C3 would be decrypted incorrectly if INC was used for encryption. INC is not IND-CPA secure because an attacker could determine which of two messages M0 or M1 was encrypted by creating messages where the second block is the same in both and observing if the second ciphertext is also the same.