[matthewdgreen]

I don't think that's very persuasive. Targeted compromise of iPhones is incredibly expensive, and relatively hard for mere criminals to access. If that's the only way for a bad actor to access your data, you've instantly taken everyone but the most wildly sophisticated (and wealthy) criminals and state actors off the table.

Meanwhile iCloud backups are available not only to sophisticated folks who can compromise Apple's servers, but also to anyone who can social-engineer a password recovery flow or bribe an Apple customer service agent.

Second, re: CSAM, the iCloud ADP system is focused on backing up your personal devices. It is not designed to share data with other users. So a criminal can have CSAM on their phone and simply turn off iCloud Backup (and thus be "invisible") or they can use ADP. The two things are equivalent, and both assume a sophisticated user. I'm sure there's some bizarre and painful scheme where you could use ADP to distribute CSAM to other folks, but there are many easier ways to do that. Once you grant the CSAM point, you're just saying it's necessary for all personal device data to be constantly available for search by the government. (And while I disagree with that opinion, it is an opinion and should be fully fleshed out.)