Senator Ron Wyden (D-Oregon) wrote a letter (1 mb PDF) today to the National Institute of Standards and Technology asking them to create guidance for government workers on how to securely share sensitive data,
As you know, it is a routine practice in the government, and indeed the private sector, to send by email password-protected .zip files containing sensitive documents. Many people incorrectly believe that password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools. This is because many of the software programs that create .zip files use a weak encryption algorithm by default. While secure methods to protect and share data exist and are freely available, many people do not know which software they should use.