I've done some work in this area. seeĀ
http://coinvalidation.com/ it's currently shelved due to lack of legal and regulatory framework.
1. this should not be directly implemented on the protocol level. I believe its Jeff Garzik who once said "stolen bitcoins is a legal problem, not a technical one." Legal problems are not technical problems.
2. it is the responsibility of company and individuals to answer questions. example, stolen bitcoins gets send to address X, and address X is a payment address of company Y. it is company Y's responsibility to answer to corresponding agencies responsible. What actions comes out of that is yet to be determent.
other examples such as, you are using a wallet app, and sending bitcoin payments to a known malicious address. ( e.g. crypto-locker or other malware address that replaces the output address.), does the wallet app warn its users?
Again, while these are not technical problems, they will need answers eventually. I'll be happy to discuss further off this mailing list as it is off-topic.