A log to secure TLS which clients typically obtain over a TLS connection and whose violations they report over a TLS connection. It's a circular dependency.

CT provides a guarantee like: "hopefully one of those devices will eventually connect to a non-compromised network and report the prior compromise". By observing the lack of such reports, we can be reasonably confident compromises of size N>millions are not happening, but it's difficult to reason about what compromises may be happening at small N.