One of the few things that can make an industry demand more regulation is the alternative of "regulation by enforcement," in which regulatory agencies substitute enforcement actions for rulemaking. This crude, often arbitrary method of making policy without the hard work of crafting and enacting written rules can make formal regulation look attractive to the industry involved.

One such industry is cryptocurrency, where explosive innovation and growth have left the players appealing for the regulatory clarity and consistency that the feds have so far refused to provide.

This "uncertainty is on display in the Securities and Exchange Commission case against Ripple Labs" notes a recent Wall Street Journal editorial. The SEC's lawsuit, which has been called the cryptocurrency trial of the century, focuses on XRP, the popular cryptocurrency Ripple launched almost a decade ago. It alleges that Ripple's promotion and sale of, and continued involvement with, XRP make it a "security" that should have been registered with the SEC.

The SEC does not allege that any XRP investors were defrauded. Nonetheless, the agency seeks billions in penalties from Ripple and two of its executives, based on a very old legal framework of New Deal-era statutes and a 1946 Supreme Court test for determining what a security is. The SEC is attempting to stretch that framework to give it jurisdiction over a technological innovation that was never imagined by the lawmakers of that time.

It's a tortuous stretch because a security is an ownership share in a company or a right to share in its revenues. In contrast, XRP holders have no financial stake in Ripple and some have never even heard of the company.

The SEC has declared that Bitcoin and Ether, the two largest cryptocurrencies, are not securities, based to a large extent on both cryptocurrencies' supporting structure—a decentralized, open-source ledger (the "blockchain") distributed across a disparate network of computers around the globe. Because XRP has the same structure, it should follow that XRP is also not a security.

In fact, because XRP is built for utility—faster and cheaper international transactions—rather than investment, it is less like a security than Bitcoin and Ether in at least one respect.

"For more than eight years, the SEC allowed XRP … [to] evolve from a promising digital asset with superior functionality into the third-largest digital currency," notes John Deaton, who filed a motion to intervene in the SEC’s case on behalf of over 10,000 XRP holders. But then the SEC "alleged XRP itself to be an unregistered security and all of us who have traded it since 2013 have been engaged in unlawful trades."

That's what happens when agencies eschew clear rules and instead make backdoor policy by prosecuting conduct that was previously acceptable.

Unfortunately, this is common at the SEC, which is viewed as engaging in regulation by enforcement "with respect to some of the most important issues addressed by the SEC over the decades—insider trading, questionable foreign payments by public companies, and securities fraud," explain Professor James Park and Howard Park of the UCLA School of Law. Now the agency is using settlement agreements to establish when cryptocurrency is a security.

Two of the SEC's five commissioners, Hester Peirce and Elad Roisman, have spoken out about regulation by enforcement and recognize the many problems inherent in this practice. For one, it circumvents the Administrative Procedure Act and the notice and public participation the Act requires.

It also raises basic rule of law issues, allowing regulators to impose their personal policy preferences in a regulatory void and pick winners and losers with little consistency. Compare the SEC's treatment of Bitcoin and Ether to that of XRP. Rule of law concerns are particularly acute because enforcement actions are typically punitive.

"[T]he people we regulate should have the right to know what the rules are before being charged with breaking them," said Mick Mulvaney when he headed the Consumer Financial Protection Bureau. Fair notice is all the more important where, as with cryptocurrency, the unwritten rules concern which entities fall under the agency's jurisdiction in the first place.

Furthermore, "The use of enforcement actions to define prohibited conduct short-circuits debate over whether the conduct should be regulated at all," notes Paul Mahoney, a former law clerk to Supreme Court Justice Thurgood Marshall. Additionally, it can give the false appearance that vital issues—such as when cryptocurrency is a security—have been settled.

Finally, by selectively punishing newer players without enacting rules that would apply to all players, agencies confer an added and decidedly anticompetitive advantage on companies that were first to market. Again, think Bitcoin and Ether.

The uncertainty posed by the regulatory vacuum threatens the enormous, transformative potential of cryptocurrency and disadvantages this nation, to the benefit of China and our other rivals, in the competition for leadership of this global industry. At a minimum, the SEC should enact clear rules or just stay out of the way.

However, the best solution would be for Congress to enact a regulatory framework for cryptocurrency, which is too important to be left entirely to the less democratic process of agency rulemaking. Moreover, only legislation can provide a long-term solution that will survive changes in administrations and resolve the competition between the eight federal agencies claiming authority to regulate cryptocurrency.

Such bills have recently been introduced in Congress. Perhaps most promising is the bipartisan Token Taxonomy Act, which would explicitly exclude cryptocurrency from the definition of a security and preempt the inconsistent patchwork of state regulation that is springing up to fill the federal void.

At very least, these bills have sparked a debate about the contours of a regulatory framework for cryptocurrency. It is a vital discussion at a time when the industry needs clear and consistent rules of the road more than ever.