But surely if they're doing this in anticipation of E2EE user data, that procedure becomes moot?

So either they have no intention to actually protect user data, or the system is trivially broken; either way a pretty damning look for Apple.

No, because the second hash is only performed after the first hash has already matched, and so, using the threshold secret sharing crypto, the server has learned the escrowed encryption key for the image. (Well, for its “visual derivative”, at any rate.)

So, Apple retains the ability to decrypt E2EE data? That’s… worse?

Only E2EE data that matches known CSAM hashes, and only when 30 matches have been found, and only the “visual derivative” of those images.

They couldn't possibly be using the "other perceptual hash algorithm commonly used for this stuff," PhotoDNA, could they?

I mean, hopefully not, but at this point, it's reasonable to call just about everything into question on the topic.

Their goal is to minimize false positives, so would not be in their best interest.

Which means all it takes now is one disillusioned Apple employee to leak the details of thay private hash function and the whole system is compromised.

One disillusioned employee that has access to the secret algorithm.