Wouldn't the easy solution to this class of problems be to require some sort of physical device to be connected to your machine in order to access certain sets of data? Assuming the device itself couldn't be spoofed, wouldn't that solve this once and for all?