As usual, the answer is not "we can" or "we cannot" but very complex, and outside the realm of engineers in my opinion. Theft of private property, and money in particular, is of course wrong and illegal in most jurisdictions.
First, bitcoin is a global phenomenon. It is impossible to get 100% agreement on what coins are even considered stolen.
Second, Stolen coins are fundamentally a legal, not technical concept. That complicates the matter immensely. Anyone may track any bitcoin transaction via the public blockchain, but the easy part ends there.
Some exchanges and payment processors already refuse to credit payments made with coins from some well known, large thefts. This is done on an individual, business-by-business basis.
One key difficulty is defining a stolen coin. It is possible to claim that one's coins were stolen, yet possess the private key that spends those funds. Even if the victim is indeed an honest victim, the problem becomes one of reviewing and authenticating police reports from jurisdictions around the world, matching those up to bitcoin transactions, deciding on a technical disposition, executing that in software, and finally, gain the community's support to upgrade to your transaction blacklist.
It is not the place of engineers to sort through police reports, and pronounce judgements on each transaction as "good" or "evil". The act of centrally administering a transaction blacklist is a job no one in the bitcoin community wants. A transaction blacklist is fundamentally human-driven financial censorship, a concept almost antithetical to bitcoin itself.
Any one person or company administering a transaction blacklist exposes themselves to very real legal risks -- lawsuit if a blacklist mistake costs money -- as well as physical threats such as intimidation and blackmail.
At its most basic level, the bitcoin protocol destroys each coin, when it is spent, and creates brand new coins for the recipient. Example: sending 1.0 BTC to me might involve destroying coin #1111 (0.5 BTC) and coin #1112 (0.5 BTC), and creating coin #6789 (1.0 BTC). Thus, beyond a single transaction, you cannot say that a coin is 100% stolen.
From a technical standpoint, you can see that a coin is "related" to a stolen coin, but you cannot know how many innocent people lay in the chain after the theft. Thief Alice can give a coin to Bob, who doesn't know the coin is stolen. Bob sends the coin, along with some others, to Charlie. Charlie sends those coins, along with some others, to David. Bob, Charlie, and David are all unknowingly holding coins /related/ to a stolen coin, but from a technical standpoint, it is at that point impossible to say which coins should be blacklisted without making subjective, non-technical, human judgements. Businesses and exchanges receiving bitcoins are in the best position to know their customer, and make some sort of judgement about that.
The outside observer looking for stolen coins does not see an Alice, Bob, Charlie or David or any other identity information. Observers only see coins #1110, #1111 and #1112 being destroyed, and coins #2222 and #3333 being created.
Stolen coins are, by definition, sent to another bitcoin address outside the victim's control. There are no private keys to recover. The victim's private keys are rendered useless, because the thief's private key controls the stolen coins.
If a person simply loses their private keys, sometimes hard drive forensics may be able to recover the keys from a backup. Depends on what "lost" means. Keys are simply encrypted data, which may be recovered (or not) after a data disaster just like any other encrypted data.
Finally, and very important to economists, is http://en.wikipedia.org/wiki/