The rub, in critics’ eyes, is that Apple previously had installed no functionality on devices that would give it access to user photos — under any circumstances. Now it has installed something that provides access under some circumstances, narrow as they are. Apple’s tool will touch only photos that are uploaded to iCloud, but uploading to iCloud is a default from which few deviate. That’s concerning mostly because of the risk of so-called scope creep. What happens if a government provides another list of hashes — say, of purported terrorist content or simply of material offensive to authorities — and demands that Apple load a counterpart onto clients’ phones? Plenty of providers less punctilious about privacy could also get the signal that scanning images on devices is permissible.