Consider an output that is involved with some kind of crime, like a theft or extortion. A "redlist" is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here's how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet.
I have previously elaborated on such a scheme in more detail here, along with a description of how you can avoid the redlist operator learning anything about the list's users, like who is looking up an output or who found a match.
Lately I was thinking about this in the context of CryptoLocker, which seems like it has the potential to seriously damage Bitcoin's reputation. The drug war is one thing - the politics of that are very complex. Extortion is something else entirely. At the moment apparently most people are paying the ransom with Green Dot MoneyPak, but it seems likely that future iterations will only accept Bitcoin.
Specifically, threads like this one concern me a lot. Summary: a little old lady was trying to buy bitcoins via the Canada ATM because she got a CryptoLocker infection. She has no clue what Bitcoin is beyond the fact that she needed some and didn't know what to do.
The risk/reward ratio for this kind of ransomware seems wildly out of proportion - Tor+Bitcoin together mean it takes huge effort to find the perpetrators and the difficulty of creating such a virus is very low. Also, the amount of money being made can be estimated from the block chain, and it's quite large. So it seems likely that even if law enforcement is able to take down the current CryptoLocker operation, more will appear in its place.
I don't have any particular opinion on what we should talk about. I'm aware of the arguments for and against such a scheme. I'm interested in new insights or thoughts. You can review the bitcointalk thread on decentralised crime fighting to get a feel for what has already been said.
I think this is a topic on which the Foundation should eventually arrive at a coherent policy for. Of course I know that won't be easy.