They wanted to enable #2 with the local CSAM scan. That way the authorities wouldn't have a reason to ask for cloud data to be decrypted. And Apple could lock it so that they couldn't de-encrypt it even if they wanted to.
Apple actively doesn't want to know your shit or analyse it on their servers. That's why they constantly do things on-device even if it's of worse quality than Google's approach of doing everything in the cloud.
Apple is a business and does indeed "want to know your shit" for many legitimate revenue-generating activities, such as growing their services business, a top priority for the company.
It seems to me a little bit suspect that they wanted to do clientside scanning as a prerequisite for e2ee, as if they simply would not be allowed to publish society-wide e2ee privacy software (without government/regulatory retaliation) without such a law enforcement backdoor. This screams of prior restraint and we should be loudly asking our legislators why the fuck the FBI is pressuring Apple about what software they do or do not publish.
Every day the US government takes more steps to erode our civil rights, even against the largest companies in the world. Someone needs to rein them in.
Apple actively doesn't want to know your shit or analyse it on their servers. That's why they constantly do things on-device even if it's of worse quality than Google's approach of doing everything in the cloud.