The parent comment said “hole which has already been used”, that’s a claim that Apple has actually done it, not only a speculation that they could. They are being asked to back up that claim.
With Apple's current lack of encryption on iCloud backups, we are very aware of government access because those files end up as evidence in court cases after being obtained by police and prosecutors.
If government were to compromise end to end encryption in the manner described above, it would either be visible when used to prosecute people, or invisible because it would never be used to prosecute people (but presumably for intelligence purposes). Even if it were used for intelligence purposes through the method above, which I don't think is at all established, it would still be a significant improvement over having data in a form that is actively used to prosecute people.
> Even if it were used for intelligence purposes through the method above, which I don't think is at all established,
The snowden revelations were precisely about information gathering for intelligence purposes. The vast majority of intel gathering is not for prosecutionary purposes.
I didn’t say it’s good that intelligence agencies hypothetically could spy on this data by having Apple push malicious software.
What is absolutely good is that they have e2ee now, and the only way they could even hypothetically open a back door would be one that was completely secret, for the government, which definitionally closes off a whole class of government use of the data, for example in domestic prosecutions of citizens.
This may not be perfect (it’s not open source etc) but it’s a vast improvement over non encrypted data that was openly routinely given to the government.
I think we are talking cross purposes. I agree with your evaluation that this is an improvement over current state. I did not cite whether you think it is good or bad that intelligence agents could spy on this data. I was referring to the fact that most secret surveillance is expressly for the purposes of intelligence rather than prosecution. Surveillance methods that are secretive are, by their very nature of being secretive, typically not used for prosecutionary evidence gathering due to the fact that such use would reduce the method's secrecy. Until Apple can provide some verifiable proof that my keys cannot be handed off to governmental parties wishing to decrypt my data, I will not feel comfortable using their cloud service for my personal data (not that my family vacation photos and pictures of our dog will be that interpreting to anyone).
"You can't prove that they don't already do X, because X is by definition a secret action" is a pretty useless epistemology though. Every electronic device you've ever used could secretly have a cellular modem that can secretly download over-the-air firmware updates that alter its behavior to be maximally evil. You by definition can't prove that your coffee machine doesn't secretly have the ability to change its behavior to start connecting to the internet and DDOSing charities or something.
The thing that people always miss is that the damn SIM card is running its own little processor already. If the government really wants to read your shit they can probably just do some behind the scenes work with your mobile ISP and find a way to access your phones screen output or microphone data or something.
If I really wanted a physical SIM and imported a European SKU which does have it (only North American variant is eSIM-only), would I expect seamless support in the US? E.g. would AppleCare just work?
So there's no level of security that will ever be enough for anyone. The number of people who know the source for the current version of every piece of software, firmware, and hardware they use almost certainly approaches 0.
I don't know what people expect. These moves are good things and everyone is whatabouting situations that there is 0 evidence has ever happened or would ever happen. It's unfalsifiable, impractical, and honestly just annoying.