The Surveillance Machine That Couldn’t Win the Drug War
The United States has spent over $1 trillion on drug enforcement since President Nixon declared drugs “public enemy number one” in 1971. The annual budget for national drug control reached $44.5 billion in FY2025. Last year, 70,231 Americans died of drug overdoses — equivalent to a September 11th every nineteen days. Drug availability, per the DEA’s own National Drug Threat Assessment, sits near historic highs for cocaine, methamphetamine, and fentanyl.
Fifty years. One trillion dollars. Seventy thousand deaths annually. More drugs on the street than when the war started.
And the government’s answer is to surveil your crypto wallet.
This article is not a drug policy op-ed. It is a regulatory infrastructure risk assessment. Because the financial surveillance architecture built to fight cartels since 1971 Suspicious Activity Reports, FinCEN reporting mandates, FATF compliance standards, and now Travel Rule extensions into cryptocurrency is the same architecture now governing digital assets. If you are a CISO pricing compliance exposure, an M&A analyst running due diligence on a crypto-adjacent target, or a PE fund evaluating regulatory risk in a fintech acquisition, you need to understand what that infrastructure was built to do, what it actually accomplished, and what it costs when applied to a financial system it was never designed for.
What $1 Trillion Bought
The enforcement apparatus built around the War on Drugs is genuinely impressive in scope. The DEA. FinCEN. Customs and Border Protection. The Bank Secrecy Act of 1970. The Money Laundering Control Act of 1986. Four decades of FATF standard-setting. Hundreds of bilateral intelligence-sharing agreements. This is not a small operation — it is one of the most expensive and extensive law enforcement infrastructures ever assembled.
The classic economic indicators of a successful supply-reduction campaign are straightforward: decreased availability, rising prices, declining purity. After fifty years and a trillion dollars, the data runs in exactly the opposite direction.
The inflation-adjusted price of cocaine fell by over 80% between 1981 and 2009. As prices dropped, street-level purity increased. Per the International Drug Policy Consortium’s 2026 global assessment, which drew on UN data, the number of people using drugs worldwide has reached 316 million a 28% increase since 2016 alone.
The IDPC’s conclusion, delivered in the foreword by former Colombian President Juan Manuel Santos, was unambiguous: “Criminalisation and militarised strategies have utterly failed. They displace harms, enrich criminal networks, devastate communities and ecosystems, and undermine our hope for peace.”
That is not fringe commentary. Colombia is the country that bore the operational cost of Plan Colombia, aerial fumigation campaigns, and two decades of U.S.-backed interdiction. Santos governed that country. When he says the strategy failed, that assessment carries weight that domestic critics cannot.
The enforcement apparatus has been operating at full capacity. The market it was built to suppress has grown. The economic logic explains why.
The Balloon Effect: Why Enforcement Enriches the Most Dangerous Actors
There is a principle in illicit market economics called the risk premium. When enforcement intensifies, traffickers face greater risk of arrest, asset seizure, or violence. To compensate, they charge more. Higher prices do not reduce demand for substances with high addiction profiles they increase total spending by consumers who cannot substitute their way out. Meanwhile, enforcement selects for the most sophisticated, violent, and adaptive organizations. The organizations capable of absorbing enforcement pressure are the ones that survive and scale.
This dynamic produces what researchers call the balloon effect. Press on one part of the market, and it inflates somewhere else. When the U.S. pressured Colombian cocaine production through aerial fumigation in the 1990s, cultivation migrated to Peru and Bolivia. When the Caribbean trafficking routes were hardened, the Sinaloa cartel built ground routes through Mexico. When Mexico faced pressure, operations fractured into dozens of competing organizations each smaller and harder to disrupt, each more willing to use violence to hold territory.
The IDPC report specifically documents how punitive enforcement has contributed to the “displacement of illegal drug activities into remote and environmentally fragile regions, including Central America and the Amazon basin.” The market did not shrink. It found lower-cost operating environments.
This pattern is not unique to drugs. It is a property of any illicit market with inelastic demand and adaptive supply networks. And it is precisely the pattern that emerges when enforcement pressure is applied to financial privacy tools a point this series will return to in Part 3.
California’s Proposition 36: The Enforcement Playbook, Live
In November 2024, California voters passed Proposition 36, which enacted harsher penalties for minor drug and theft offenses. Proponents promised it would deliver treatment to keep people alive, off the streets, and out of the system.
One year later, the Judicial Council of California released the data.
In 2025, prosecutors filed 19,104 drug possession felonies under Proposition 36. Of those defendants, 2,853 roughly 15% entered any form of treatment. Fifty-seven completed it. That is 0.3% of cases producing the outcome the law was sold on. Meanwhile, more than 850 people were sentenced to prison on Proposition 36 charges in the same period.
The “treatment mandate” was, in practice, a prison mandate. The enforcement apparatus absorbed the budget. The public health outcome it was supposed to produce almost entirely did not materialize.
This is not an outlier. It is what supply-side enforcement consistently produces when the underlying demand drivers trauma, economic despair, untreated mental illness are not addressed.
Per Brendon Woods, Alameda County Public Defender: “We see people committing crimes of poverty stealing diapers, hygiene supplies, essentials and instead of trying to address the poverty, we’re sending people to prison.”
For the B2B readers who follow this publication: Proposition 36 is a microcosm of the compliance cost externalization problem. Resources were committed. Outcomes were promised. The enforcement apparatus captured the funding stream. The stated goal was not achieved. The same institutional dynamics operate in AML compliance at scale.
The Prevention Funding Gap: A Policy Choice, Not a Budget Constraint
The federal drug control budget for FY2025 was $44.5 billion. Federal spending on prevention of substance use and mental health disorders in 2024 was $4.57 billion roughly 10% of the enforcement total. SAMHSA received $1.557 billion of that. The CDC received $733 million. The remaining prevention spending was distributed across ACF, HRSA, and a handful of other agencies.
The National Academies of Sciences, Engineering, and Medicine calculated that providing evidence-based prevention services to all 73.2 million children in the United States would require approximately $16 billion annually. The current shortfall to simply maintain parity with inflation not to reach optimal prevention levels, just to keep pace is estimated at $1.8 billion.
The enforcement apparatus receives roughly ten times the funding of the prevention infrastructure. That is not a budget constraint. It is a prioritization decision, and it has been made consistently for five decades.
Per my experience working with corporate security and risk teams, this funding disparity has a direct analog in compliance program design. When the regulatory framework is built on enforcement logic reporting mandates, transaction monitoring, suspicious activity flags institutions allocate resources to compliance overhead rather than to the due diligence capabilities that would actually identify risk earlier. The money flows toward what the regulator measures, not necessarily toward what produces better outcomes.
The Settlement Money That Went to Tasers
There is a specific data point from the opioid settlement funds that illustrates how thoroughly the enforcement mindset has colonized even the funding streams designed for public health.
Pharmaceutical companies have committed over $50 billion in opioid settlement payments to be distributed over nearly two decades. This money was meant to combat addiction treatment, recovery services, harm reduction. A 2024 investigation tracked how governments have actually spent the funds.
The legitimate spending is real: $615 million to treatment programs, $279 million to overdose reversal medications like Narcan, $227 million to housing. Those are appropriate uses of a settlement built on the deaths of hundreds of thousands of people.
But the investigation also found night vision equipment, Tasers, gun silencers priced at approximately $12,000 each, mixed martial arts demonstrations, and 1950s-style sock hop events classified as prevention spending. Of the $2.7 billion spent or committed by the time of the investigation, approximately 20% was not directly trackable.
Dr. Stephen Loyd, an addiction medicine physician who served as an expert in the opioid lawsuits and who is himself a former opioid addict, put it directly: “People died for this money. Families were torn apart for this money. And to not spend it to try to make our system better, so that people don’t have to experience those losses going forward, to me, is unconscionable.”
In my opinion, this is the clearest evidence that the enforcement apparatus is not a tool that responds to policy direction it is an institution that captures resources and converts them to its own operational logic. That dynamic matters when the same institutional architecture is extended into new domains.
The Surveillance Infrastructure and Its New Target
The financial surveillance system built around the War on Drugs followed a consistent design logic: require institutions to report suspicious activity, aggregate those reports into investigative databases, and use the data to identify criminal networks. The Bank Secrecy Act established this framework in 1970. Suspicious Activity Reports became mandatory in 1996. FinCEN grew into a central intelligence hub. FATF set international standards that now bind over 200 jurisdictions.
The volume of this infrastructure is worth appreciating. In 2025, U.S. financial institutions filed over 4.1 million SARs an 8% year-over-year increase. Bank and credit union filings alone exceeded 2.19 million, up 7.7%. Cyber-related SARs jumped 30% year-over-year, reaching approximately 47,300 filings. The top filing category at banks shifted to “Suspicion Concerning Source of Funds” — a category that will be familiar to anyone running compliance on crypto-adjacent transactions.
The compliance cost of maintaining this infrastructure is substantial and growing. PwC’s EMEA AML survey put regional AML/CFT spend at approximately $85 billion in 2023, with compliance consuming roughly 19% of revenue for some institutions. False positive rates in traditional transaction monitoring systems run above 90% — meaning that for every genuine suspicious activity flag, more than nine alerts require manual review and clearance. TD Bank’s 2024 AML enforcement action resulted in a $3.1 billion penalty. Klarna paid $45 million. Nordea $35 million. Enforcement actions are increasingly targeting program design failures, not just individual violations.
Now this infrastructure is being applied to cryptocurrency. FATF’s 2019 Interpretive Note established the baseline. The 2021 update clarified VASP definitions and Travel Rule expectations. The 2025 update specifically flagged stablecoin risks and offshore VASP challenges, noting that only 3.8% of funds from the $1.46 billion ByBit hack have been recovered.
What FATF’s 2025 report also notes and this is the structural admission that matters is that enforcement pressure shifts illicit activity to newer vectors rather than eliminating it. The surveillance machine correctly identified stablecoins as the emerging risk. The stablecoin market responded by growing to over $200 billion in aggregate supply by March 2025, with illicit stablecoin flows jumping from 15% to 63% of all illicit on-chain transactions between 2023 and mid-2025. The displacement is working exactly as the balloon effect predicts.
What This Means for Due Diligence
Per my work on M&A and corporate security engagements, the compliance cost externalities of this surveillance architecture create specific, quantifiable risks that acquisition teams are frequently not pricing correctly.
AML compliance spend for crypto-native VASPs averages three to five times that of legacy financial institutions per dollar of transaction volume, despite lower proportional illicit exposure. PE and M&A teams report 15 to 30% longer due diligence cycles for crypto-adjacent targets. The SAR filing burden alone which requires dedicated compliance staff, legal review infrastructure, and case management systems functions as a fixed cost that scales poorly for mid-sized firms.
Three questions your due diligence process should answer for any crypto-adjacent acquisition target:
First, what is the target’s VASP tier and jurisdictional footprint? A firm operating through regulated exchanges in FATF-compliant jurisdictions with integrated chain analytics carries materially different compliance risk than one with offshore VASP relationships and limited transaction monitoring infrastructure. These are not equivalent regulatory profiles, and they should not be priced as such.
Second, what is the target’s SAR filing volume relative to its transaction volume? High SAR volumes relative to transaction size may indicate either robust compliance detection or defensive over-reporting a pattern institutions adopt to insulate themselves from regulatory risk at the cost of inflating false positive burdens. Distinguishing between the two requires workflow analysis, not just aggregate filing counts.
Third, is the target’s compliance program calibrated for displacement risk? As privacy-enhancing technologies face regulatory restriction under frameworks like the EU Anti-Money Laundering Regulation expected to take effect in 2027-2028 illicit capital will migrate to traditional channels: cash-intensive sectors, trade-based laundering, correspondent banking gaps. A compliance program that monitors crypto exposure but not secondary displacement vectors is not a complete program.
The Credibility Problem
In my opinion, the core issue here is not whether financial surveillance works as a concept. Blockchain analytics have demonstrated real investigative value. SAR data has contributed to major enforcement actions. The infrastructure is not worthless.
The issue is whether the enforcement logic that failed to suppress a physical commodity market one with visible supply chains, border crossings, and street-level distribution is well-suited to govern a borderless, digitally native financial system. The track record of the surveillance machine it produced is not reassuring. Fifty years of operation. A trillion dollars. Seventy thousand deaths in the most recent year for which full data is available. Drug availability near historic highs.
The regulatory apparatus built on that foundation is now writing the compliance rules your clients must follow for cryptocurrency. The institutions that couldn’t stop cartels from moving physical product across borders are scaling the same enforcement logic to an open public ledger where every transaction is permanently recorded.
That is worth understanding clearly before deciding how to price the compliance risk.
Red Dog Security provides AI-enhanced OSINT investigations for M&A due diligence, threat intelligence, and corporate security assessments. All research is conducted exclusively using publicly available sources in accordance with our documented Research Ethics & Methodology Policy. This article does not constitute legal or financial advice.
This is Part 1 of a three-part series on financial surveillance, privacy tools, and the enforcement architecture governing crypto. Part 2 examines the actual data on cryptocurrency money laundering versus traditional banking channels and what it means for how compliance programs should allocate resources. Part 3 examines privacy coins, mixers, and the regulatory playbook targeting them.