Way too much still in terms of serious powers for the state to spy on its own people. Way too much in the way of bulk powers. Way too much in data retention - snooping on pretty much any data.
Comments to follow...
78(9) is still as wide scoped as before, but says "and this expression therefore includes, in particular, internet connection records." which does not help matters at all.
84(2) I see retention notices are still secret but can be disclosed with permission from secretary of state, which is some progress I guess.
225(1) slight improvement: “data” includes data which is not electronic data and any information (whether or not electronic),
217(4) Still has removal of protection (encryption) though now "applied by or on behalf of that operator to any communications or data" which is an improvement, and 217(3) and 218(4) relate to orders being "practicable" which is again an improvement. However, reading this, it could require an operator like Apple to change iMessage so that it is possible for them to remove encryption, or any hardware or software supplier in the UK or overseas. This leaves criminals able to encrypt but normal people that do not want that hassle unable to trust operators offering encrypted services.
218(7) looks a bit powerful
218(8) notices are secret but allow for permission to be given to disclose them, slight improvement.
Some people are working on something of a public diff from draft to proposed bill, and that will help comment further on this.
See a diff here https://github.com/StuBez/UK-Investigatory-Powers-Bill/compare/master...StuBez:final?diff=split&name=final&w=1
P.S. I appreciate that I have not said a lot here - there are many more issues, and I'll try and post something much more concrete on this so people have something on which to base letters to their MPs later.
P.P.S. Open Rights Group (as have many others) have done a good page: here. Please contact your MP.