You need the CA to either have been cooperating with CT all along, or have kept a copy of all the certs it ever issued, neither of which an incompetent CA is likely to have done.
But Google did require them to use CT for all new certificates, which I think they are enforcing by assuming Symantec won't lie about the issuance date of new certs.
You may not be able to immediately spot a bad CA, but the more major CAs buy in to CT, the easier it is to spot fraudulent certs through fingerprint reporting. SSL clients can then choose to have a side-channel trust revocation mechanism. Once adoption snowballs, the overall level of trust in the system will rise.
The other problem is that CAs need to be regionally confined in which TLD CNs they can issue certs for.
There are some good arguments in both directions on that thread. I do happen to like the world in which, say, Let's Encrypt is capable of issuing for any TLD. If we don't think WoSign is good enough for signing .com, we probably shouldn't be exposing .cn users to those attacks, either.
I find the arguments from "it's wrong to recognize borders on the Internet" a bit naive, or impractical. The borders recognize us, and state-sponsored attacks will continue, and have very far-reaching implications. We need better tools to fight them, including this one.
I like the discussion in that thread about how to make the scheme reasonably flexible, though. Thanks for the link.
Symantec, whom one would expect to be one of the more competent CAs out there, cannot do this: https://security.googleblog.com/2015/10/sustaining-digital-c...
But Google did require them to use CT for all new certificates, which I think they are enforcing by assuming Symantec won't lie about the issuance date of new certs.