Unfortunately for Netscape, U.S. regulations prohibit the export of products incorporating strong cryptography. In order to distribute an international version of its browser overseas, Netscape had to weaken the encryption scheme to use keys of just 40 bits, leaving only a million million possible key values.
This comes up often, so just to reiterate. This law only ever affected American citizens. It's why products like PuTTy had warnings about not being allowed to use the product unless you were American, the developers were protecting their own asses. As a European (or Mexican, Australian, Japanese, etc) citizen you could obviously use the product without repercussions, the developer just had to make an effort to not make it accessible.
And, as mentioned by OP, these restrictions were greatly relaxed ages ago to only really affect DoD and US govt specific encryptions.
Interesting that if they had just grabbed microseconds at launch, kept it statically, and mixed that in with their seed, they would have made it far harder to guess. An even better choice would be to also time the microseconds of a few disk writes at launch or grab entropy from network latency, but even one simple timing value would have made these seed prediction attacks impractical at the time.
In 2000, the Clinton administration relaxed cryptography export rules, allowing the export of strong encryption (e.g. 128-bit) without special licences to most countries. https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...