Right, there are at least two workable solutions-
Hard drives with user alterable firmware. I surprised that none of the major drive manufacturers seems to have thought about offering a version of their controllers, for substantially more money, that offers this.
A retrofit device that screws into the side of the hard drive and is set to inject a corrosive that almost instantly destroys the drive surfaces. The device can be triggered by any number of intrusion detectors or a voice-activated system keyed to the operators voice print.
Maybe there is also a third solution: a FPGA sitting on the IDE bus between the disk and the controller (optionally as a PCI controller card), realtime-encrypting the data with something suitably strong, eg. AES256, with the key stored in a way that's easy to destroy it - most likely a self-contained tamper-resistant device that forgets the key under a range of conditions: if a wrong access code gets entered n times, if a door sensor detects forced entry, if a kill-switch is pressed, if a machine is moved without the correct movement-authorizing code is entered before, anything that fits the threat model. The key itself can be destroyed pyrotechically (burn, chip, burn), or just let a RAM forget it (where the RAM may be a battery-backed microcontroller system which shuffles the bits through a SRAM periodically in order to avoid problems with retention after power-off; the algorithm then can be chosen in the way that makes it more difficult to eavesdrop on the electromagnetical emissions and power consumption variations - a lot of this problematics is already solved by the secure-smartcards industry). Optionally, backup of the code is possible in many forms, if the desired safety/reliability requires recovery from accidental key erase. The key, being just 256 bits, may be stored in myriads ways, including a m-of-n scheme where the parts are stored in various places or under control of different people. Serial EEPROM chips could be suitable as containers, as they are easy to work with, small, easy to transport and hide; this requires a degree of security-by-obscurity, but the possibility to require m chips (or other containers) (which could be under control of other people, including offshore entities) could alleviate this to certain degree.