I had this in mind too. But there's a problem -- if we have to depend on commercial manufacturers to build these things, how will we know if we can really trust them? ... Unless, of course, we can get the technology to build PCMCIA cards ourselves out of readily available parts...
There's an implied assumption in the above that "we" and "commercial manufacturers" are not the same people, and that if "we" could build the cards "ourselves", then "we" could trust them. But any of "us" builds PCMCIA cards and offers them to "us" for sale, they will have to satisfy "us" that "we" truly understand its level of security. Enough pronouns? The point is that we can't trust ourselves any more than faceless manufacturers. It's more likely the manufacturers won't make some bonehead mistake that renders the system easy to break. And, as dramatized in "Sneakers", even the best people can be pressured by the government if they or their loved ones are vulnerable. John Draper was proposing to manufacture rs232 random number generators -- would you buy a used random number from this man? If you could see its design, you might. If not, probably not. There's a tradition that security software has to be made available in source form because the customers insist on it. Let's continue this trend and make sure it applies to hardware, too. John