They planned to scan only the files that would end up in the cloud anyway.
iCloud off -> no local CSAM scan.
Local CSAM scan with multiple failsafes (+ actual person checking) + E2EE iCloud -> zero need to allow law enforcement access to iCloud servers. This would also mean that Apple cloud've encrypted them in such a way that even they can't access them.
