But this strongly suggests that the entire Apple/NCMEC initiative is a "suveillance-and-arrest" system first and foremost (preserving hash secrecy at the cost of user privacy), while the goal of "stop-known-CSAM-distribution-in-iCloud" (developing an in-house CSAM database at the cost of scanning effectiveness) being secondary.
This seems to come from the NCMEC, not from Apple. I remember another thread (can’t find the link) from someone explaining how difficult it was for them to get access to PhotoDNA and the relative hashes.
A criminal could load its image collection, one by one, and see which images are deleted. The result is a collection of images that are “FBI safe”.