed about that.
Also, adding a one-liner of code is a lot more than a bit-flip. That's the addition of a feature, which is a major business decision. Code that already exists is a lot closer to "misfiring" than code that simply does not. Flipping a policy config, OTOH, could be "explained" away a lot easier. In fact, Big Tech does it all the time! (Remember Facebook's "Oh. Sorry. It was a bug."?)
----
Please stop this poor attempt at moving the goalposts by saying, "But, similar code could be added at any time in the future! Why're you guys complaining now?!"
It's also not about where the scanning is happening, or whether that's new or old. The old scanning is not a problem, precisely because it does no reporting. The new scanning IS a problem, precisely because it does the reporting.
The former is not a problem on its own. The latter is. That's the point you keep missing.
If a bit can be flipped to make the CSAM detector go evil, surely it can be flipped to make photo search go evil, or spotlight start reporting files that match keywords for that matter.
There is nothing special about this CSAM detector except that it’s narrower and harder to repurpose than most of the rest of the system.