100 zipped files on 2 CDs, password protected
Speculate no more:
the BBC have published some of the correspondence and emails:
It refers to a previous request which was sent in 100 zipped files on 2 CDs, and to send the password(s) in a separate email.
At this point you hope they used winzip v9 or later (with AES, or 7zip) and non-short password(s). Winzip v9 gives a max effective key length of 160 bits whether 128,192 or 256 bit AES key length is used (uses HMAC-SHA1, 1000 iterations, in a key derivation function -see RFC2898). Crack programs available will struggle with anything more than short password when faced with a zip encrypted using AES.
Unfortunately, it's more likely that Windows XP own built in zip was used which I think just uses the old (non AES, more easily cracked) Zip 2.0 compatible password protection.