If you're wondering, Section 3.2 defines the syntax and semantics of P3P policies. As for the five year mention, I think it should be 10. I'm not quite sure where Facebook got the year 2007 from, unless that's when it implemented its P3P policy (it also happens to be the year when Microsoft invested $240 million in Facebook). The World Wide Web Consortium (W3C) designed PP3 to give users more control of their personal information when browsing, and officially recommended it on April 16, 2002. Furthermore, P3P has been part of Internet Explorer since IE6, which was released on August 27, 2001.
By default, IE blocks cookies that have CPs deemed unsatisfactory from a privacy perspective (such as collecting anything identifiable). Facebook is essentially saying that it is completely aware of the bug in IE that allows them to use an invalid CP so that the browser does not block the social network's cookies. Since PP3 is outdated, Facebook is telling Microsoft to use something better. Until then, the social networking giant has no plans to change its practices.
I have contacted Facebook for further clarification and also reached out to Microsoft again in case Redmond has more to add regarding Menlo Park's stance.
Update at 9:15 AM PST: "We have had our current P3P policy in place for ~2 years, 2007 was the last time the P3P Project had any updates," a Facebook spokesperson said in a statement. Microsoft told me it is still looking into Facebook's response.
Update at 10:00 AM PST: Microsoft declined to comment.